<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=986590804759414&amp;ev=PageView&amp;noscript=1">
G Suite Admins Blog > G Suite Enterprise, Security and Governance

Cloud App Security - Is This the Key to Surviving 2019?

Male hand taking key glowing sign with fingersThe role of technology in businesses of all shapes and sizes is evolving. According to Klaus Schwab, we're entering the Fourth industrial revolution. That doesn't just mean new applications, collaboration solutions and innovations for the modern company. A new revolution also paves the way for unprecedented security concerns too.

For instance, in 2018, IDC revealed that at least half of all IT spending was likely to be based in the cloud going forward. Yet, while 84% of companies believe that traditional security solutions aren't equipped to handle the threats of a cloud environment, most businesses remain unprepared for the move to cloud.

In this new age of remote working, globalization and agility, modern corporations simply can't afford to ignore the importance of cloud app security.

There could be a simple way to address some of the major issues facing your employees in the year ahead. We may have found the key to surviving 2019.


2019 is a New Era for Cloud Security

Before we explore the potential solutions available for cloud app security, let's address some of the reasons why cyber security is changing in 2019. As mentioned above, part of the transformation has been caused by an alteration to the way that people work. In the modern workforce, more employees than ever before are performing business-oriented tasks on-the-go, from anywhere with an internet connection.

In other words, the workplace has become less of a physical location, and more of a carefully cultivate series of applications and tools that businesses can rely on to keep their teams as productive as possible wherever they are. This means that CIOs and app admins need to be more cautious than ever when addressing the vulnerabilities of the cloud. After all, 83% of enterprise workloads are predicted to be running in the cloud by the year 2020.

At the same time, new regulations and privacy legislation is appearing in the market all the time. 2018 saw the rise of things like PCI and GDPR for any business associated with an EU organisation. In 2019, companies will have the difficult task of ensuring that they stay ahead of the curve with modern technology while remaining compliant with the latest security requirements of new regulations.


New Options for Cloud App Security

So, how do mid-market enterprise companies maintain a competitive edge in an era where digital identity, privacy, and security are more important than ever before? The simple answer is to re-think your approach to cloud app security.

Working on the cloud allows organisations to be more flexible and reduce their overall IT cost. However, life on the cloud also presents new challenges for keeping your organisation secure and innovative at the same time. For instance, many businesses struggle with providing their employees with the right level of freedom to access the tools and services they need on-the-go. Around 80% of all security breaches in a report issued by Forrester were linked back to the use of privileged credentials.

While there are plenty of firewalls and encryption options available to update your approach to the cloud, one of the most popular solutions to handle the "access" part of cloud app security, is "U2F".

U2F is an open-authentication solution that allows internet users in almost any environment to access the crucial services that they need, with a single security key, and no need for any additional client software or drivers. Initially, the concept of U2F was created by Google and Yubico, with a vision to transform the market with the crypto key. Now, U2F has begun to make its mark on a number of services around the world, including Dropbox, Salesforce, Facebook, and even the UK government.

With a U2F option, user login information is exclusively bound to the origin environment, which means that only a real website can authenticate the key. If someone visits a fake site and attempts to access it with their key, then the authentication will fail, keeping employees protected from the constantly growing threat of phishing attacks.


The Benefits of U2F Support for Cloud App Security

When Google and Yubico came up with the initial concept of the U2F key, the idea was to provide businesses across the globe with increased security in a world where employees have to remember endless password and username combinations for countless tools and apps. As cloud app security grows to be more of a challenge, a U2F key provides companies with an additional layer of security, regardless of whether people are accessing social media, online file storage options or something else entirely.

What's more, the great thing about the U2F key is that it looks and operates in a way that's similar to a standard USB drive. This means that most employees will feel comfortable using their new tool, without businesses leaders having to put expensive strategies in place to drive adoption. Some of the biggest advantages of U2F security include:

  • Ease of Use: The U2F security keys available today from companies like Yubico, Google, and Nitrokey are designed to work on an out-of-the-box basis thanks to native support in browsers and platforms like Mozilla and Chrome. There's no need for IT teams to waste time installing information from drivers or discs.

  • High-strength security: U2F security keys are an extension on the popular two-factor authentication strategy used to improve the safety of your everyday business tools. U2F keys protect against everything from session hacking to phishing, malware attacks, and man-in-the-middle threats.

  • Privacy for the modern age: As consumers and employers alike become more concerned with protecting their identity in the digital age, U2F solutions allow users to manage their online identity depending on their needs. New pairs of keys are created for every online service a user accesses. This means that people aren't constantly sharing their secrets with service providers to get access to the latest application.

