Google Cloud to Mandate Multifactor Authentication by 2025

Google is rolling out mandatory multifactor authentication (MFA) on all Google Cloud accounts to protect against phishing and data theft.

The new requirement will be implemented in phases throughout 2025, all Google Cloud users worldwide will be mandated to enable MFA for sign-on by year’s end.

This change will not apply to owners of Google’s general consumer accounts.

Google Cloud’s Mandiant found phishing and stolen credentials to be the top attack vectors affecting cloud environments. In a November 5 blog post, Google said the new measure is a response to this.

“The [US] Cybersecurity and Infrastructure Security Agency (CISA) found that MFA makes users 99% less likely to be hacked, a powerful reason to make the switch,” said the post.

The company also noted that 70% of Google users have already enabled MFA.

MFA Rollout in Three Phases

The firm said it wanted to ensure a smooth transition with a phased rollout which will include the following steps:

From November 2024 – Encourage MFA adoption with reminders and information in the Google Cloud console, including resources to help users plan the rollout, conduct testing and enable MFA
From early 2025 – MFA required for all new and existing Google Cloud users who sign in with a password
From the end of 2025 – Extending the MFA requirement to all users who federate authentication into Google Cloud

Google Cloud federated users will have flexible options to meet this third requirement.

“For example, you can enable MFA with your primary identity provider before accessing Google Cloud — we will be working closely with identity providers to ensure there are standards in place for a smooth hand-off. Alternatively, you can add an extra layer of MFA through your Google account if you prefer to use our system,” said Google.

Google introduced two-factor authentication in 2011 with its 2-Step Verification (2SV) feature and adopted the use of passkeys with its ‘Security Keys for Google Accounts’ scheme in 2014. The firm made passkeys the default sign-in option in 2023.

Read now: Interview – Andrew Shikiar on the Potential for a Passwordless Future

Source link

Google Cloud to Mandate Multifactor Authentication by 2025

MFA Rollout in Three Phases

Leave a Comment Cancel reply

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)

Related Post

MFA Rollout in Three Phases

Leave a Comment Cancel reply

VMWARE

Configuration Templates