Microsoft plans to require multi-factor authentication for Cloud Solution Providers (CSPs) due to an increase in phishing and malware attacks on these companies and the people they work with. Because CSPs typically have better pricing on software licenses, companies tend to do business with them, but in doing so they give access to all of their own institution’s files and emails. A partner can remove a CSP’s access, but many are unaware that it is even there to begin with.

Multi-factor authentication is a commonly used security method where at least two types of login credentials must be used. This approach provides and extra blanket of security against phishing and malware attacks.

For example, a student can log into their student portal at school to check grades, by being prompted to enter their username and password. Once these credentials are verified, they have the option of using an app to approve the login, receiving a telephone call or text message and entering a code, or entering a password given to them on a different device to login. Once done, the user has been verified and logged in securely. 

PCM Inc. is the sixth-largest CSP in the world, and a recent hack left many of their employees and customers to be cybersecurity victims. A lack of multi-factor authentication provided the perfect opportunity for hackers to breach the system, and that is precisely how it occurred. 

“To help safeguard customers and partners, we are introducing new mandatory security requirements for the partners participating in the Cloud Solution Provider (CSP) program, Control Panel Vendors, and Advisor partners,” said Microsoft in a statement provided to KrebsOnSecurity. 

Although this is already become standard in today’s cybersecurity climate, the application of these requirements should become more widespread throughout all industries, marking another step forward in the age of cybersecurity. 

Story via krebsonsecurity.com