Which primary security control should be used by all cloud accounts to defend against the widest range of attacks?

Multi-factor authentication (MFA) is considered the primary security control that should be utilized by all cloud accounts to defend against a broad spectrum of attacks. The reason MFA is effective lies in its layered approach to security, requiring users to present two or more verification factors to gain access to an account. This significantly reduces the risk of unauthorized access in case one factor, such as a password, is compromised.

In the context of cloud security, where accounts can be targeted through various means, including phishing, brute force, and credential stuffing attacks, MFA is a robust measure that ensures that even if a password is exposed, an attacker cannot easily gain access without the additional authentication factor that the legitimate user possesses, such as a mobile device for a one-time code or a fingerprint.

While logging and monitoring are essential for detecting and responding to security incidents, they are reactive measures rather than preventative. Perimeter security is also important but can be less effective in cloud environments, where the traditional concept of a perimeter is less relevant due to the nature of cloud services. Redundant infrastructure is about ensuring availability and resilience, rather than directly addressing security vulnerabilities.

Therefore, MFA stands out as a foundational and proactive control that strengthens account security against a wide range of potential attacks.