a man working on multiple devices in a cafe

As more workers opt to work off site with their own devices, security needs to be more robust without adding inconvenience. Source: Shutterstock

Google brings convenience without compromising on security

DATA is crucial to providing key insights to businesses. However, a misstep could lead to data and systems being compromised, which results in monetary and reputational losses.

With the increasing number of high profile cyberattacks in recent years, companies are beginning to realize the importance of cybersecurity.

However, current cybersecurity best practices are cumbersome, making it counterintuitive especially in an era where technology is supposed to bring efficiency.

Google’s new secure login for businesses, known as context-aware access, is attempting to give more flexibility to workers without compromising security.

Traditionally, access management systems employ a blanket approach. Most commonly, anyone signing in from an unrecognized device or network will be prompted for a two-factor authentication (2FA) code sent to a user’s phone.

For a while now, experts and analysts in the industry have highlighted the dangers of SMS based 2FA. Since the first known hack in 2014, criminals were directly targeting phone carriers or SIM cards to intercept the codes.

Other hacks include advanced versions of phishing attacks or hacking the servers containing the algorithm used to generate one-time pins (OTP).

There are many ways 2FA OTP can be compromised. Regardless of method, ultimately it leads to a data breach with further consequences. To add insult to injury, not only is 2FA hackable, it is a tedious way to verify your identity.

Google’s context-aware access uses location and timing data – such as the location of login, IP of the machine, time of day, etc. – to determine the context in which a user is accessing data. It allows system administrators for G-Suite businesses to set parameters that prevent unsanctioned third parties from accessing secure systems.

In a blog post, Jennifer Lin, Product Management Director for Google Cloud, wrote: “People increasingly want access to their business-critical apps on the devices that make the most sense for how they work.”

Google isn’t the only one looking at context-aware access. The industry as a whole has been talking about this as a theory as early as 2002. However, prior to Google, there were no players in the market who has successfully rolled this out for this level of mass adoption.

With an increasingly mobile workforce, users are no longer restricted to the networks within the vicinity of the office. Users are expecting to work anytime anywhere with whatever connections are available.

When IT doesn’t have full control over the networks or devices, providing the appropriate level of access for sensitive data is essential, to prevent any accidental breach of data.

Especially as BYOD (bring your own device) becomes more popular, securing all the endpoints becomes more crucial.

According to a survey by Frost & Sullivan and Samsung, 84 percent of companies allow employees to access corporate network with their own devices.

“The matter of BYOD and work from home has often raised security concerns for both large and medium business… procedures for dealing with rogue IT equipment, communication channels, and sensitive data handling need to be more than just set in place,” Bitdefender’s senior e-Threat analyst Liviu Arsene said in a post.

Google’s rollout of context-aware access capabilities will propel the industry forward,  to encourage more players in the industry to adopt better solutions. Existing 2FA systems hasn’t seen much innovation for years, and it’s frankly out of date.

As aptly described by Ian Pratt, co-founder and president of Bromium in a statement, “Security should be invisible, not an obstacle. But so much of today’s security technology inhibits productivity and hinders innovation.”

“The idea that business leaders are being forced to choose between productivity and security is frankly ridiculous. We need to do better as a community of security vendors,” he added.