This analogy is from Craig Dore, Senior Technical Lead, RSA Australia and New Zealand.
According to Dore, when you throw what he calls ‘the keys to your castle’ into the cloud, the manner in which you access that information is important.
Some people still rely on 1970s password technology, which he points out is not only prey to malware and social engineering, but is also easy to get around.
Instead he advises organisations to shop around for stronger levels of authentication, that might include a person’s voice from their mobile phone or even their thumbprint.
Dore said, “One of the most surprising facts about the cloud is the type of organisations that have embraced it.
They can embrace it because they rely on fail-safe security products, as should everyone else.
As Craig sees it the risks involved centre around the lack of control and visibility of cloud users within each organisation.
He says, “A lot of organisations have their smaller divisions purchasing and then using cloud applications without the oversight—control and visibility—of the IT organisation. “
His view is that it’s important to investigate the use of third party products such as RSA’s Via to mitigate these risks.
“Most users look to convenience in terms of what they want to authenticate with,” he said. “For example, the random-number generating token has worked for almost 30 years.
“But lot of people are demanding to use their mobile phone as an authentication device, rather than a token they can lose or misplace.
“The downside is that their phone isn’t necessarily a stronger level of security, but it’s a more convenient one and organisations need to balance that decision between cost and security. “