WatchGuard® Technologies recently unveiled AuthPoint – a cloud-based multi-factor authentication (MFA) solution designed for small and midsize businesses (SMBs). The view that MFA has always been out of reach for SMBs due to cost, complexity and management issues, is backed up by a new survey of IT managers and professionals conducted by independent market research firm CITE Research. The survey shows that 61 percent of respondents from companies with under 1,000 employees believe MFA services are reserved for large enterprises. In addition, 84 percent of surveyed IT managers would prefer technology solutions in place to enforce password best practices, rather than relying on password policies and training.

WatchGuard’s AuthPoint addresses these authentication concerns by eliminating the complex integration processes, considerable up-front expenses and burdensome, on-premises management requirements.

“We know that a massive portion of data breaches involve lost credentials and since cyber criminals target organisations of any size, MFA is now a prerequisite for all businesses,” said Alex Cagnoni, director of Authentication at WatchGuard. “In the absence of MFA, cyber criminals can utilise a variety of techniques to acquire usernames and passwords, such as spear phishing, social engineering and buying stolen credentials on the dark web, to gain network access and then steal valuable company and customer data. With AuthPoint, we’re breaking down longstanding barriers between SMBs and MFA adoption with a solution that is affordable, easy to deploy and vastly scalable – all of which is made possible by WatchGuard’s cloud-based approach to authentication.”

WatchGuard’s AuthPoint solution is a cloud service that can be deployed and managed from any location without the need for expensive hardware components. The service relies on WatchGuard’s AuthPoint app to facilitate user authentication. As the most effective and accessible MFA solution for SMBs, AuthPoint’s key features include:

  • AuthPoint App – Once downloaded and activated on a smartphone, WatchGuard’s AuthPoint app enables users to view and manage any login attempts – by way of push notifications, one-time passwords or QR code entries for those in offline scenarios. Additionally, the app is equipped to store third-party authenticators such as Google Authenticator, Facebook access, Dropbox, and more.
  • Mobile Device DNA – WatchGuard uses an innovative approach to user authentication called Mobile Device Authentication DNA that distinguishes cloned login attempts from legitimate ones. The AuthPoint app creates personalised ‘DNA’ signatures for users’ devices and adds them to the authentication calculation. The result is that authentication messages not originating from a legitimate user’s phone will be rejected.
  • Cloud-based Management – As a cloud-based solution, the AuthPoint service comes with a convenient, intuitive interface for businesses to view reports and alerts and configure and manage deployments. Enabled from the cloud, AuthPoint requires no on-premises equipment, which cuts down on costly deployment and management activities.
  • Third-Party Integrations – WatchGuard’s ecosystem includes dozens of third-party integrations with AuthPoint. This allows companies to mandate that users undergo the authentication process before accessing sensitive cloud applications, VPNs and networks. Moreover, AuthPoint supports the SAML standard, allowing users to log on once to access a full range of applications and services.

“With the launch of AuthPoint, WatchGuard has extended its product portfolio with a vital security offering that is often overlooked by SMBs and has done so in a way that is easy for the channel to sell, deploy and manage,” said Rebecca Fernyhough, account manager at UK channel partner Epic Network Support. “AuthPoint’s cloud-based architecture means we can easily onboard new customers, allocate licenses, segment permissions and report on their activity from a single, easy-to-use interface. WatchGuard has built AuthPoint keeping both the success of its channel partners and the security of our customers in mind.”

KEY SURVEY FINDINGS:

Password security is still a major issue among companies with less than 1,000 employees:

  • Although most IT managers surveyed claim they provide some password training or policies to employees, 47 percent believe that employees still use weak passwords, 31 percent believe employees use network passwords for personal applications and 30 percent believe that employees share passwords.
  • 84 percent of surveyed IT managers would prefer technology solutions in place to enforce password best practices, rather than relying on password policies and training.
  • Nearly half of surveyed IT managers (47 percent) suspect that their employees use simple or weak passwords, while only 18 percent believe employees don’t engage in any risky information security behaviours.

These companies need an intuitive, cost-effective MFA solution:

  • Just over 61 percent of IT managers at companies with less than 1,000 employees believe MFA services are designed for companies larger than theirs.
  • Of companies that don’t currently use an MFA solution, their top reasons for not purchasing one are that MFA would be difficult to implement, maintain and support, and that it would be too expensive. Inter-organisational resistance to an MFA deployment was also a common concern.
  • 47 percent of companies currently using an MFA solution have implemented a version of SMS authentication methods, which are insecure and can be spoofed by a determined attacker. Also, 38 percent of companies using an MFA solution have hardware tokens, which are hard to manage, and can be lost or stolen.

To learn more, visit WatchGuard.com. Also, visit their InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org.