Security vs. usability – the debate has been around for quite a while now. Which one would you prioritize? Would you consider convenience more important than security when it comes to the identity management of consumers? What are your users more inclined to? Is there a way to find a balance between the two? Continue reading Security vs. Usability
Author: Yeswanth A
To Implement or Ignore: MFA for Custom Apps & Websites
Multi-factor authentication (MFA) is one of the most highly recommended security measures in this age of brute-force attacks, data breaches and other such cyber attacks. And while some off-the-shelf SaaS applications may already come with a built-in MFA feature, when it comes to a custom-built application or website, businesses have to make the tough decision between reinforced security and the high cost at which it comes.
Continue reading To Implement or Ignore: MFA for Custom Apps & Websites
The IAM Imperative: Through An SMB’s Eyes
Today’s MNCs were once small or medium businesses (SMBs). Small and medium businesses are the proving ground for emerging technology, as they have tight budgets and require specific, targeted functionality that suits their style and processes. Once products and solutions pass this litmus test, they start becoming more mainstream, being absorbed more widely by companies and consumers.
Cloud Security 101: Identity and Access Management
An Identity and Access Management (IAM) solution allows organizations to manage user access to critical data. It is an intermediate layer between your users and your applications/data.
Deploying an IAM solution a proven way to improve network security in an organization. A good IAM solution should also reduce the time spent by your IT team to grant access for individual applications, thereby improving architectural simplicity and reducing the load on your servers. This also means that your users have to remember only one set of credentials to access several applications in your on-premise or cloud network.
What should you expect from a good IAM solution?
Streamlined User Access
An effective IAM solution should greatly reduce hassle by providing a slick and time efficient method to validate users. It should be able to do this without compromising on security, allowing only legitimate users to access your network from on-premise or remote systems.
Conventionally, at organizations that have numerous applications on their network, users need to remember multiple sets of credentials, which is inconvenient, but more secure. An effective IAM solution should be able to strike the right balance between the two extremes of convenience and security.
With a single set of user credentials to access all permitted applications and data, memorizing multiple credentials is avoided, improving productivity and ease of use.
Improved Security
Another important feature you should look out for is the ability to control user access to your network. This is typically delivered through device- and IP-based restrictions, which give you the ability to provide access only from specific devices or IP addresses to your network. In addition to simply whitelisting specific requests, an IAM solution should also be able to permanently block illegal access from blacklisted devices and IPs.
Seamless Admin Control
An identity and access management solution should give the administrators of your network a simple and intuitive dashboard with all the controls needed to secure your network and manage access across it. This can go a long way in reducing the cost and time for your IT team.
This includes managing creating and removing user accounts, as well as controlling the level of access provided to each individual user.
Identity and Access Management by Akku
Akku by CloudNow is a state-of-the-art Identity and Access Management solution for all your user management needs. Its powerful SSO function simplifies user identity and access management, IP- and device-based restrictions prevent unwarranted access, multi-factor authentication reinforces security, and a range of other versatile features put you in complete control of your network. Get in touch with us now to know more!
Meet GCP IAM: The Identity and Access Management Solution from Google
Google Cloud Platform (GCP) IAM comes as a free service that is available by default to all users of the Google Cloud Platform. GCP IAM is Google’s identity management console, enabling administrators of organizations to manage access and permissions provided to employees across the range of applications and resources that come as part of the Google Cloud Platform. The main function of the IAM is to grant specific users/roles with access to specific GCP resources and prevent unwanted access to other resources.
The fundamental building block of GCP IAM is an IAM Policy which answers the question of who (identity) has what access (role) to which data or applications (resource). This IAM Policy is made up of permissions, bundled into roles and matched by identities.
Let’s take a closer look at the concepts of identity, role, and resource as defined by GCP IAM, which make it a useful IAM solution.
