Skip links

How Google’s mandatory multi-factor authentication policy will impact UK businesses

Google is shaking things up with mandatory multi-factor authentication (MFA) for all Google Cloud users, set to roll out in phases and wrap up by the end of 2025. It’s a brilliant move to beef up account security, but let’s be honest—it’ll mean a few changes for UK businesses. So, what’s the deal?

If your business uses Google Cloud, you’ll need to get MFA enabled across all accounts. This might mean tweaking daily routines, updating security processes, and giving your team a quick crash course. Sure, MFA is a game-changer for security, but let’s not pretend there won’t be a few teething problems.

What’s the plan? Here’s Google’s timeline in plain English:

Phase 1: kicking things off in November 2024 The first phase is all about encouraging businesses to embrace MFA. Google will start popping up prompts in the Cloud console, dishing out handy guides, and running awareness campaigns. Think of it as the nudge phase—time to dip your toes in.

Phase 2: password logins need MFA by early 2025 By early 2025, if you’re logging into Google Cloud with a password, MFA will be non-negotiable. This applies to the Google Cloud Console, Firebase Console, and gCloud. Time to say goodbye to solo passwords!

Phase 3: federated users join the MFA party by late 2025 By the end of 2025, anyone logging in through another identity provider will also need MFA. Whether you set it up through your primary provider or add it to your Google account, MFA will be the rule of the land.

The challenges ahead Switching to MFA isn’t exactly plug-and-play. Here’s where you might hit a few speed bumps:

  • Costs and time: Updating old systems to support MFA can cost money and take time. Small businesses might feel the pinch more than others.

  • Employee grumbles: Let’s face it, nobody loves extra steps to log in. Some of your team might push back.

  • Tech headaches: Older devices or software might throw a tantrum.

  • Shared accounts: If your team shares logins, MFA might make things tricky.

  • Teething troubles: Like breaking in new shoes, it might take a while for everyone to adjust.

Why MFA is worth it Even with these hurdles, MFA is a no-brainer when it comes to security. 

“Passwords alone no longer cut it. MFA adds that extra layer of security to keep cyber threats at bay.” 

MFA requires a second step—like a code sent to your phone or a hardware key—making it a nightmare for hackers. They’ll need more than just your password to break in.

How to roll it out without the drama If Google’s MFA policy is giving you cold sweats, here’s how to stay cool:

  • Start now: Use Google’s tools to plan your approach. Begin with admins and high-risk accounts.

  • Fix shared accounts: Invest in password managers or tools like privileged access management (PAM) to simplify MFA for shared logins.

  • Train your team: A quick session on why MFA matters and how to use it can work wonders.

  • Test the waters: Run a trial to iron out issues before going all in.

  • Highlight the upsides: Show your team how MFA protects not just the business but their own data too.

Tackling shared account drama Shared accounts can be a pain with MFA, but they’re not impossible to manage. Here’s how:

  • Extra security: Even for shared accounts, MFA makes it tougher for hackers.

  • Accountability: Audit trails mean you’ll know who did what and when.

  • Easier user management: Adding or removing access becomes a breeze.

That said, handing out MFA tokens or verification codes for shared accounts can get messy. This is where password managers or PAM tools come to the rescue.

Final thoughts Google’s mandatory MFA policy is a big step for cloud security, and while it might seem like a hassle now, it’ll pay off in the long run. Start planning, involve your team, and make the most of the tools available to ensure a smooth transition. You’ve got this.

Need help with your MFA rollout? At Cloud & More, we make it simple, secure, and stress-free for SMEs. Drop us a line and let’s get you sorted.

Need help with your MFA rollout?

At Cloud & More, we make it simple, secure, and stress-free for SMEs. Drop us a line and let’s get you sorted.

Share the Post: