Amazon.com has not only become the largest online bookstore, but is also a multinational ecommerce company. The company has been spreading its reach like branches of a river while supplying goods to countries across the world. Amazon.com started off by profiting from being an online book brokering system and later offering many products. Amazon.com grew its business through online associates in the form of users.
When scaling a company by having users contributing to both ends of business, buying and selling, fraudulent and malicious activities become inevitable. Amazon did not become one of the largest ecommerce websites in the world by lacking in security though. In 2009, Amazon started to offer multi-factor authentication to protect its users against fraud. They now offer free identification through any mobile device or computer which can run a Time-Based One-Time Password application. They also offer paid multi-factor authentication through a third party proprietary authentication token from Gemalto which is supposed to offer higher security.
Free Amazon Multi-Factor Authentication
If you are able to run a time-based one-time password application on your smart phone, tablet or computer you can utilize the free AWS MFA process. Using this method, when you log into your account with your traditional username and password, a token will be delivered to the application. The token is a one-time password that is generated from an out-of-band network separate from the user's login network which reduces the chances of man in the middle attacks and makes the authentication process more secure.
Gemalto Multi-Factor Authentication
To increase security even further, Amazon's users may pay for service through Gemalto which offers a keyfob device for authentication. Amazon states Gemalto's third part proprietary token device offers better security than the free process. After the RSA hard token breaches, many people are skeptical about the proprietary OTP token's security.
Secure Cloud Computing
Amazon, like many companies, is run on a cloud of servers which allows remote access of data to many users at once. Amazon.com and its cloud network offer financial information to its publishers so they can track their earnings. A publisher's user account could display earnings and options for payment to the user. This is one of the reasons why the need for authentication security using a multi-factor process was necessary.
One of the most secure forms of protection for any company storing data on the cloud is by using an out-of-band, multi-factor authentication process which Amazon has implemented. This is especially true for ecommerce websites which may be storing financial data and personal information belonging to thousands of users. This added layer of security could be the very reason why the multinational electronic commerce corporation has not been present on recent data breach lists.
2011 was the year of data breaches and more companies are becoming like Amazon and are starting to utilize cloud computing. Will these companies follow suit to provide better protection and privacy to their users that are accessing information on the cloud or will there be a bigger data breach list containing more corporations in 2012? Companies utilizing the cloud to store and access information need to add additional layers of security to protect the information and the best way for them to do that is to utilize multi factor authentication.
Adam is a network security professional who believes out-of-band authentication is the most secure form of two factor authentication utilizing a one-time password. He writes to inform businesses about upcoming changes to government regulatory compliance and remote access security.
No comments:
Post a Comment