Author: Yeswanth A

Yeswanth is an Associate Project Manager at Akku, where he leads Agile projects, oversees user story management, and ensures seamless delivery of enterprise technology solutions. Having transitioned from a software engineering role within the company, he brings a strong technical foundation to his project leadership responsibilities, enabling him to bridge development and business needs effectively. Before his work at Akku, Yeswanth served as a Java Software Engineer at Proagrica, where he contributed to the design and development of enterprise applications. His experience spans both development and project management, equipping him with a well-rounded perspective on technology delivery.

Identity and Access Management in the age of Bimodal IT

An important new practice that has emerged over the past few years in IT management is Bimodal IT, defined by Gartner as the practice of managing two separate but coherent styles of work: one focused on predictability; the other on exploration.

While the application of the Bimodal concept within an enterprise has been the subject of much discussion, employing these two modes of management in the context of Identity and Access Management has not.

Here’s our take on how the Bimodal concept fits into our scheme of things as an Identity and Access Management solution provider.

Mode 1

By the standard definition of Bimodal IT, the focus of Mode 1 is on ensuring that existing applications and business functions are kept running smoothly. Therefore, Mode 1 clearly prioritizes stability over innovation.

In the context of IAM, businesses are becoming increasingly complex in the digital age, with touchpoints and interactions with increasingly large numbers of people or users, both within and outside the organization.

Managing this change requires IAMs to undertake a gradual evolution towards becoming simpler and more scalable. A good example of this would be the need to build in the ability to automate decision-making for setting access rules and permissions based on dynamically collected information on users, from multiple sources.

This evolutionary approach is important to ensure continued forward movement, embracing new practices and technologies, while continuing to place primary emphasis on seamless operations.

Mode 2

Mode 2 in Bimodal IT, on the other hand, places its focus squarely on innovation. In Mode 2, the priority is to undertake larger, but less certain, leaps forward, to enable the existence of entirely new business processes and approaches.

To look at the Identity and Access Management universe, in Mode 2, the mandate would be to build the next, future-ready new IAM platform. This could involve the development of an all-new, simpler and more scalable architecture from scratch, or incorporating increased agility to adapt to a fast evolving environment, for example.

Mode 2 involves planning and building for scenarios and use-cases that go beyond what conventional thinking can conceive of, to drive the next big change. But with this focus on innovation comes a need to accept some risk as well.

Akku is an enterprise IAM solution, and our journey to get here has involved adopting different facets of Bimodal IT. This process has helped us build a platform that delivers solutions to a range of use-cases that few others can match, and to do it reliably and seamlessly. Talk to us today to see how Akku could enable identity and access management, and more, at your organization.

Security or Functionality? Security Risks with Digital Transformation

Digital transformation has been adopted by most companies from around the world, resulting in a more connected and innovative business environment. Today, digital transformation essentially involves an organization’s adoption of IoT, cloud computing, machine learning, and AI. Continue reading Security or Functionality? Security Risks with Digital Transformation

Security vs. Usability

Security vs. usability – the debate has been around for quite a while now. Which one would you prioritize? Would you consider convenience more important than security when it comes to the identity management of consumers? What are your users more inclined to? Is there a way to find a balance between the two? Continue reading Security vs. Usability

To Implement or Ignore: MFA for Custom Apps & Websites

Multi-factor authentication (MFA) is one of the most highly recommended security measures in this age of brute-force attacks, data breaches and other such cyber attacks. And while some off-the-shelf SaaS applications may already come with a built-in MFA feature, when it comes to a custom-built application or website, businesses have to make the tough decision between reinforced security and the high cost at which it comes.

Continue reading To Implement or Ignore: MFA for Custom Apps & Websites

The IAM Imperative: Through An SMB’s Eyes

Today’s MNCs were once small or medium businesses (SMBs). Small and medium businesses are the proving ground for emerging technology, as they have tight budgets and require specific, targeted functionality that suits their style and processes. Once products and solutions pass this litmus test, they start becoming more mainstream, being absorbed more widely by companies and consumers.

Continue reading The IAM Imperative: Through An SMB’s Eyes

Cloud Security 101: Identity and Access Management

An Identity and Access Management (IAM) solution allows organizations to manage user access to critical data. It is an intermediate layer between your users and your applications/data.

