Google mandates the use of multi-factor authentication (MFA) for all Google Cloud customers, which Google Cloud will remind those concerned about with prompts embedded in the console before the gradual transition starting early next year. In the course of 2025, the use of MFA will be globally mandatory, for the gradual transition, the service will notify companies and users in advance about installations.
Starting in early 2025, all Google Cloud users who currently only log in with a password will need to activate MFA – meaning they can only access their Google Cloud account with a secondary authentication mechanism, such as an authenticator app, or using a physical security key. By the end of the year, the requirement will be extended to customers who access Google Cloud through a third-party authenticator.
Modern SOC, cyber intelligence and sustainable IT protection (x)
Come to our meetup on November 18, where we will present the latest trends in IT security through real use cases.
The announcement reflects on several data protection incidents that have occurred in the recent period, so far in 2024, at least 1 billion records of customer data have been stolen. Change Healthcare, a healthcare giant owned by UnitedHealth, was involved in a data breach, from which, as a result of a ransomware attack, the health information of more than 100 million people was obtained by unauthorized persons with stolen credentials, which the use of MFA could have prevented.
Data of hundreds of customers, including Ticketmaster, was also leaked online from the data warehouse giant Snowflake, also due to the lack of multi-factor authentication. Although Snowflake made it mandatory for Snowflake administrators after the incident, it is still up to customers to enable the extra layer of protection.
The search firm’s announcement follows similar measures by rival cloud giants: AWS began phasing in mandatory MFA back in June, while Microsoft followed suit with Azure shortly thereafter. MFA is also a big advantage for users with traditional Google accounts, but it remains optional for the time being. According to the company, two-step verification (2SV) is already enabled for 70 percent of Google Accounts, and it only requires business customers to use it due to the higher risk.
Source: www.hwsw.hu
