As cloud computing(opens in new tab) spreads itself worldwide, it is easy to imagine every organization will tap into this opportunity. At the same time, cloud computing brings a new angle to long-standing concerns around security and authentication of users. A few questions commonly asked in the Cloud Security arena are "How does one authenticate myself to a SaaS/PaaS vendor?" and "How does one prevent unauthorized third parties from accessing my information?"
Typically, one would use his/her username and password to authenticate to a cloud application service. While this may seem like two different factors, the username and password are 'what you know', not 'what you know and what you have’. This is a single-factor authentication system.
If a user of a cloud-based application doesn't manage their own username and passwords carefully, they may be guessed and/or found. Ask Sarah Palin how her email was obtained by a college student(opens in new tab).
NetSuite(opens in new tab) has a great tool to strengthen authentication in the cloud; hardware two-factor authentication. NetSuite Two-Factor Authentication(opens in new tab) (NetSuite 2FA) requires a physical token ('what you have') in addition to the standard username and password ('what you know').
Using NetSuite 2FA, a malicious individual would have to know my password ('what I know'), and be in physical possession of my token ('what I have') in order to authenticate as me. Automatically integrated into NetSuite, Netsuite 2FA enables secure two-factor authentication using a convenient hardware device small enough to attach as a keychain.
In some industries, such as banking, regulations require more than one factor of authentication. Two-factor authentication is a best practice for companies that want a strong security presence to protect their customer and financial data, even in industries or companies that are not subject to such requirements.