Diamond Member Pelican Press 0 Posted November 7 Diamond Member Share Posted November 7 This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Cloud MFA enforcement meets with approval The cyber security community has reacted positively to This is the hidden content, please Sign In or Sign Up ’s 4 November announcement that it will begin to enforce This is the hidden content, please Sign In or Sign Up (MFA) for millions of This is the hidden content, please Sign In or Sign Up Cloud users worldwide during 2025, with the move being described as a significant step forward in securing the wider digital ecosystem. The enhanced policies, announced earlier this week This is the hidden content, please Sign In or Sign Up , will see mandatory MFA rolled out to every user who currently signs in with just a password. “We will be implementing mandatory MFA for This is the hidden content, please Sign In or Sign Up Cloud in a phased approach that will roll out to all users worldwide during 2025. To ensure a smooth transition, This is the hidden content, please Sign In or Sign Up Cloud will provide advance notification to enterprises and users along the way to help plan MFA deployments,” said Upadhyay. “We’ve been strong advocates for our MFA system for over a decade, and we’re here to help you with this important security upgrade. At This is the hidden content, please Sign In or Sign Up , we understand that you need flexibility and control when implementing new security measures. That’s why we’re rolling out mandatory MFA in phases,” he added. The first phase, beginning this month, will see This is the hidden content, please Sign In or Sign Up begin to target unprotected users with more reminders and information on MFA in their This is the hidden content, please Sign In or Sign Up Cloud Console, specifically targeting the 30% of service users not already enrolled. This guidance will push organisations towards raising awareness and planning for MFA, as well as providing advice on testing processes and enablement. From early 2025, This is the hidden content, please Sign In or Sign Up will begin to require MFA for all new and existing users who sign in with a password, with notifications and guidance on this appearing throughout the This is the hidden content, please Sign In or Sign Up Cloud Console, Firebase Console, gCloud, and other platforms. Those that wish to continue to use these tools will have no option but to enrol in MFA at this time. Finally, by this time next year, MFA requirements will have been extended to all users who federate authentication into This is the hidden content, please Sign In or Sign Up Cloud. There will be a number of options available to meet this requirement – organisations may choose to enable MFA with their primary identity provider prior to accessing This is the hidden content, please Sign In or Sign Up Cloud, and work is ongoing to ensure there are standards and procedures in place to make this easier. Or users may wish to add extra layers of MFA through their This is the hidden content, please Sign In or Sign Up accounts, if they prefer to use This is the hidden content, please Sign In or Sign Up ’s own system. Mandatory MFA already successful for others Introducing mandatory MFA for cloud services is very much an idea whose time has come, and This is the hidden content, please Sign In or Sign Up is not the only cloud giant to be making such moves – earlier in 2024, This is the hidden content, please Sign In or Sign Up in the wake of a number of high-profile cyber attacks involving its users, and it has been in force across Azure since the beginning of October. Meanwhile, open source community giant GitHub, which brought in compulsory MFA for select developers and projects in 2023, said it has seen an opt-in rate of 95% across code contributors who received the MFA requirement, and a 54% uplift in MFA adoption among all active contributors to projects that it hosts. Mike Britton, CIO at This is the hidden content, please Sign In or Sign Up , said This is the hidden content, please Sign In or Sign Up ’s move was long overdue: “[MFA] is a foundational security service that should be 100% mandatory for all software and platform providers – especially for email, which continues to be the primary vector through which threat actors are launching advanced attacks. “I believe that software vendors should provide MFA – and other core security services like SSO – to their customers as part of their standard baseline offering. We shouldn’t be monetising basic security capabilities and features in our product unless those features are cost prohibitive to provide without additional subscription fees, which is often not the case.” Patrick Tiquet, vice-president of security and compliance at This is the hidden content, please Sign In or Sign Up , added: “ This is the hidden content, please Sign In or Sign Up ’s phased roll-out eases users into the new requirement, as MFA can be met with resistance due to perceived friction in user experience, especially when implemented abruptly. “The multi-step plan, starting with console reminders and advancing to full enforcement, prioritises user adoption and minimises operational disruption with gradual transition to ease users into MFA – paving the way for smoother implementation and stronger compliance. “However, organisations using This is the hidden content, please Sign In or Sign Up Cloud will also need to plan for implementation within their workforce. Employee training about the importance of MFA will be critical and tools like a password manager can facilitate adoption by securely storing and filling MFA codes.” Anna Collard, senior vice-president of content strategy and evangelist at security training specialist This is the hidden content, please Sign In or Sign Up , also praised This is the hidden content, please Sign In or Sign Up ’s new policy, but said that MFA alone was no silver bullet. “Effective security relies on a layered defence approach that combines multiple strategies to protect assets and data. Not all MFA quality is equal either, for example phishing-resistant MFA, such as those enabled by FIDO are a much better option than text-based or push-based MFA,” she said. This is the hidden content, please Sign In or Sign Up # This is the hidden content, please Sign In or Sign Up #Cloud #MFA #enforcement #meets #approval This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Link to comment https://hopzone.eu/forums/topic/163064-google-cloud-mfa-enforcement-meets-with-approval/ Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now