When you have custom or legacy applications that don’t support standard authentication protocols, it can feel like you’re facing an impossible choice: Keep the apps you depend on, or keep your organization secure. Maybe you’d like to add another layer of security, such as multi-factor authentication, to make those on-premises apps more secure. But if the apps don’t support protocols like SAML or RADIUS, that’s a pretty tall order; by which I mean it will take a lot of very expensive development time and effort.
On the other hand, you can’t very well just leave custom and legacy apps secured by nothing more than a username-and-password combination. That’s putting your organization at tremendous risk, when you consider that 81 percent of hacking-related data breaches leverage stolen or weak passwords. Even if those apps are behind the firewall, all it takes one hacker with stolen credentials to break through, and the apps–and the valuable data they contain–become instantly vulnerable to a breach.
MFA-Firewall Integration: A Great Alternative to Two Bad Choices
So what’ll it be? Bite the bullet and undertake a development effort to manually add multi-factor authentication to legacy and custom apps? Or just stick with a credentials-based approach to security, and hope for the best?
If you go with the first alternative, be prepared to devote considerable resources to custom-code multi-factor authentication for apps that don’t natively support SAML or RADIUS authentication protocols. And be prepared to tolerate the trade-offs with business priorities that also require those resources.
If you go the other route, and stick with just a credentials-based approach, be prepared to accept being sorely unprepared for the fallout if a hacker attacks. And that’s not really a very big “if,” considering how common credentials-based attacks have become.
So much for the bad choices. What about that great alternative promised above?
Advantages of Integrating MFA with a Next-Generation Firewall
Instead of adding multi-factor authentication at the application level, where development time and costs can be prohibitive, consider doing it at the network level, through a next-generation firewall integration. This will allow the firewall to enforce multi-factor authentication, so user identity and access privileges can be confirmed beforeaccess is ever granted.
With the next-generation firewall acting as an authentication gateway, there’s no need to update the apps themselves with multi-factor authentication. And you not only improve app security, you also help support compliance with regulations that require implementation of controls to protect sensitive information. Given all the regulations that focus on protection of personal data these days, that’s not inconsequential.
Next time you catch yourself thinking there are no good choices for making legacy and custom apps more secure, consider a next-generation firewall with integrated multi-factor authentication capabilities. In a world of lesser evils, it’s a much more attractive alternative.
Learn more about using multi-factor authentication to transform secure access for today’s challenges in the RSA webinar series Access Transformation in Action, continuing through July 25 and available on demand after that date.
This is the last in a series of posts about transforming secure access in five key areas to address today’s changing access landscape. Visit the RSA website to learn more about multi-factor authentication to secure access from cloud to ground, and check out the RSA webinar series Access Transformation in Action.