Author: Madhav Sattanathan

Madhav Sattanathan stepped into the technology realm at a very young age and, having nurtured this passion for technology consistently and persistently, has emerged as a technology leader equipped with the skills and knowledge to provide the right solutions for business growth. A Finance degree from Purdue University and a wealth of experience across various industries have trained him to solve real-world business problems with practiced knowledge and intuitive vision. Madhav, with his penchant for innovation, resolved to combine his technology and business know-how to deliver high-quality products and services at low costs. Akku was his brainchild at a time when the cloud was quickly gaining ground, and control over cloud environments was an increasingly felt need. Akku has evolved considerably under Madhav's watch to become the enterprise-grade identity and access management platform it is today, with the genuine ability to go toe-to-toe with the biggest global names in the industry.

What is Zero Trust Security?

As organizations increasingly place their data and applications across multiple locations on the cloud, zero trust security is rapidly gaining ground as the network security model of choice among enterprises.

Zero Trust Security is a security model in which a user, irrespective of whether he/she is within or outside the network perimeter, requires an additional verification to get access into a network. There is no particular technology or software product associated with this security model. It simply requires an additional security layer to verify users. This could be anything from biometric verification like thumb-print scanning, or a digital signature verification. Of the two, biometric verification is preferable as it can neither be recreated nor hacked.

Traditionally, organizations have been using what is referred to as the castle-and-moat approach to network security. In this model, the network is the ‘castle’ which is protected by security solutions as a ‘moat’. With this approach, part-of-the-network users were blindly trusted and allowed to enter the castle. However, as companies grew, their data and applications grew with them and the need to split them and store them in multiples silos rose. It also became easier for hackers to gain entry into a “protected” network by accessing a single user’s credentials.

Instead of the castle-and-moat model, adopting the zero trust security model and adding an additional layer of security to a network has been shown to prevent instances of data breaches.

Principles behind zero trust security

1. Trust no one: The model assumes that all the users of the network are potential attackers and hence, no users or systems are to be automatically trusted.

2. Least-privilege access: The users are given access based on a need-to-use basis and nothing more. This can eliminate each user’s exposure to vulnerable parts of a network.

3. Microsegmentation: The entire network is split into segments, each with its own authentication process.

4. Multi-factor authentication: Access to the network requires additional evidence that the user is legitimate.

The network of an organization is its gold mine and most organizations are increasing their spend on network security. Implementing a zero trust security model can go a long way in protecting your network from breaches.

Akku from CloudNow is an intelligent security solution which helps you enforce a zero trust security policy. To know more about its features and how it can benefit your organization’s network security, get in touch with us now.

Password Managers can be Hacked. Now What?

On average, every person has 7.6 accounts – that’s a lot of user IDs and passwords for an individual! Remembering the user ID and password for all these accounts is obviously very cumbersome, and third party service providers have capitalized on this to provide password management services. A password manager is essentially a single repository for all your credentials. Two very popular password managers are LastPass and Dashlane. These are applications which will store your credentials in a “secure” database. However, they haven’t been spared by hackers, who breached their security to get access to thousands of user credentials.

Continue reading Password Managers can be Hacked. Now What?

Government Entities and their Move to the Cloud

Governments across the globe rely increasingly on technology today to serve their citizens better. But with the rapid evolution of technology, it is often a struggle for the different departments of government to keep up. This happens due to insufficient funds, security concerns or simply a lack of motivation to meticulously plan and implement the move.

Of these, security is the most critical consideration, since government agencies and departments are possibly the first line of defense against any cyber attack. This is especially true when it comes to government entities wanting to migrate their operations to the cloud.

Cloud Security Concerns

The United States of America has been one of the first few countries to understand the advantages and scalability that cloud computing offers and has already migrated over half of its government operations to the cloud. But what is holding back ALL governments from fully embracing the cloud? And what can be done about it?

When a cloud network is accessed remotely, the security measures kept in place at the end user’s system determines the security strength of the entire cloud network. This means that governments have to not only have iron-clad security for their data stored in the cloud but also ensure that individual devices which access the network have equally strong security protocols in place.

