CISO Bulletin: Two Factor Authentication for any Storage using the Enterprise File Fabric™

With so many employees working from home, organizations are looking for ways to enhance the security of their data, often spread between on-premises and cloud data stores, without compromising employee productivity and to comply with cyber insurance policies that may be, being added or renewed.

For enterprises using the Enterprise File Fabric™ , activating Two Factor Authentication (2FA) is an easy way to enhance access security on resources such as remote SMB/file and Object Storage with minimum disruption for end users.

 

The File Fabric’s 2FA feature is managed by administrators from the Security tab of the Policies page.

multicloud 2FA

 

 

 

 

 

 

 

 

Here the administrator can select one of three different types of 2FA:

Email

When the Email option is selected, each time users want to log in to their File Fabric account they will have to provide a one-time password (OTP) that has been emailed to them using the address that is registered with their File Fabric account.  These OTPs are generated at the time the login is attempted and they cannot be reused. The Email option is the simplest of the three for users because it does not require them to do any setup.

Phrase

The Phrase option is similar in some ways to a second password.  Each user is responsible for establishing a phrase and saving it in the File Fabric and users can change their 2FA phrases whenever they choose.  2FA phrases differ, however, from conventional File Fabric passwords in two important ways:

      1. If a user forgets his password he can get a link to create a new password by clicking a button on the login screen.  This is a self service process.  If the user forgets the 2FA phrase he/she will have to ask the File Fabric administrator to intervene.  This gives the organization an extra degree of control over restoration of access.
      2. Many organizations have delegated File Fabric authentication to an enterprise authentication system such as Active Directory or LDAP or a SAML based system.  In the event that the enterprise authentication system is compromised, users’ passwords may no longer be secure.  Because the File Fabric’s 2FA phrases are not stored in the enterprise authentication system, users’ File Fabric accounts will remain secure in the event of such a breach.

Google Authenticator

Like the Email option, the Google Authenticator option also relies on OTPs. In this case though, users generate one time passwords themselves using an application provided by Google that runs on their mobile devices. When  this option has been selected by the administrator, users must use Google Authenticator, or other similar authenticators such as Microsoft’s authenticator, to capture a QR code from the File Fabric before they can log in for the first time.

Once 2FA has been activated for an account, the second factor must be provided on every login regardless of the File Fabric client application that is being used.  This includes the browser based File Manger, our Windows and Mac desktop tool sets, and the mobile client applications that are provided for iOS and Android phones and tablets.

Android File Fabric 2FA

The File Fabric’s two factor authentication system is available on all File Fabric editions, works across the 60+ storage solutions that the File Fabric supports, and is provided at no additional cost to all business customers.

Activating it is not only a simple way to improve protection of enterprise data it is also rapidly becoming a pre-requisite of cyber insurance policies particularly when employees are accessing remote storage where even VPN does not help.

We recommend that every organization that is managing sensitive information with the File Fabric take advantage of this simple yet powerful security feature.

Image by Darwin Laganzon from Pixabay

Facebooktwitterredditpinterestlinkedinmailby feather
The following two tabs change content below.
Dan is COO at Storage Made Easy. He has been working with the founders since the company was launched.