Posted by:
admin
15 years, 4 months ago
I think there are two markets for Google Apps for your domain. One is in education where you want to get the management of student accounts off your shoulders. The other is real companies that like the web, use the web and want to cloud-source their infrastructure. Twitter is clearly one of the latter and they recently realized the risks they were taking in doing so.
Managing IT assets is difficult to do securely while providing the access needed by today's workforce. I think that for most small companies, outsourcing certain IT assets results in a net gain in security and a net financial gain as well. The assumption here is that you want to minimize the cost of IT while providing the most services at the lowest cost without taking excessive risk.
So, then the question becomes, what do you keep in house? You're giving up control of the storage, control of the client, the transport, etc. You had better hang on to the keys to the kingdom. Keep in mind that the more connected/mobile/twitterish your employees are, the more likely they will be re-using their credentials on some hip web service. Password reuse is a fact of life. The only way around it is two-factor authentication. Luckily, your uber-connected workforce will all have iPhones and Blackberries on which to run software tokens.
For more on how to secure to Google Apps for Your Domain with two-factor authentication, please see the tutorial.
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)