SecureKloud CloudAuth, an advanced MFA (earlier referred as Two-Factor Authentication or simply 2FA) solution, is an added layer of security aligned on top of the existing username-password credentials during the authentication phase.
Aligned with Multi Factor Authentication best practices in the industry, CloudAuth implements additional layer of security for Enterprise applications and Amazon Web Services (AWS) Managed Services.
CloudAuth variants :
1. CloudAuth for Enterprise applications
Implements MFA for organization’s Enterprise applications (in-house web applications) hosted on Cloud/On-Premise environment.
Supported Authentication Factors :
- Google Authenticator
- SMS / Email OTP
- Facial Recognition
- Security Questions
- End user registers for MFA during the first login to Enterprise applications. Optionally, it supports registration of email and mobile number after successful OTP verification.
- Organizations choose admin users’ MFA information (email and mobile) to be pre-registered or be a part of regular user flow (during first login).
- Supports updation of user’s MFA details for self; provided, the user still possesses the registered authentication factor (i.e., existing email and mobile).
- Admin privileged with the rights to override/reset the MFA details for all Enterprise users.
- Optionally, update of MFA details is enforced by providing the answers for security questions.
2. CloudAuth for AWS Managed Services (AWS MFA)
Implements MFA for organization’s directory users accessing the AWS Managed Services. i.e., WorkMail, WorkSpaces, etc.
Supported Authentication Factor :
- Google Authenticator
- Apart from AWS Directory users, the CloudAuth application supports additional authentication factors (SMS/Email OTP, Facial Recognition, etc.) for protecting application users.
- Supports managing of the CloudAuth application users and AWS Directory users’ MFA settings from one integrated dashboard.
CloudAuth – Unique offerings and benefits
On top of the usual benefits that an enterprise can get from a typical MFA solution, CloudAuth additionally provides some unique offerings which stands as the primary USP of CloudAuth .
- Unconditionally PII compliant
Unlike the other multi factor authentication solutions in the market, CloudAuth doesn’t demand to share any PII (Personally Identifiable Information) data with CloudAuth.
- Choice of Authentication Factors
CloudAuth for Enterprise applications supports multiple authentication factors (Knowledge, Possession and Inherence factor). The choice of combinations of authentication factors is customizable as per the need of every organization.
- Multiple Authentication Factors Support
Enterprise CloudAuth is extensible in supporting more than one authentication factor for validating the authenticity of the user in case of business-critical applications (i.e., banking application).
- Hassle Free
Enterprise CloudAuth delivers a seamless one-click installation and hassle-free end user experience during MFA registration and validation phase.
- Reusable CloudAuth client
Supports reusability of CloudAuth client module for Enterprise CloudAuth to ensure successful integration with more than one Enterprise application running simultaneously within an organization.
- Highly Secure
Service layer and client layer transactions for Enterprise CloudAuth are extremely secure with the implementation of RSA asymmetric cryptography algorithm.The advanced obfuscation and unpatterned differential cryptographic techniques add a higher level of assurance in terms of security.
CloudAuth for Enterprise applications – Deployment Types :
CloudAuth offers multiple deployment types and an organization chooses the deployment as per their requirement.
1. Hybrid MFA-as-a-Service (Agent based model) :
An agent needs to be deployed on the client application server. This agent will run the CloudAuth client application and act as an intermediate gateway between the CloudAuth Server and the Enterprise application. This is a recommended solution for organizations who want a secure MFA solution.
2. Complete MFA-as-a-Service (Agentless model) :
A typical Service model where all the CloudAuth components and infrastructure are managed within the CloudAuth server. This is a recommended solution for organizations who want a hassle-free MFA solution.
Author Credits : Sadam Hussain Farmanudeen, Associate Consultant at SecureKloud, You can connect with him here for more information.