Author: SatyaDev Addeppally

Satya Dev Addepally's work in the technology domain includes over 22 years of global experience in heading Business Transformation, Client Engagement, and Enterprise Managed Services projects. His work spans ERP, BFSI, Hospitality, Services, and Healthcare domains, to name a few. Satya began his career with FCS Software Solutions as a Software Developer, and milestones on his journey included long stints in Raqmiyat Technology as a Product Manager, and Nihilent Technologies as a Senior Technical Manager, before joining the CloudNow team in 2017. Applying his in-depth expertise across multiple tech stacks and frameworks, he has been able, he has been a guiding force behind the development of Akku Satya’s hands-on approach and constant thirst for knowledge provide inspiration to his team to always aim higher and go beyond the ordinary. His infectious enthusiasm and unwavering commitment to quality are the reasons he plays a pivotal role in the constant development of Akku.

Identity and Access Management for Social Engineering Attacks

When in action, a social engineering attack could look like an email received from a government organization or your own organization asking your employees to divulge their credentials. The basis of social engineering attacks is to induce fear or urgency in unsuspecting users and employees into handing over sensitive information. Over the years, these attacks have become more sophisticated –  even if you open a mail or message from a possible attacker, malware is immediately installed on your system.  Continue reading Identity and Access Management for Social Engineering Attacks

User Lifecycle Management made easy with Akku

The employee lifecycle is an HR model that identifies the different stages an employee goes through during his/her stint at an organization. Employee lifecycle management, therefore, involves the steps taken by HR in optimizing the flow of the cycle. Typically, the employee lifecycle involves the following stages: recruiting, onboarding, training and development, retention, and offboarding. 

In modern organizations, where the employee is also a user (of one or more applications), a similar user lifecycle begins at the onboarding stage and continues until the employee exits the organization.

When it comes to the efforts involved in the user lifecycle management, both the HR and the IT teams have roles to play. The process involves creating user accounts and user roles, assigning permissions, setting up custom restrictions, continually monitoring user activity, modifying user roles, keeping employees compliant, disseminating mandatory and relevant training material, and finally, removing access when they offboard.

Here’s how Akku can make user lifecycle management easy for you:

Onboarding

With Akku’s single sign-on admin dashboard, multiple user accounts to different applications can be created and assigned to a single set of credentials for the user, all in a few clicks. Through this dashboard, user roles and permissions can also be assigned easily, saving time and improving efficiency at the onboarding stage. 

With Akku for user lifecycle management, the organization can ensure user account provisioning on the employee’s very first day at the organization so that new employees can hit the ground running.

User Management & Usage Analytics

Akku provides administrators with granular control over user access to data and apps. When employees are promoted or moved internally within the organization to newer roles, it only takes minutes to reassign permissions to existing apps or add new apps into the employee’s kitty.

By checking a user’s real time access and use of each assigned application, Akku also helps to reassign permissions or remove accounts that may not be necessary for a particular user. Akku also allows IT to more easily conduct audits by keeping an audit trail in reports that specify when users were provided or revoked certain levels of access and who has assigned these permissions.

Compliance & Communication Management

Akku enables you to keep your users updated, well trained and compliant through effective communication with its Internal Communication feature. Through this feature, HR and IT administrators can share information and updates, either addressing them to all users within the organization or with specific departments alone. The same feature can also be used to disseminate training material to upskill and qualify users for a future-ready workforce.

Not only does Akku help in disseminating information and training material, it also allows for tracking user viewing and consumption of these communications.

Deprovisioning

During the course of an employee’s stay at the organization, he/she may have accessed and used different corporate applications. When the employee leaves the organization, it is critical to revoke access to all of those applications promptly. If this activity is missed, even for a single account in a single application, the organization is risking compromise and misuse of organizational data.

With Akku’s single sign-on dashboard offering a complete and comprehensive view of all accounts and applications accessed by a user, deprovisioning of access to all of them is only clicks away. 

Akku offers a comprehensive solution to corporate identity lifecycle management. To know more about the features and applications of Akku, get in touch with us today!

What is Continuous Authentication?

Technology users today are spoilt for choice when it comes to the types of devices and the variety of platforms through which they can stay connected to work and social groups. They can access their accounts from simply anywhere and at any time, as long as they can authenticate their identities.

