Commenting on research claiming to show that 53pc of senior IT professionals in the public and private sector believe that cloud computing is too insecure for their business usage, SecurEnvoy says that this perception problem is almost certainly down to cumbersome security and authentication technologies.
According to Steve Watts, co-founder of the tokenless two factor authentication specialist, the problem with cloud computing is that the security mechanisms required to secure data as it flows into the cloud – and, perhaps more importantly, when it flows out from the cloud – are both cumbersome and difficult to change.
“Encryption technology is now relatively easy to deploy and maintain, but authenticating users tends to be viewed as dependant on a hardware token that must be carried around by the user. And no token invariably means no access. Add in the fact that solving problems takes a finite period of time, and the convenience of the cloud rapidly becomes an inconvenience,” he said.
“I think it speaks volumes that IT practitioners are concerned that governance and regulatory concerns are holding them back from storing their company data in a cloud environment, although it is interesting to see that 16pc are going down this cost-effective route with stringent contracts and solid service level agreements in place,” he said.
What many of these senior IT security professionals are almost certainly unaware of, he went on to say, is that tokenless 2FA – using a mobile phone as the authentication medium – is very easy to deploy, and even easier to use.
Tokenless 2FA, he says, turns any mobile phone – even a budget or legacy handset – into an authenticator, since it uses text message channels to confirm that the user is who they claim to be.
Furthermore, he adds, since most people tote their mobiles around with them everywhere – even around the home – they will almost never be in the situation of being unable to authenticate themselves using their mobile.
Watts explained that SecurEnvoy’s SecurAccess software – which supports tokenless 2FA using a mobile phone - integrates closely with Microsoft Active Directory, Novell E-Directory, Sun Directory Server and OpenLDAP technologies, making it very easy to install and deploy, and with no additional database being required.
"The bottom line here is that tokenless 2FA technology is every bit as secure as a hardware token-based system, but it is vastly more convenient to install and maintain. It is ideal for use with cloud and use,” he said.
"Factor in the additional advantage that the system can be changed on the fly if needed - which is something you cannot easily do a hardware token-based platform - and it's no wonder that we are finding businesses using our 2FA technology to secure their cloud logins,” he added.
“That’s why we were surprised to hear about the results of the Wisegate research results on cloud computing. Clearly the message about the advantages of tokenless 2FA technology still needs to get out.”