AWS ups security in WorkSpaces with multi-factor authentication

three blocks in front of falling binary code

AWS is beef up security of its WorkSpaces desktop-as-a-service (DaaS) offering by enabling support for multi-factor authentication. Users of the service can access the extra security at no extra cost.

The DaaS product was unveiled by Amazon earlier in the year as a cloud-based desktop service running Windows to enable access to Windows applications from various devices.

According to Jeff Barr, chief evangelist for AWS, WorkSpaces now offers multi-factor authentication using an on-premise Radius server.

"In plain English, your WorkSpaces users will now be able to authenticate themselves using the same mechanism that they already use for other forms of remote access to your organisation's resources," Barr wrote in a blog post.

He added that WorkSpaces users would log in by entering their Active Directory user name and password followed by an OTP (One-Time Passcode) supplied by a hardware or a software token.

Barr said the firm has verified its implementation against the Symantec VIP and Microsoft Radius Server products. It supports the PAP, CHAP, MS-CHAP1, and MS-CHAP2 protocols, along with Radius proxies.

"As a WorkSpaces administrator, you can configure this feature for your users by entering the connection information — IP addresses, shared secret, protocol, timeout, and retry count — for your RADIUS server fleet in the Directories section of the WorkSpaces console," said Barr.

Barr suggested that such security could be just the beginning for WorkSpaces and multi-factor authentication.

"As is the case with every part of AWS, we plan to enhance this feature over time. We expect to add support for additional authentication options such as smart cards and certificates,” he said.

Last month, AWS added some features to improve integration with on-premises Active Directory. This included the ability to search for and select the desired Organisational Unit from Active Directory as well as the use of separate domains for users and resources, improving security and manageability.

"You can also add a security group that is effective within the VPC associated with your WorkSpaces desktops; this allows you to control network access from WorkSpaces to other resources in your VPC and on-premises network," said Barr.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.