Last year, I wrote about the IntraLinks vision for using enhanced two-factor authentication (2FA) to protect data in a SaaS-based environment. What I covered in that blog was used as a basis for designing a customized 2FA (or strong authentication) framework for the IntraLinks platform. The most important feature of the framework is the adaptability it offers to users for their security policy requirements. The idea is that people who own the data are more likely to understand its sensitivity and level of protection required than the people who design systems. On the other hand, system designers have the necessary technical skills to implement robust protection mechanisms. Our framework allows for the optimal ‘separation of duties’ — we implement the best of breed 2FA mechanisms, and our users apply those where and when they think it makes sense.

I recently sat down with the folks at VisibleGains and other members of our technology team to talk about our thoughts on structured team collaboration, as well as search and our partner Attivio. Mush Hakhinian also gives an interesting talk about security with two-factor authentication and our partner RSA, while Charlie Weiblen discusses performance enhancement and our partner Akamai.

Please click on the video below to watch.

It is my observation that businesses are ready to move more of their most sensitive information to the cloud. For that to happen - SaaS providers need to support strong security measures to protect the data. SaaS solves many problems for an IT manager, but at the same time introduces some issues of its own. I will focus on one major shortcoming that, if not addressed, will cripple the adoption of SaaS. Fortunately, that flaw can be fixed with some goodwill and foresight. I refer to widely adopted weak authentication mechanisms - customers are given only the good old email/password combination, except for online banking.