  • Cost efficient: Although U2F security keys are still relatively new, there are various high-quality companies on the market offering a range of solutions to choose from today. Additionally, the server software for back-end integration with these devices is usually free.

So, which are some of the best U2F keys available for cloud app security? Here are just some of the models that are leading the way for companies on their path to digital transformation.


Google's Titan Security Key

It's difficult to discuss the future of security in 2019 without referencing Google. As one of the leading companies in the world for privacy and security solutions, Google was partially responsible for the development of the first U2F strategy designed in conjunction with Yubico. Today, Google offers their own "Titan" security keys, which provide phishing-resistant two-factor authentication, created to protect IT admins and applications alike.

Titan security keys work out-of-the-box with a wide ecosystem of services and popular browsers, thanks to their adherence with the FIDO standard. You can use your keys to secure everything from Facebook accounts for crucial data shared on Dropbox. Additionally, the Titan security key is particularly well-suited to companies who already use Google accounts to strengthen their internal business strategy.

Google's Titan security key offers next-level security by verifying employee login data with a complicated physical handshake, instead of a standard static code. Additionally, Google claims that the production process they use for the Titan also makes the solution resistant to some of the most common supply chain attacks. The hardware chip includes firmware created by Google to maintain the integrity of the key and ensure that the device is never tampered with.

The Titan security keys are also built on an open ecosystem so that a single key can work with a wide range of personal and professional services. For those already immersed in the Google security environment, Titan security keys are compatible with Google's Advanced Protection Program.


The Nitrokey FIDO U2F

The Nitrokey is another of the best-known options for companies who want to enhance their security strategy with U2F devices. Currently, only around 7% of businesses say that they have good visibility over the critical data in their organization. In today's versatile cloud-based environment, true security depends on absolute application and device control.

With the Nitrokey device, companies can set their employees up with all the tools and business solutions they need to complete crucial daily tasks, without risking security. You start by configuring your Nitrokey with any necessary accounts, and from that point onwards, users can simply access their applications by pushing a button on their USB stick.

Like many of the evolving U2F solutions in the security environment for 2019, the Nitrokey is impressive thanks to its high-level security, versatility, and ease of use. There's no need for any additional driver installations or software, and configuration is simple. Both the hardware and the firmware, as well as any tools and libraries associated with the Nitrokey, are open-source and free to use so that companies can conduct their own independent security audits.

Additionally, unlike some of the competitors on the market today, Nitrokey comes with an easy-to-use standard compliant USB connector, so that you shouldn't have any connection issues inside or outside of the workplace. Because your keys are stored within an advanced crypto processor, you can finally protect your business operations from the threats of phishing and identity theft.


The Yubico YubiKey

Finally, Yubico is one of the best-known thought-leaders in the U2F space. Yubico worked alongside Google to create the initial U2F standard, responding to a world where 49% of databases weren't encrypted.

The YubiKey defends modern business owners and their employees against the growing threat of Phishing in the workplace - one of the primary methods that criminals use to steal credentials from employees. What's more, the YubiKey is built for resilient and sustainable performance. Not only is the hardware waterproof and crushproof, but there's no need for any network connectivity or battery to keep the device running.

By simplifying password and account control, YubiKey has the power to reduce IT support costs and upgrade multi-protocol support just in time for the new age of security in 2019. YubiKey even supports various methods of authentication at once, meaning that companies can use the same key across multiple applications and services. Simply integrate the system with your programs of choice, and you'll be ready to go.


With Microsoft and Google, Yubico changed the standard business approach to cloud app security as we knew it, transforming the complicated username and password protection strategy into something that any sized business can handle with ease. By providing a second layer of security through multi-factor authentication, Yubico has become a pioneer in business privacy and security control. After all, hackers might be able to steal a password that's entered in the wrong place online, but they'll have much more trouble taking a physical key that your employees keep with them.


Time to Upgrade Your Cloud App Security?

For years now, businesses from almost every environment have been looking for the best way to protect their growing digital environment from threats like phishing and password theft. As the world as we know it moves deeper into the cloud, U2F has emerged as one of the best options for organizations that rely on cloud app security to keep their ventures running smoothly.

Phishing attacks can pop up at any time within a company, during disasters, tax season, and even as part of a greater plan to convince everyday people to share their information on carefully-designed imposter websites. Physical security keys like those offered by Nitrokey, Google, and Yubico provide a much-needed extra layer of protection in the phishing era.

Back in 2017, Google boasted about the fact that none of their employee base, packed with over 85,000 people had been exposed to attacks since the beginning of the year, and it all came down to the support of an early-stage security key. Now, that physical security key, designed with the help of Yubico, is available for the entire world to access.

Are you ready to update your security strategy with the key to better safety in 2019?