Businesses continue to unnecessarily leave critical data vulnerable by relying on passwords that are stored with the same cloud provider that is hosting the application, says SecureAuth Corporation, the leading provider of Identity Enforcement solutions. Most companies simply don't realize that they can safely keep their Gmail user credentials where they choose and take control of the Gmail authentication process away from Google.
Google announced today that computer hackers in China broke into the Gmail accounts of several hundred people, including senior government officials in the U.S. and political activists. In this latest incident, Google believes Chinese hackers tricked people into sharing their passwords in so-called "phishing" scams. This attack highlights the necessity for enterprises to take control of their user credentials and the authentication for all of their SaaS applications, including Gmail.
"Phishing attacks such as these can be easily mitigated with SAML and mutual authentication," stated Craig Lund, Co-founder and CEO, SecureAuth Corporation. Lund continues, "This type of incident is exactly why The U.S. General Services Administration (GSA) awarded a contract to us in March of this year to provide 2-factor authentication, single-sign-on (SSO), and IdM services for Gmail and other Google Apps. The implementation of our solution, SecureAuth IEP, enabled GSA to adopt Google Apps in a manner that is both secure and seamless for 18,000 end users worldwide. Bottom line, our solution mitigates the risk of a phishing attack for the GSA."
Unknown to many outside the identity community, Google allows enterprise customers to leverage the Security Access Markup Language (SAML) protocol to delegate the control of authentication. Once an organization has control of the authentication process, they can implement mutual authentication and eliminate the risk of a phishing attack.
SecureAuth IEP is a SAML-enabled and configurable Identity Enforcement platform that allows an enterprise to enforce identities and authentication to prevent unauthorized access without adversely impacting productivity. In addition, SecureAuth IEP isn't limited to Google or the SAML protocol which enables organizations to secure and simplify access to many different types of applications, both in the cloud and on-premise.
For more information about SecureAuth IEP visit our website at www.gosecureauth.com. For more technical information on security and the cloud, check out our blog, The "Cloud" is Secure - Just do it "Right".