Deploying an IAM solution a proven way to improve network security in an organization. A good IAM solution should also reduce the time spent by your IT team to grant access for individual applications, thereby improving architectural simplicity and reducing the load on your servers. This also means that your users have to remember only one set of credentials to access several applications in your on-premise or cloud network.

What should you expect from a good IAM solution?

Streamlined User Access

An effective IAM solution should greatly reduce hassle by providing a slick and time efficient method to validate users. It should be able to do this without compromising on security, allowing only legitimate users to access your network from on-premise or remote systems.

Conventionally, at organizations that have numerous applications on their network, users need to remember multiple sets of credentials, which is inconvenient, but more secure. An effective IAM solution should be able to strike the right balance between the two extremes of convenience and security.

With a single set of user credentials to access all permitted applications and data, memorizing multiple credentials is avoided, improving productivity and ease of use.

Improved Security

Another important feature you should look out for is the ability to control user access to your network. This is typically delivered through device- and IP-based restrictions, which give you the ability to provide access only from specific devices or IP addresses to your network. In addition to simply whitelisting specific requests, an IAM solution should also be able to permanently block illegal access from blacklisted devices and IPs.

Seamless Admin Control

An identity and access management solution should give the administrators of your network a simple and intuitive dashboard with all the controls needed to secure your network and manage access across it. This can go a long way in reducing the cost and time for your IT team.

This includes managing creating and removing user accounts, as well as controlling the level of access provided to each individual user.

Identity and Access Management by Akku

Akku by CloudNow is a state-of-the-art Identity and Access Management solution for all your user management needs. Its powerful SSO function simplifies user identity and access management, IP- and device-based restrictions prevent unwarranted access, multi-factor authentication reinforces security, and a range of other versatile features put you in complete control of your network. Get in touch with us now to know more!

Meet GCP IAM: The Identity and Access Management Solution from Google

Google Cloud Platform (GCP) IAM comes as a free service that is available by default to all users of the Google Cloud Platform. GCP IAM is Google’s identity management console, enabling administrators of organizations to manage access and permissions provided to employees across the range of applications and resources that come as part of the Google Cloud Platform. The main function of the IAM is to grant specific users/roles with access to specific GCP resources and prevent unwanted access to other resources.

The fundamental building block of GCP IAM is an IAM Policy which answers the question of who (identity) has what access (role) to which data or applications (resource). This IAM Policy is made up of permissions, bundled into roles and matched by identities.

Let’s take a closer look at the concepts of identity, role, and resource as defined by GCP IAM, which make it a useful IAM solution.

Identity

A user’s identity can be accounted for through their Google account (assigned to an individual), Service account (assigned to a service related to the user’s role), a Google group (which can contain more than one Google/Service account), or a G Suite domain name (consisting of all G Suite accounts under a particular domain) or Cloud Identity domain (consisting of all G suite accounts under a particular organization) name.

Role

A role is a combination of permissions assigned to an identity. Traditionally, Google had what are now known as Primitive Roles – which were a standard set of 3 – namely, ‘Owner’, ‘Editor’ and or ‘Viewer’.

However, in GCP IAM, Google has gone not one but two steps further – with Predefined Roles and Custom Roles – in allowing administrators a wider range of options when it comes to assigning roles (and therefore, access to do less or more) to the organization’s resources.

With what are known as Predefined Roles, granular separation of duties, such as Instance Admin and Network Admin to name a few, is made possible. Custom Roles, as the name suggests, are roles which administrators can customize based on the organization’s needs.

Resource

As defined by Google, “resources are the fundamental components that make up all GCP services”, and include Cloud Pub/Sub topics, Compute Engine Virtual Machines, Cloud Storage Buckets, and App Engine Instances.

These resources can then be grouped into projects. Administrators can assign permissions based on different roles to identities in their organization in order to provide them with access to specific resources. On the other hand, they can also provide access to projects, which will then provide users with access to all resources under the project.

In the GCP hierarchy, a group of projects can also be placed under a team, teams can be placed under a department and departments can be placed under the organization. Administrators can decide the level of access they wish to give each user based on this hierarchy.