However, the process of authentication as we know it has remained largely static – the user provides the system with their credentials at the time of access, the system matches it against its database of user data and provides the user access to the network on successfully validating their credentials.

Continuous authentication brings in a new approach to network security, and the reception it has received goes to show the importance companies attach to their security today. Continuous authentication can help your organization protect itself from ‘session imposters’ who try to take over sessions which are open even after the employee is done using them. It also helps you protect your network from credential stuffing attacks and phishing.

What is Continuous Authentication?

In continuous authentication, users are rated based on ‘authentication scores’ which aim to determine, based on user behavior, if the user is actually who he/she is claiming to be. With advanced algorithms which are fast becoming smart enough to understand human behavior, networks can essentially monitor user behavior to determine a user’s authenticity. 

For example, in a banking application, if the security solution detects an anomaly in user behavior, it can prompt a logout or request for additional information like fingerprint or password to ensure that the account is used only by the designated person.

Continuous authentication has become powerful enough to analyze information from the various sensors of smartphones and other devices to monitor the pressure on the keypad, the amount of time being spent on an application etc. 

With certain continuous authentication solutions, organizations can also assign restrictions based on tolerable risk by specifying the minimum confidence score and factors like a user’s location or time of the access request. 

When you implement a continuous authentication solution, think in terms of acceptable risk and context – certain applications in your network might need lower authentication scores than other, more critical, applications. 

While planning to deploy a continuous authentication system, it is also important to ensure that it is compatible with your existing security solution and covers all the areas of your organization’s network.

We understand that cybersecurity is becoming more fluid and security solutions are becoming more powerful and customizable. Akku’s DNS filtering and geolocation features can be used to score your users, and this information can be used to continuously authenticate them. To know more about how we can help you, get in touch with us now.

A How-to Guide to Privileged Identity Management

Privileged Identity Management (PIM) refers to the control and monitoring of access and activity involving privileged user identities within an organization. Privileged identities include those of superusers or super control users such as Chief Executive Officer (CEO), Chief Information Officer (CIO), Database Administrator (DBA), and other top management officials.

Usually, such accounts are given access to all applications and data within an organization, along with the highest levels of permissions. However, many times, such unlimited access has been the cause for data breaches. When an organization’s data is compromised from a privileged user or their account, it is known as Privilege Abuse or Privileged User Abuse. Continue reading A How-to Guide to Privileged Identity Management

What is advanced server access?

Advanced Server Access is a relatively new aspect of identity and access management system for the cloud. In fact, it fits better under the umbrella of privileged access management (PAM). PAM is built on top of IdPs and ADs, which are crucial for identity and access management for on-prem networks. By being used in conjunction with ADs, PAM has been able to successfully provide enhanced control over identity for administrators and other privileged users.

What is PAM?

Privileged access management helps to secure and control privileged access to critical assets on an on-premise network. With PAM, the credentials of admin accounts are placed inside a virtual vault to isolate the accounts from any risk. Once the credentials are placed in the repository, admins are required to go through the PAM system every time they need access to the critical areas of a network. For every single login, their footprint is logged and authenticated. After every cycle, the credentials are reset, ensuring that admins have to create a new log for every access request. Continue reading What is advanced server access?

The Importance of Single Sign-on for Educational Institutions

Let’s admit it: schools and universities today are not what they used to be back when we were growing up. Digitization has swept over almost every aspect of educational institutions. Classrooms have become “smart”, with blackboards being replaced or supplemented by LED screens. Students can simply log in to portals from where they can access information about grades, access lessons from learning apps, and more. Teachers don’t use physical attendance registers today; they mark the daily attendance of their students on tablets – data from which triggers automatic, customized messages to the parents of students who are absent from class.

With such revolutionary change taking over educational institutions, they are also under the rising threat of becoming the target of hackers. Therefore, it is important to ensure enhanced security across the network to prevent student and parent information from being exploited. What’s more, there are cases of students themselves becoming hackers these days – attempting to manipulate grades, using their fellow students’ information to bully them online, and engaging in other malicious activities.

Here are some ways in which a single sign-on solution can not only enhance security but also improve the efficiency of administrators in your educational institution.

Easy Provisioning and Deprovisioning

Every year, a set of students graduate and a new set of students are enrolled. This means that creating accounts and providing access to student portals is a never-ending process. More importantly, denying access to a student who no longer studies at the institution must not be overlooked.

