1. Our ApproachOur Approach
  2. SolutionsSolutions
  3. nebulaONE®nebulaONE®
  4. InsightsInsights
  5. About UsAbout Us
  6. CareersCareers

120 Waterfront Street, 5th floorNational Harbor, MD 20745

Contact Us
All Insights
All Insights NewsBlogResults
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

When MFA Is Not Enough – 5 Easy and Essential Steps for Hardening Our Identities

by Katie Bates
by Katie Bates
April 24 2023 Blog

Sitting at the computer, brow furrowed, you try desperately to remember what you told that website your favorite sea animal was when you set up this account five years ago.  Somewhere in the back of your mind, an image emerges of a pair of otters holding hands.  “Otters,” you whisper, and you’re granted access to your account.

Every time you’ve needed to give your mother’s maiden name or try to recall the address of your childhood home to access an account, you’ve used multi-factor authentication (MFA).  MFAs generally require two or more pieces of information that help confirm your identity and may include:

  1. Something you know – like your password, your favorite sea animal, or your high school mascot
  2. Something you have – like a key, a physical USB security token, or your phone’s authentication app
  3. Something you are – like your fingerprint, face, voice, or other biometric

Including verifications from multiple categories makes it harder for someone to fraudulently gain control of your account.  Sounds easy, right?

In practice, however, it gets a little more complicated.  The sheer amount of personal data that can be bought and sold on the web makes it easier than ever for malicious actors to find, for example, your childhood address and breach these “something you know” security measures.  Brute force attacks that are able to rapidly guess randomly generated numbers make it easy to crack any 4-digit code your bank sends via SMS text message.  Artificial intelligence is even making it easier to impersonate someone’s voice to gain access to accounts that require voice-matching MFAs by manipulating publicly available video recordings.  Simply put, this generation of MFA technology isn’t going to protect you against modern hackers.

But, don’t worry.  There’s hope!  In a recent roundtable discussion at the Microsoft Secure conference, leading experts offered five ways to strengthen your security posture when it comes to verifying someone’s identity online.

  1. Harden Your Current MFA – Ensure that everyone who uses the system is required to complete multi-factor authentication. Retire weak MFA options like SMS and Voice in favor of passwordless, phising-resistent methods like Windows Hello facial recognition.
  2. Conditional Access – Leverage the power of Azure Active Directory (AD) to establish rules that govern access to the environment and restrict access requests coming from unknown or unverified locations, devices, or applications. And even when these conditions are met, require MFA.
  3. Privileged Identity Management – Not everyone needs to be an administrator, and even those that do rarely need to be an administrator forever. Privileged Identity Management (PIM) removes vulnerable carte blanche permissions by eliminating privilege-based standing access.  Instead of a one-time credentials token download, PIM would require all security tokens to be scrubbed from the device at the end of the session, ensuring that an unmonitored device cannot be hacked to gain that credential. Roles must be requested and approved by a third party with a business justification before that role is granted for a limited time.  Role- and time-bound access parameters help keep your log-in secure.
  4. Azure Active Directory Identity Protection – Enforce risk policies that can guard and automatically block a user for activities such as impossible travel, logging in via Tor Browser, or logging in from a suspicious IP address.
  5. Attack Simulation – At the end of the day, your environment is only as secure as the people who use it. By taking an active effort in educating your user base, you can help users understand their role in protecting data and identities; raise security awareness; and instill more conscious and cautious behavior when working with applications.  Phishing attack simulators, like those in Microsoft Defender for Office 365, allow you to send out would-be malicious requests and determine whether your team is responding appropriately.
Katie Bates
Author

Katie grew up in Alabama, where sweet tea flows freely and seasons are marked by their proximity to college football (Roll Tide). After graduating from a small liberal arts college, she moved to Washington, DC and balanced her life between restaurant management, freelance cocktail consulting, and finishing her Ph.D. at American University’s Behavior, Cognition, and Neuroscience program.  Central to her success in each of these arenas was (a) an ability to proactively prioritize and organize complex projects with many moving parts, (b) a detail-oriented focus on keeping everything on track, and (c) a commitment to seeing each project through to completion.  Katie has now brought these skills to Cloudforce as a Project Manager, where she works with clients to ensure that their needs are addressed on time and under budget, and with a result that exceeds expectations.  

