Google Cloud Mandates Multi-Factor Authentication by 2025
By Staff Writer | Published: November 5, 2024 | Category: Technology
Google is mandating multi-factor authentication for Google Cloud customers, amid a backdrop of significant data breaches. This requirement aims to enhance security and combat increasing cyber threats.
Google Cloud has announced plans to make multi-factor authentication (MFA) mandatory for all customers starting from 2025. This decision aligns with rising cybersecurity threats and a notable uptick in significant data breaches, underscoring the importance of secure authentication methods.
The phased approach will begin this month with initial prompts and reminders integrated into the Google Cloud console to prepare users for the transition. Mayank Upadhyay, VP of Engineering at Google, emphasized the need for a structured rollout, ensuring that enterprises are notified adequately to facilitate their MFA deployments. By early 2025, all Google Cloud users will be required to activate MFA, adding an essential security layer to their accounts. This directive extends to federated users by the end of the year, requiring all users accessing Google Cloud resources via third-party authenticators to comply.
The urgency of this shift is amplified by an alarming number of data breaches in 2024, with over 1 billion records reported stolen, including high-profile incidents such as the Chang Healthcare ransomware attack affecting over 100 million individuals. Similar breaches have occurred at companies like Snowflake, which faced significant data leaks partly due to the absence of enforced MFA.
In recent months, competitors in the cloud space, including AWS and Microsoft, have also rolled out their own MFA requirements, highlighting a growing trend prioritizing cybersecurity across cloud platforms. While personal Google accounts can activate two-step verification (2SV) voluntarily, business accounts are now under mandatory guidelines due to the heightened risk associated with cloud environments.
Upadhyay remarked, "Given the sensitive nature of cloud deployments—and with phishing and stolen credentials remaining a top attack vector—we believe it’s time to require 2SV for all users of Google Cloud." This move signals a watershed moment for cloud security in an environment increasingly vulnerable to cyber attacks.