NTLM security implications

There are a number of security implications associated with the use of NTLM in the cloud service. These are discussed below.

The NTLM credentials are being passed across an unsecure Internet connection

NTLM is a secure protocol that does not carry the user’s password, but a cryptographic hash of the password. To authenticate a user by validating a password hash, a network service must know the user’s password. The cloud service is outside of the company network, and so does not know the user’s network password. For this reason, the cloud service can use NTLM only to identify users, not to authenticate them. This limitation helps to preserve the security of the user’s network passwords.

Transparent identification compared to basic authentication

Because NTLM does not require the user to actually authenticate with the cloud service by entering a password, one might argue that it is less secure than basic authentication. This is not the case. Most cloud service users save their usernames and passwords in their browsers and therefore, if someone wanted to surf the Internet as another user, they can do so if they can access that user’s PC. This is exactly the same situation as NTLM. To protect against this, in both cases, and with any product that provides web filtering, you should consider physical security and keyboard locking when users leave their desks to keep the network secure.