Identity
A user’s identity can be accounted for through their Google account (assigned to an individual), Service account (assigned to a service related to the user’s role), a Google group (which can contain more than one Google/Service account), or a G Suite domain name (consisting of all G Suite accounts under a particular domain) or Cloud Identity domain (consisting of all G suite accounts under a particular organization) name.
Role
A role is a combination of permissions assigned to an identity. Traditionally, Google had what are now known as Primitive Roles – which were a standard set of 3 – namely, ‘Owner’, ‘Editor’ and or ‘Viewer’.
However, in GCP IAM, Google has gone not one but two steps further – with Predefined Roles and Custom Roles – in allowing administrators a wider range of options when it comes to assigning roles (and therefore, access to do less or more) to the organization’s resources.
With what are known as Predefined Roles, granular separation of duties, such as Instance Admin and Network Admin to name a few, is made possible. Custom Roles, as the name suggests, are roles which administrators can customize based on the organization’s needs.
Resource
As defined by Google, “resources are the fundamental components that make up all GCP services”, and include Cloud Pub/Sub topics, Compute Engine Virtual Machines, Cloud Storage Buckets, and App Engine Instances.
These resources can then be grouped into projects. Administrators can assign permissions based on different roles to identities in their organization in order to provide them with access to specific resources. On the other hand, they can also provide access to projects, which will then provide users with access to all resources under the project.
In the GCP hierarchy, a group of projects can also be placed under a team, teams can be placed under a department and departments can be placed under the organization. Administrators can decide the level of access they wish to give each user based on this hierarchy.
GCP IAM is great, but….
Despite the extensive control it provides to administrators, and the numerous possibilities in authorizing user access, GCP IAM has one downside.
Organizations today utilize a wide range of applications, not all of them being GCP resources. They may use a combination of resources from Amazon Web Services, IBM or Azure, to name a few, and GCP IAM does not support identity and access management on these resources. Its lack of capability to connect with on-prem identity providers such as Microsoft Active Directory and OpenLDAP is another major roadblock.
Looking for one IAM to manage them all? Try Akku, one of the best identity and access management solutions from CloudNow, that can help you manage identities across your on-premise and cloud-based applications seamlessly!
Is Your Data Secure? No…
As per a survey by Forrester Research (Forrester Consulting Thought Leadership Paper, February 2017), in the last 4 years, out of every three organizations, two have had an average of at least 5 breaches. There are nearly 6 billion data records that were stolen and lost in the past 10 years. According to www.breachlevelindex.com, an average of 165,000 records are compromised every hour. According to this article published on www.csoonline.com, global cybercrime related damage is expected to exceed US$ 6 trillion annually by the year 2021.
How can IAM help protect data?
- Identification: Users make their claim on their identity by entering a username and verify through an authentication process
- Authentication: Authentication may be a password or may rely on advanced technologies, such as biometric and token-based authentication
- Authorization: The IAM system must then verify the user’s authorization to perform the requested activity and also ensure that users perform actions only within their scope of authority
Together, these three processes combine to ensure that specified users have the access they need to do their jobs, while unauthorized users are kept away from sensitive resources and information. Effective IAM solutions help enterprises facilitate secure, efficient access to technology resources across these diverse systems.
Identity and Access Management (IAM) is the information security discipline that allows users access to appropriate technology resources, at the right time. It incorporates three major concepts:
According to this article on BizTech magazine, improved data security is one of the three main reasons to deploy an IAM solution.
The article highlights the fact that consolidating authentication and authorization functionality on a single platform provides IT professionals with a consistent method for managing user access. And when a user leaves an organization, IT administrators may revoke their access in the centralized IAM solution with the confidence that this revocation will immediately take effect across all of the technology platforms integrated with that IAM platform.
So implement an identity and access management solution at your organization to take a major step towards improved data security.
Safer Interactions with the Internet through a Web Application Firewall
The internet represents a revolutionary step forward in the way data is stored and accessed, and in the way business is done. Most enterprises make use of user-friendly websites or web applications which allow their users to interact and transact.
