Using a cloud-based service like Box enables you to easily share and collaborate with business partners all over the world, without sending emails back and forth. However, while Box itself is very secure you’re still concerned about an outsider potentially hacking their way into your account, and exposing your corporate secrets. How do you continue to enjoy the benefits of cloud-based collaboration, without compromising security?

The answer is multi-factor authentication—using a 2^nd factor to verify that the person trying to access your Box account is who they say they are.

What options are available to you? There are three basic categories of multi-factor authentication you can deploy: biometrics, hard token or soft token.

Biometrics represents the gold standard for user identification, since it’s based on a unique, physical attribute of the individual person. But, which attribute should you rely on? The choices include fingerprint/handprint, iris, facial or voice scans.  While the technology has matured to the point where it’s very robust and delivers low false positive or negative rates, there are some issues to consider, such as cost, manageability and portability. The cost of the more sophisticated devices can be fairly high, in terms of acquisition, deployment and operations.  How much will it cost you to acquire and distribute your scanner of choice for each person who needs one, especially if they are highly mobile (like sales people) or remotely located? How will you retrieve them if they are lost or broken? In our use case above, where you’re interacting with non-employees, is it even practicable for you to acquire and manage devices for people who aren’t your employees?

A hardware token has similar problems. The expense of purchasing, distributing and managing tokens can be high, especially for a mobile population. They tend to be fairly inflexible, since they were originally designed for controlling access to enterprise networks and applications. In fact, if you intend to use your multi-factor authentication solution for more than one application, you may face a situation where you’ll need to acquire a token for each app that you want to protect.

The soft token approach, such as delivering a one-time password (OTP) via a mobile phone, on the other hand, not only provides a level of protection similar to the other approaches, it lets you do so with greater convenience and at a lower cost. A OTP, delivered via a secure, out-of-channel second factor, delivers a high level of assurance that the person holding the phone is also the same person attempting to log onto your cloud application. If your users—including non-employees—use a phone, you eliminate the cost and management overhead of acquiring and distributing tokens. All they need to do is go to a web site you designate, download an app (for those who use a smart phone, such as iPhone or Android), and register their number. If they only have a plain cell phone, they can retrieve the OTP via an SMS  text message, otherwise, they retrieve it via the app. If the user loses or changes their phone, all they have to do is go to the registration site and update their profile with a new phone number. If you no longer want that person to have access to your app, you simply delete their profile from your registration system, eliminating the phone’s authentication capability. Managing secure access for non-employees suddenly becomes easy and inexpensive.

Overall, using a soft token for multi-factor authentication provides a high level of assurance that only authorized people can access your sensitive cloud apps or data, without incurring high procurement or management costs.

Employees are going to leverage the cloud in ways that enable productivity, and they have the right to do so. Take collaborative file sharing for example. Gone are the days when you had to load a large file onto a USB drive to share with colleagues across the office, or customers around the world. Now, using services such as Box, employees can upload large presentations, video files, and virtually anything else to the cloud and simply share a link. With a broadband connection, this sharing is almost instant. While this may be a game-changer for employees, it also changes the security landscape.

With the freedom to upload just about anything to a file sharing site, obvious red flags arise. What about sensitive data? Can access to these files be controlled by more than just a simple username and password? These are valid questions that anyone in IT should be asking. In collaboration with Box, you can learn how Intel and McAfee address these issues, and enable secure collaborative file sharing that can be a game changer for employee productivity.

Join us on April 26 at 1:00 PM EDT to discover the lifecycle of secure collaborative file sharing, brought to you by Intel, McAfee, and Box. Visit the following link to register: http://software.intel.com/en-us/articles/collaboration-cloud-webinar/?partnerref=blogs_box_webinar 

Bonus: Qualified Attendees will receive a free enterprise trial account from Box!