DATA PROTECTION

Beyond Immutability: Why Wasabi's Multi-User Authentication is Your Data's New Best Friend

October 23, 2024By Robert Callaghan

As data becomes increasingly vital to business operations, robust cloud storage security has never been more crucial. While immutability and Multi-Factor Authentication (MFA) have long been considered the gold standards in data protection, recent incidents have exposed a critical vulnerability in even the most secure systems: the human element. Enter Wasabi's groundbreaking Multi-User Authentication (MUA) feature, a game-changing addition to the cloud storage security landscape that protects your cloud storage account from malicious actors trying to delete your account. 

The evolving threat landscape 

Recent years have seen a growing trend in cloud storage breaches where malicious data encryption is combined with storage account deletions. This disturbing new trend is often perpetrated by insiders with legitimate access. Consider the 2021 incident where an employee of the Dallas Police Department deleted 22.5 terabytes of police data—a breach that could lead to expensive retrials and potential criminals being set free. Or the 2021 case where a disgruntled ex-employee of a New York bank deleted thousands of mortgage application files. These scenarios highlight a sobering truth: traditional security measures, while essential, are susceptible to human error or malicious acts.

The limitations of current security measures 

Immutability, using features such as Wasabi Object Lock, has been rightfully praised for preventing unauthorized data encryption, alteration, or deletion by bad actors. MFA adds another layer of protection by requiring multiple forms of identification. However, these measures fall short when the threat comes from within--from someone who possesses legitimate access credentials or has socially engineered their way past support staff. 

Wasabi Multi-User Authentication: the missing piece in cloud storage security 

Multi-User Authentication is a revolutionary new approach to account security, drawing inspiration from the two-key nuclear missile launch protocol. Just as two individuals must turn their keys simultaneously to authorize a missile launch, Multi-User Authentication requires multiple authorized individuals to confirm critical account actions, such as account or bucket deletion. 

Here's how it works: 

  1. Up to three security contacts are appointed for an account. These designated contacts must have a Wasabi account and have FA enabled 

  2. If a command is issued to delete an account or a bucket, these contacts must collectively confirm the action. 

  3. If even one designated individual declines the deletion command, the process is automatically canceled and an email notification of the failed attempt is sent to the account owner.

This system ensures that no single person – be it a hacker, a rogue employee, or an inattentive administrator – has sole authority to delete an entire account or a bucket and its associated data. 

Why Multi-User Authentication matters 

The importance of Multi-User Authentication becomes clear when we revisit the scenarios mentioned earlier. Had the affected companies been using Wasabi Hot Cloud Storage with Multi-User Authentication turned on:  

  1. The bad actor (or clueless employee) would have been unable to delete all that data. 

  2. The bank's ex-employee would have been thwarted in their attempt to delete critical mortgage application files. 

In both cases, the additional layer of human verification would have prevented catastrophic data loss and financial damage. 

Another layer in your comprehensive defense-in-depth strategy

While Multi-User Authentication is a powerful tool, it's most effective when integrated into a broader security strategy. Wasabi recommends the following steps to maximize your data protection

  1. Enable Multi-Factor Authentication (MFA) for all users. 

  2. Utilize immutability features, preferably with compliance as the default setting. 

  3. Implement strict user permission controls and never share Root account credentials. 

  4. Regularly update passwords across all accounts. 

  5. Enable Wasabi Multi-User Authentication for critical account actions. 

It's worth noting that Wasabi encrypts all data, both in flight and at rest, providing an additional layer of protection without requiring customer intervention. 

The Wasabi advantage 

Wasabi stands alone in offering this level of account security. No other major cloud storage provider has implemented a feature comparable to Multi-User Authentication, leaving a significant vulnerability in their security architecture. This unique offering positions Wasabi as a leader in cloud storage security, providing customers with unparalleled peace of mind. 

A call to action for enhanced security 

As ransomware attacks continue to rise and evolve, the importance of robust backup and security measures cannot be overstated. Look at the 2021 SolarWinds Supply Chain Attack or the MGM Casinos attack; these large-scale attacks highlight how social engineering combined with compromised credentials can provide unwanted access to seemingly secure systems.  

Multi-User Authentication can help prevent a single compromised account from causing widespread damage. By implementing this feature, organizations can: 

  1. Add an extra layer of defense against insider threats. 

  2. Protect against accidental or malicious account or bucket deletions. 

  3. Create a system of checks and balances for critical account actions. 

  4. Increase overall data security and provide peace of mind to stakeholders. 

Conclusion: elevating Your data security with Wasabi 

In today's digital landscape, data protection is not just about technology – it's about creating a comprehensive security ecosystem that accounts for human fallibility. Our Multi-User Authentication feature represents the next evolution in cloud storage security, addressing a critical, overlooked vulnerability.   

By enabling this unique feature Wasabi customers gain more than just an additional security feature; they gain the assurance that the most advanced account security system in the cloud storage industry is protecting their data. This safeguards against potential threats and demonstrates a commitment to data security that can enhance trust with clients and partners. 

Don't wait for a security incident to expose vulnerabilities in your data storage strategy. Take action today and explore how Multi-User Authentication can elevate your organization's data security to unprecedented levels. 

Related article

bank vault in the shape of a cloud
DATA PROTECTIONIt's Called a Vault For a Reason: Why CISOs Are Embracing Cloud Object Storage 

Most Recent

Beyond Data Protection: Why Cyber Resilience is the New Gold Standard

In this new era of cyberthreats, security experts are turning to an array of solutions combining prevention with preparation, response, and recovery.   

Reputation, ransom, and recovery: the true cost of a data breach

Explore the multifaceted financial costs and reputational damage data breaches cause, how organizations can mitigate their fallout, and how to architect the cyber resilience you need to thrive in today’s complex digital landscape. 

The big shift: media & entertainment's journey to cloud-first strategy and cost optimization

Digital storage could be the single most important technology decision an M&E company can make.

SUBSCRIBE

Storage Insights from the Storage Experts

Storage insights sent direct to your inbox every other week.

Subscribe