Solution 1: Identity and Access Management

One way to go about resolving the issue would be to decrease the complexity involved with cloud access and operations. Usually, when there are several applications hosted on the cloud, its users are required to remember several sets of credentials to access them. This leads to setting of simple passwords, which in turn leads to an easy to hack security. An Identity and Access Management or IAM solution can be deployed across the cloud network so that the users need to remember only a single set of credentials for all the applications they are authorized to use.

Another advantage of protecting your network with an IAM solution is that in case the device gets stolen or lost, it is easy to remotely delete an account, making it almost impossible for an outsider to enter your network.

Solution 2: Device and IP based Restriction

A security solution which comes with provisions for device and IP based restriction allows only access to a cloud network only from whitelisted devices and IP addresses. Any attempt to access the network from an IP address or a device that has not been explicitly whitelisted is simply rejected, and the admin of the network is notified. This serves to identify potential breach attempts, based on which improvements to cloud security measures may also be taken up.

Solution 3: Password Policy Enforcement

A cloud network’s security is only as strong as its weakest password. If a cloud network does not have a Single Sign-on solution in place, it means that every user has to remember as many passwords as the number of applications he/she is allowed to access in the cloud network. This means that for the ease of remembering the passwords, users tend to set weak and easy to hack passwords. Implementing a strong password policy will ensure that all the passwords used to access a cloud network comply with a specified minimum standard.

Cloud security solutions come in several architectures and platforms. But when it comes to critical data of a nation’s citizens, and the systems used to access that data, only the best solution is safe enough.

Akku from CloudNow is one such identity and access management solution which secures your cloud network from vulnerabilities and delivers on all the solutions described above. Get in touch with us to know more.

Secure and Efficient Certificate-Based Authentication

Security and privacy of user data are crucial for any organization and is also a major area of risk. So a Secure and Efficient Authentication (SEA) is very important.

How do you make authentication secure and efficient? Let me share some insights on how this can be achieved through certificate-based authentication…

In general, a certificate is a means of creating evidence. In the domain of identity and access management, a certificate creates evidence in the form of a digital signature to verify the identity of an individual, a company, or other entity, and associates that identity with a public key.

Like a driver’s license or passport, a certificate provides a generally recognized proof of a person’s identity. Certificates have one main purpose: to establish trust.

Authentication is the process that verifies that a user is who they say they are. So a certificate makes authentication more efficient because the identity cannot be changed.

By enabling the certificate-based authentication, it is possible to reliably evaluate the user’s right to access the requested resource.

How does it work?

First, the user enters their private password.
The client receives the private key, and creates an evidence – in this case, in the form of a certificate or digital signature.
Now, the client sends the evidence through a secured connection across the network.
The server uses the evidence to authenticate the user identity.
Finally, the server authorizes the evidence and allows access.

This brings us to the question of how to implement a certificate-based authentication in your organization.

Akku by CloudNow is a powerful and secure identity and access management solution that uses certificate-based authentication to control user identity and secure access to your environment. Learn more at www.akku.work

How an Identity and Access Management Solution Can Help Your Data Driven Business

Cloud technology has broken several operational barriers to make remote data access easy. It allows you to scale your business with minimal cost while securely holding business-critical data and applications. But with all these advantages comes a catch – managing personnel access for all the applications and files in your network has become increasingly cumbersome.

Why does your organization need an Identity and Access Management Solution?

Managing the credentials of all your employees across all the verticals of even a small to mid sized organization is time-consuming. It can drain the productivity of your company’s Human Resource and IT management teams. They are valuable resources who could otherwise focus on their core competencies to help you grow your business.

In addition to this, securing your network from breaches and other threats can be challenging with so many people accessing your cloud from various devices and locations. If your network is compromised, all your critical business data is compromised along with it.

This is where an Identity and Access Management (IAM) solution can come in handy. It allows you to seamlessly manage access while protecting your cloud network from breaches.

Building blocks of an IAM solution

A strong Single Sign-on (SSO) function is at the heart of an IAM solution. The first step in implementing an SSO is to determine and streamline the role of the identity provider (IdP). The IdP is responsible for bringing all the applications and data on your cloud network to a centralized platform. From this platform, access and identity services are managed through a customized Security Assertion Markup Language (SAML). When a high end, customizable SAML is integrated with your enterprise cloud network, it can result in a secure Single Sign-on solution.