Recommended for you.

Looking Back at 2025: A Year of Metamorphosis

Looking Back at 2025: A Year of Metamorphosis

When I sat down to think about all the things I could write about to sum up the year, it immediately felt overwhelming. So much has changed about our organization; the customers we serve, the product...

January 01 2026 Blog

Here is what our Customers are saying.

  • "Cloudforce brought the education with the technology and brings the heart along with the brains. It’s a phenomenal relationship."

    Rizwan Jan Chief Information Officer, CNA Corporation

  • "Cloudforce showed agility and a willingness to collaborate. They worked closely with us to shape a platform that supports how LBS learns, teaches and innovates"

    Nicos Savva Professor of Management Science and Operations, London Business School

  • "We had a very professional group of people to manage the implementation from start to finish. If we wanted to do this ourselves, it would have taken a year or more. To be able to move this forward in the time we did was absolutely amazing."

    Dr. Amir Dabirian Provost and Vice President for Academic Affairs, California State University, Fullerton

  • “One of the reasons this relationship still exists is because of the trust we have in Cloudforce, built over the last three years and specifically with this project. Cloudforce is helping us with our managed-services hours and making sure we stay within budget. Their assistance and support have been indispensable.”

    Brent Neel Vice President of IT Business Systems, Lamar Advertising

  • “There was an emphasis on listening to us and respecting our input, feedback, and questions. We were treated as the customer in every conversation and felt that we had someone looking out for our goals, someone completely impartial to external stakeholders and partners we work with.”

    Cheryl Zimmermann Vice President of Sales Operations, Lamar Advertising

  • "The thing we like most about Cloudforce is that while we can continue to go back to them for help, we also have the ability to be autonomous because they trained us on how to use their platform. "

    Howard Miller Chief Information Officer, University of California, Los Angeles, Anderson School of Management 

  • “Your team takes on every roadblock and hurdle with knowledge, grace, grit, and determination. When it’s time to have a hard conversation, they don’t shy away from it – they tackle it head on, enabling our team to react appropriately to continue moving forward. I have supreme confidence in their skills and their ability to deliver, which is a nice feeling to have as the client. The team is truly a fantastic balance of Azure/cloud acumen, PM and consultancy ability, and soft skills – a dynamic combination. I’m grateful to work with your team. When I think of Cloudforce, I think of excellence.”

    Chase Nussbaum IT Program Manager, MITRE

  • "I have been so impressed with the security we have around everything from biometric scanning and multifactor authentication to device management. Cloudforce has been so valuable in making our presence in the cloud rock-solid secure, and that is worth its weight in gold."

    James Corrao Director IT, Anderson Equipment Company

  • "Many vendors are very sales focused; they are always trying to sell you something. I’ve never gotten that feeling from Cloudforce. They are willing to help even without the formal contractual relationship, and that is priceless."

    Dr. Rhonda Spells Vice President for Data Science, Innovation, and Effectiveness, PGCC

  • "We had activated some pieces of Microsoft Defender and thought we had leveraged its capabilities. But Cloudforce helped us fine-tune our use and improve the security on the student email system. The Cloudforce team was actively engaged with Microsoft and able to troubleshoot any issues that arose."

    Manuel Arrington Director of Network Infrastructure and Administration, PGCC

  • “I just want to first say thank you all for this landing zone engagement. This was super smooth and honestly beat my expectations not only with coming in under budget, but I've done a few dozen of these this was I think about the smoothest one that I've ever seen. It was comprehensive, you all were super efficient and knowledgeable and getting through the material, and I don't really know how it could have gone a whole lot better."

    Gregor Goodman Director & Chief Technology Officer, CNA

  • "This has been by far the best engagement I've had in a very many years. The way you've all managed it and done everything, we really appreciate just how well organized and well done it was. We're definitely looking forward to continuing to work with you on other projects."

    Brandon Hofmann Deputy Director, Cloud Solutions & Systems, CIO, CNA

Our Customers.

Your turn.

So enough about us, let’s talk about you! Submit this form and we’ll reach out to discuss how cloud solutions can make your business work faster, safer, and smarter.

    • This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    120 Waterfront Street, 5th floorNational Harbor, MD 20745 202.803.6500