Google Brings Two-Factor Security To Apps

Google has responded to business users’ fears about the security of cloud computing, by adding free two-factor verification to its Google Apps.

Until now, Google has provided password protection for user accounts on its Google Apps cloud-based application suite. Many organisations require higher security, and have added extra technology which provides a second factor, such as a token, alongside the password to verify a user’s identity.

Today, Google has announced a free “two-step authentication” scheme which makes a user’s mobile phone into a security check, so users have to know their password and have their phone to get in. After the user enters a password, a verification code is sent to the mobile phone via SMS or generated on an application for Android or BlackBerry phones, with iPhone support coming soon

Keeping your data safe

“This makes it much more likely that you’re the only one accessing your data,” said the Google announcement. “Even if someone has stolen your password, your account is still protected.”

The system will be easy to set up amd manage, says the Google release, and will not overly impede users’ access to their email. It is currently available for some editions of the paid-for versions of Google Apps, and will come to the Standard Edition in months to come.

The Google implementation is based on “an open standard” Google says, and the app will be open-sourced, which means it should be possible to integrate it with authentication technologies form other vendors in future, and user organisations will be able to customise the two-factor process.

Security in the cloud

Security has for a long time been a major concern for companies considering the cloud. Security breaches are often cited as reasons to avoid the cloud and many vendors have launched cloud security packages to reasure users.

Google has long argued that organisations’ data will actually be more secure if they embrace cloud computing, because remote access is a fact of life and will be implemented in less secure ways if companies try to avoid the cloud.

Google uses HTTPS, allows users to assess their password strength, and says that Google Apps was the first cloud messaging and collaboration service to gain US government security certification.

The two-step verification option is now available to administrators using Google Apps Premier, Education, and Government Editions, and can be activated from the Admin Control Panel now.

Questions to be answered about this include how this applies to mobile, where the mobile phone may be the same device as the one accessing the mail, and also whether this will be available to individual users of Google Mail and Google Docs