With a cloud SSO setup, you can provide each member of your organization with single login credentials for any or all the applications in your cloud network. With your own powerful Identity Provider, you can redirect all access authentications to a safe and fast network. With this setup in place, it is possible to consolidate a single node in your network to control access to your entire organization’s cloud network.

Features of an IAM System

With an efficient Identity and Access Management system, you can accomplish so much more than just rudimentary monitoring of your cloud network. It will come with a well rounded set of features which allows you to control your cloud in a convenient platform. If your network is fitted with a powerful cloud IAM solution, it will automatically come with provisions in place to handle password standardization and multi-factor authentication frameworks.

Single Sign-on

Allocating a single set of credentials for your employees to access relevant data and applications is made easy by implementing an SSO solution for your cloud network. As the admin of your network, it also becomes simple for you to handle access operations in a single dashboard. In addition to this, if the need arises for a user to be removed, it can be done in a few short steps instead of removing access individually for all your applications. When all of this comes together seamlessly, it results in improved productivity across your organization.

Multi-factor Authentication

Sometimes, in spite of the password protection measures you have implemented to secure your cloud, you might feel the need to bring in an additional layer of security to protect all your critical business applications. When that need arises, a well structured IAM solution allows you to keep in place, a multi-factor authentication system. It ensures that your system is insulated against remote attacks and prevents unauthorized access from getting a foothold in your secure network. This will enable you to extract data from TOTPs, thumbprint scanners or even Yubikeys and verify the users accessing your cloud network.

Password Policy Enforcement

Another challenge faced while trying to secure a cloud network is the varying standards of all the passwords of all the users who access it. The difference in standards can make breaches easier to happen and there rises a need for standardization of all the password credentials issued to the users of your cloud. But with an IAM solution, you can set the minimum standard required to set a password. With an effective password policy enforcement, you can rest assured that all your critical data is protected irrespective of the number of service providers you are associated with. It consolidates all the applications on your network under a single identity and verifies that all the passwords required to access your network comply with PCI and ISO/IECt standards.

Securing your cloud with an effective Identity and Access Management solution can empower you to control identity and access across your cloud environment. In addition to this, an IAM solution helps you improve data security, privacy, standards compliance, and productivity.

What is an IAM ?

Identity and Access Management (or IAM) solutions – also known as Identity Management (IdM) solutions – form a critical component of an enterprise’s IT security. And when used with cloud-based applications, they form part of a powerful cloud security set up too.

In simple terms, an IAM helps to control which users can access what data, as well as from where and when this access is permitted.

So how does an IAM work?

In any Identity and Access Management solution, one of the core concepts at play is that of an Identity Provider (IdP). The IdP brings all of the enterprise’s cloud-based application on to a common platform from where identity information can be managed and authentication services provided through the use of a Security Assertion Markup Language (SAML).

Through this process, it becomes possible to establish a single point of control across all of an organization’s cloud applications, and to provide a single point of access to all users, in the form of a Single Sign-on (SSO) – one of the fundamental functionalities of an IAM.

What features do IAMs offer?

Most IAMs offer some or all of the following features:

Single Sign-on

Enables administrators to provide each user with a single login to access any or all of the local and cloud applications used by the organization.

Multi-factor Authentication

Provides a powerful additional layer of access protection through a TOTP or other methods.

Password Policy Enforcement

Enables enforcement of a custom password policy across the organization, to comply with statutory (or the company’s own) security standards.

Is Akku an Identity and Access Management solution?

Akku is indeed an IAM solution, but it’s also so much more. It brings to the table all the security and access restrictions that a standard Identity and Access Management solution has to offer, along with several additional features to boost security and productivity across your cloud environment:

1) IP- and Device-based Restriction
2) Personal Email Blocking
3) YouTube Filtering
4) Website Filtering

Do visit the main website for more information on Akku’s powerful value proposition, and to see how Akku can help you control your cloud.