But allowing users to seamlessly interact with your server and database presents some problems too. Primary among them is that it is difficult to differentiate between genuine users and hackers.
This is where a Web Application Firewall (WAF) comes in. A WAF allows you to protect your servers from online attacks on the internet.
For instance, there may be several nodes or entry points into your network, which security threats from the internet can penetrate. A robust security solution should ensure that these individual layers or nodes stay uniformly protected. Even if one of the layers is compromised, the impact of the breach could be severe. But micromanaging the security of every node in your network is time-consuming and invariably increases the latency of system operations.
A Web Application Firewall (WAF) can help you ensure the security of your network by monitoring and controlling all the HTTP conversations that your systems have with the internet.
What is a WAF and how does it work?
A Web Application Firewall comprises a set of instructions or protocols which have to be adhered to when using web-based applications. It protects your network and servers from websites whose scripts could be infected with malicious code intended to breach your security and access your data.
While using web applications, your searches and actions are considered client requests. These requests are processed by proxy servers which are kept in place to protect the client system. The proxy server receives the correct response from remote servers and transmits the data back to you.
A WAF acts a reverse proxy which protects your servers from attacks. It is an intermediary layer between the client and server, which makes it seem like the response is forwarded by an actual proxy server.
Website Filtering using WAF
A robust WAF comes with advanced DNS filtering features which examine every request from your network and send back only relevant and secure results. In addition to providing a layer of security to your servers and filtering websites based on its security loops, an effective web filtering solution should also simply allow you to blacklist websites because they could be irrelevant to the work done by your employees. Unmoderated internet access can have serious repercussions in terms of productivity drain.
Akku from CloudNow Technologies is a comprehensive solution to all your website filtering needs. It is a cloud-based web filtering software which allows you to specify which domains need to be blocked, for any reason – especially security or productivity concerns.
Addressing Challenges in Implementing “The Use of Company Property” policy at a Leading Insurance Company
Company X is a leading insurance company which provides laptops to all employees for their work, regardless of their grade in the organization’s hierarchy.
The company has deployed a gateway firewall, incorporated with a DNS filter to blacklist or whitelist access to certain websites. In this manner, users are denied access to malicious websites, and threats due to unauthorized website use is prevented while users are within the office network.
How DNS Filtering Works?
Whenever a user makes an internet search, a request is passed on to the network through an IP. However, when DNS filtering is implemented in an organization, the relevant web page is redirected to the firewall where the restrictions are verified. If it has been blacklisted, access to the webpage is blocked.
Loophole Causing Security Concern
When more and more users beginning to work from home or work while travelling using the laptops provided by the company, Company X began facing new security concerns.
Although the firewall’s DNS filter was effective when users were within the office network, the user’s laptops were outside of the firewall’s reach. This meant that users could access any site or download any software without any restrictions, exposing the company-owned devices (COD) at risk due to unauthorized websites. This, in turn, threatened to compromise both the devices and the data stored in them.
It also made the devices non-compliant to the Company Owned Device (COD) policy.
Prognosis
The DNS filtering rules set by the company no longer applied when users took their devices outside their network and firewall. Addressing this issue, CloudNow’s Identity and Access Management (IAM) solution was deployed. With its website filtering feature, maintaining DNS filter rules was made possible, even outside the firewall.
With Akku, requests made by users to access any website goes through its DNS filter, which checks for restrictions and blocks unauthorized web pages. Here, the router acts only as the connecting bridge to the internet. This makes it possible to maintain website blocking instructions for devices, disregarding where the users access them from through the internet.
Why is DNS Filtering Outside your Firewall is a Necessity?
It is a vital for all organizations to increase the security of their data by preventing access to malicious websites in CODs. Additionally, this feature ensures that all CODs comply with security standards and remain audit-ready.
Maintain your DNS filter rules even outside your office premises with AKKU’s website filtering feature.