With an SSO, administrators can view – in a single dashboard – all of the apps related to a particular user account and take action quickly and effectively without having to provision/deprovision accounts individually across apps or portals.

Instant Access to all Apps

A survey conducted in the USA showed that 25% of class-time is spent in troubleshooting and teachers trying to help students log in to their respective learning applications. In most cases, the use of multiple applications, and therefore multiple credentials, is the main problem here.

A single sign-on solution, as the name suggests, eliminates the need for multiple credentials, and with it, reduces the time taken to remember and correctly enter them. This also reduces the number of stray passwords, prevents users from writing down passwords and using other methods to remember credentials that are prone to compromise, and also reduces the time taken in resetting forgotten passwords.

Secure Password Policy Enforcement

Students of today may be sharp, but technology is sharper and acts as a double-edged sword. This is why, when it comes to protecting your network from brute-force attacks and other modern security threats, a strong password policy is essential. After all, a compromised password of a student could compromise the security of the entire network in more ways than one.

An SSO typically acts as the identity provider (IdP) to all the applications or portals used within the institution and, therefore, can be used to set up and enforce a strong password policy. This will ensure that passwords created by users of the institution’s applications meet a certain set of requirements with regard to length and complexity.

SSO and Beyond – Akku

Akku, by CloudNow, is an identity and access management solution that includes a powerful SSO functionality. But SSO is only one of many in a slew of features packed into this IAM solution.

Akku can also help you ensure safer interactions on the internet with filters, harness the power of YouTube for teaching/learning, use multi-factor authentication to restrict access to confidential data and more.

For more information on what Akku can do for your institution, get in touch today!

Why Blocking Personal Emails in the Workplace is Essential

Your employees accessing their personal email at work for a few minutes in a day sounds harmless enough. But access to personal email in the workplace is in fact a potential hazard to company data, security, and productivity for a number of reasons.

Continue reading Why Blocking Personal Emails in the Workplace is Essential

Prevent Cybercrime with the Zero Trust Model of Cybersecurity

Would you trust just anyone to enter your home? Or would you first confirm that you know them and they have the right to be there?

The Zero Trust Model (ZTM) of security follows a similar principle. The ZTM approach is to be aware of anything entering the company, whether from inside or outside the company’s perimeter.

ZTM simply verifies everything that requires access to the system. The approach does not necessarily decree that every request should be denied. Instead, it asks: Why is access needed? How far? How long?

According to Cyber Security Ventures, cybercrime damages will top $6 trillion by 2021. Little surprise that cybercrime is the trending topic today! This may be just a prediction, but an ominous one indeed. It is a great challenge to prevent cybercrime and avoid this predicted damage. However, we can certainly overcome some part of this. We just need to take the right steps to protect ourselves.

The Zero Trust approach depends on different technology and governance processes to achieve their goals. This model mainly focuses on improving the security of the IT environment of enterprises. This approach varies based on who (the User) is accessing what (SaaS or In-house Applications), as well as from where (Location or IP), how long (Time Restriction) and how (granularity) they want to access it.

There are multiple ways an organization can adopt the Zero Trust Model, and one of the best way to do so is to integrate with an IAM. For example, a well-designed application supports IAM integration and provides MFA by default. Today, all applications have begun to adopt the Zero Trust Model at the design level itself.

The What, Why and How of Two-factor Authentication (2FA): Decoded

Whether or not you know what it is called, you have likely used 2FA at least once in your life online.

Remember the time you tried logging into your email account from a new device and your email service provider sent you an SMS with a PIN (OTP), to re-validate that it was actually you attempting to login? You would have been allowed access to your inbox only after you entered the correct OTP.

Or the time you tried to transfer money to someone through internet banking. Even though you already entered your customer ID and password, your bank’s application would want to make sure that someone else hadn’t stolen your credentials. They do this by sending you an email with a PIN or a link to click on, for additional validation.

This is exactly what 2FA or two-factor authentication solution is all about.

Known by many names two-factor authentication, two-step authentication, two-step verification or dual factor authentication, 2FA refers to a second level of authentication added on in order to enhance security inherent to a login process. This is in addition to the username and password step, which is relatively susceptible to hacking.

When two or more layers are added to the login authentication process, it’s also known as multi-factor authentication or MFA.

