{"id":6130,"date":"2024-11-06T15:38:35","date_gmt":"2024-11-06T21:38:35","guid":{"rendered":"https:\/\/www.darkreading.com\/identity-access-management-security\/google-cloud-enforce-mfa-2025"},"modified":"2024-11-06T15:38:35","modified_gmt":"2024-11-06T21:38:35","slug":"google-cloud-to-enforce-mfa-on-accounts-in-2025","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/11\/06\/google-cloud-to-enforce-mfa-on-accounts-in-2025\/","title":{"rendered":"Google Cloud to Enforce MFA on Accounts in 2025"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt905b609b016d212b\/66c4712e4e0cbb42268d1eb1\/mfasecurity-geniusstudio-AdobeStock.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/google-cloud-to-enforce-mfa-on-accounts-in-2025.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/google-cloud-to-enforce-mfa-on-accounts-in-2025.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">In a bid to improve account security, Google will enforce mandatory multi-factor authentication for all Google Cloud users by the end of 2025. Currently, <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/static.googleusercontent.com\/media\/publicpolicy.google\/en\/\/resources\/google_commitment_secure_by_design_overview.pdf\" rel=\"noopener\">70% of Google users<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> have multi-factor authentication enabled.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">This requirement will apply to all Google Cloud users who currently use passwords for authentication and all new users but will not apply to general consumer Google accounts. The company will begin a phased implementation starting this month, with the plan to require MFA for all users who federate authentication into Google Cloud by the end of 2025.<\/span><\/p>\n<div data-component=\"basic-list\" class=\"BasicList BasicList_nestedLevel_0 BasicList_variant_unordered BasicList_limited\">\n<ul data-testid=\"basic-list-unordered\" class=\"BasicList-UnorderedList\">\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"8\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"11\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">In Phase 1, starting this month, Google Cloud administrators will receive information on how to prepare for the transition. Phase 1 will raise awareness and provide materials to help plan a rollout and conduct testing.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"10\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"15\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Phase 2, which will be in early 2025, will require all new users and existing Google Cloud users who use passwords for authentication, to enable MFA on their accounts. The notifications and guidance will be displayed in Google Cloud Console, Firebase Console, gCloud, and other platforms.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"8\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"11\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Phase 3, or end of 2025, will require users who federate authentication into Google Cloud to turn on MFA. Users can enable MFA with their primary identity provider before accessing Google Cloud \u2014 or add an extra layer of MFA through the Google account.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;Beginning this month, you&#8217;ll find helpful reminders and information in the Google Cloud console, including resources to help raise awareness, plan your rollout, conduct testing, and smoothly enable MFA for your users,&#8221; the company said.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">MFA adoption is one of the key recommendations in the Cybersecurity and Infrastructure Security Agency&#8217;s secure-by-design initiative and the shift to mandatory MFA is happening throughout the industry. In July, Snowflake introduced an option to allow administrators to enforce mandatory MFA for all users. Amazon started requiring <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/aws.amazon.com\/blogs\/security\/security-by-design-aws-to-enhance-mfa-requirements-in-2024\/\" rel=\"noopener\">mandatory MFA for Amazon Web Services<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> back in June, <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/announcing-mandatory-multi-factor-authentication-for-azure-sign-in\/\" rel=\"noopener\">Microsoft announced its rollout for Microsoft Azure<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> in August. In June, Amazon required customers signing into the AWS Management Console with the root user of an AWS Organizations management account to use MFA. Since then, mandatory MFA has been extended to standalone accounts outside of AWS Organizations.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Microsoft&#8217;s plan, similar to Google Cloud&#8217;s, also takes a phased approach. Phase 1 for Microsoft started last month, with MFA being required to sign in to Azure portal, Microsoft Entra admin center, and Intune admin center. Phase 2, also beginning in early 2024, will gradually enforce MFA for Azure CLI (command-line interface), Azure PowerShell, Azure mobile app, and infrastructure-as-code tools.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">While CISA has said that MFA means users are 99% less likely to be hacked, it is important to remember that MFA is not fool-proof.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;Mandatory MFA is necessary but not sufficient for enterprise security. This is because MFA is not created equal and doesn&#8217;t offer the same level of security assurances,&#8221; says Jasson Casey CEO of Beyond Identity.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">MFA and two-factor authentication has been in use in some shape or form for more than 20 years, and attackers have had time to innovate against it, Kris Bondi, CEO and Co-Founder of Mimoto, said in an emailed statement. Threat actors are increasingly launching phishing operations which can bypass legacy MFA, which is why NIST and CISA have urged adopting phishing-resistant MFA.<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/identity-access-management-security\/google-cloud-enforce-mfa-2025\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a bid to improve account security, Google will enforce<\/p>\n","protected":false},"author":12,"featured_media":6131,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-6130","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/google-cloud-to-enforce-mfa-on-accounts-in-2025.jpg?fit=1300%2C731&ssl=1",1300,731,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/google-cloud-to-enforce-mfa-on-accounts-in-2025.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/google-cloud-to-enforce-mfa-on-accounts-in-2025.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/google-cloud-to-enforce-mfa-on-accounts-in-2025.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/google-cloud-to-enforce-mfa-on-accounts-in-2025.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/google-cloud-to-enforce-mfa-on-accounts-in-2025.jpg?fit=1300%2C731&ssl=1",1300,731,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/google-cloud-to-enforce-mfa-on-accounts-in-2025.jpg?fit=1300%2C731&ssl=1",1300,731,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/google-cloud-to-enforce-mfa-on-accounts-in-2025.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/google-cloud-to-enforce-mfa-on-accounts-in-2025.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/google-cloud-to-enforce-mfa-on-accounts-in-2025.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/google-cloud-to-enforce-mfa-on-accounts-in-2025.jpg?fit=1300%2C731&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6130","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6130"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6130\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/6131"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6130"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}