Types of MFA security

A two or multi-factor authentication process typically asks you for ‘something you know’ in the first step, such as your email ID/username and password.

In the second step, it may ask you to authenticate your identity with ‘something you have’ or ‘something you are’.

Something you know the knowledge factor:

This could be your username and password, as in any ordinary login process, or it could be a PIN.

Something you have the possession factor:

This traditionally referred to hand-held token items, such as smart cards or Yubikeys embedded with a certificate to identify the user. Nowadays, a ‘possession’ could also be your smartphone, containing an app which sends a push notification or a TOTP. This is especially beneficial since tokens like smart cards are relatively more prone to being lost, stolen or misplaced.

Something you are the inherence factor:

Biometric authentication could involve the scanning of a biological element that is exclusively yours such as your fingerprint, hand geometry, retina, iris and so on. Voice recognition can also be used.

Two-factor authentication for your business

If your business relies on highly sensitive data or handles personal data of clients, you need to have an information security management system in place. This is especially crucial these days as several governments are imposing stringent regulations to ensure that the privacy of their citizens is not compromised. Some business standard certifications also require security compliances to certify your business and, therefore, it is important for you to protect sensitive data with more than just single-factor authentication (SFA).

By setting up 2FA or MFA security in all your business applications, you are assured of a higher degree of protection. In this manner, even if somebody does steal, guess or hack a password or even a list of passwords, through a brute force attack, they will be stopped at the second level as they attempt to log in to a specific individual’s account.

Multi-factor authentication solutions by Akku

When your business uses multiple applications, it may be both expensive and difficult to set up and streamline multi-factor authentication in each. That is where Akku comes in, with the promise to address all these concerns once and for all.

Once you opt for Akku, it becomes a common identity provider (IdP) across all your enterprise applications and creates a single sign-on (SSO) page through which your users can access them. Having brought all of your applications to a single platform through the SSO, Akku then seamlessly implements the multi-factor authentication functionality across them all.

With Akku, users can decide to use any of the following options as their second factor for re-validating their identity, giving them the power of choice:

    • A push notification delivered to their smartphone through the Akku mobile app
    • A time-based OTP (TOTP) which expires in 30 seconds through an authentication app (such as Google authenticator)
  • A PIN sent through an SMS to their registered mobile number

Interested to know more? Visit www.akku.work or get in touch with us through sales@akku.work

Protecting Your Vault: Safeguard your Data Center with an IAM Solution

At most enterprises, data centers are a repository of information contained within a network of servers from where data is transmitted to other touch points for processing. While these data centers could be cloud-based or on-premise, the security of such business-critical data is of paramount importance.

There could be several vulnerabilities in your network in the form of entry points that seem like they can be ignored. While there are several measures you can implement to physically secure your data center, it takes a lot more to secure remote or even on-premise servers from virtual attacks. An effective data center security solution will allow you to intuitively monitor all the entry points for possible attacks and ensure that you are protected against any breach.

One major part of the solution is the implementation of an Identity and Access Management (IAM) solution as part of your security system.

Staying Protected Online using an Identity and Access Management Solution

The two biggest focus areas for any security solution are authentication and authorization. Although there are overlaps in the usage of the two terms, there are distinct in the way they allow access of data.

Authentication determines if the user trying to enter a system is in fact who he/she is claiming to be, while authorization determines whether the user has the permission to access the data or application that he/she is attempting to access.

A comprehensive IAM solution should be able to intelligently allow you to do both by acting as the Identity Provider (IdP) for your cloud, on-premise or hybrid network and interact with the servers in the data centers to check for authentication and authorization using advanced, yet easy to implement, system architectures.

The Akku Solution

CloudNow’s Akku is an enterprise-grade IAM solution that plays this role perfectly using its custom SAML to provide a robust Single Sign-on (SSO) solution, or to integrate with an SSO solution already in place for your other applications. As an IdP, Akku communicates with the server at the time of login to carry out authentication and validate authorization.

By using a high-end security solution, you can effectively control access to your network and data center and reduce the number of resources dedicated to data center security.

Akku also removes any need for any middleware which could otherwise complicate or even corrupt the security system.

The implementation of an efficient and cost-effective security solution like Akku can go a long way in allowing you to focus on improving the operational efficiency of your organization instead of being caught up with the security threats to your data.