GCP IAM is great, but….

Despite the extensive control it provides to administrators, and the numerous possibilities in authorizing user access, GCP IAM has one downside.

Organizations today utilize a wide range of applications, not all of them being GCP resources. They may use a combination of resources from Amazon Web Services, IBM or Azure, to name a few, and GCP IAM does not support identity and access management on these resources. Its lack of capability to connect with on-prem identity providers such as Microsoft Active Directory and OpenLDAP is another major roadblock.

Looking for one IAM to manage them all? Try Akku, one of the best identity and access management solutions from CloudNow, that can help you manage identities across your on-premise and cloud-based applications seamlessly!

Is Your Data Secure? No…

As per a survey by Forrester Research (Forrester Consulting Thought Leadership Paper, February 2017), in the last 4 years, out of every three organizations, two have had an average of at least 5 breaches. There are nearly 6 billion data records that were stolen and lost in the past 10 years. According to www.breachlevelindex.com, an average of 165,000 records are compromised every hour. According to this article published on www.csoonline.com, global cybercrime related damage is expected to exceed US$ 6 trillion annually by the year 2021.

How can IAM help protect data?

Identification: Users make their claim on their identity by entering a username and verify through an authentication process
Authentication: Authentication may be a password or may rely on advanced technologies, such as biometric and token-based authentication
Authorization: The IAM system must then verify the user’s authorization to perform the requested activity and also ensure that users perform actions only within their scope of authority

Together, these three processes combine to ensure that specified users have the access they need to do their jobs, while unauthorized users are kept away from sensitive resources and information. Effective IAM solutions help enterprises facilitate secure, efficient access to technology resources across these diverse systems.

Identity and Access Management (IAM) is the information security discipline that allows users access to appropriate technology resources, at the right time. It incorporates three major concepts:

According to this article on BizTech magazine, improved data security is one of the three main reasons to deploy an IAM solution.

The article highlights the fact that consolidating authentication and authorization functionality on a single platform provides IT professionals with a consistent method for managing user access. And when a user leaves an organization, IT administrators may revoke their access in the centralized IAM solution with the confidence that this revocation will immediately take effect across all of the technology platforms integrated with that IAM platform.

So implement an identity and access management solution at your organization to take a major step towards improved data security.

Safer Interactions with the Internet through a Web Application Firewall

The internet represents a revolutionary step forward in the way data is stored and accessed, and in the way business is done. Most enterprises make use of user-friendly websites or web applications which allow their users to interact and transact.

But allowing users to seamlessly interact with your server and database presents some problems too. Primary among them is that it is difficult to differentiate between genuine users and hackers.

This is where a Web Application Firewall (WAF) comes in. A WAF allows you to protect your servers from online attacks on the internet.

For instance, there may be several nodes or entry points into your network, which security threats from the internet can penetrate. A robust security solution should ensure that these individual layers or nodes stay uniformly protected. Even if one of the layers is compromised, the impact of the breach could be severe. But micromanaging the security of every node in your network is time-consuming and invariably increases the latency of system operations.

A Web Application Firewall (WAF) can help you ensure the security of your network by monitoring and controlling all the HTTP conversations that your systems have with the internet.

What is a WAF and how does it work?

A Web Application Firewall comprises a set of instructions or protocols which have to be adhered to when using web-based applications. It protects your network and servers from websites whose scripts could be infected with malicious code intended to breach your security and access your data.

While using web applications, your searches and actions are considered client requests. These requests are processed by proxy servers which are kept in place to protect the client system. The proxy server receives the correct response from remote servers and transmits the data back to you.

A WAF acts a reverse proxy which protects your servers from attacks. It is an intermediary layer between the client and server, which makes it seem like the response is forwarded by an actual proxy server.

Website Filtering using WAF

A robust WAF comes with advanced DNS filtering features which examine every request from your network and send back only relevant and secure results. In addition to providing a layer of security to your servers and filtering websites based on its security loops, an effective web filtering solution should also simply allow you to blacklist websites because they could be irrelevant to the work done by your employees. Unmoderated internet access can have serious repercussions in terms of productivity drain.

Akku from CloudNow Technologies is a comprehensive solution to all your website filtering needs. It is a cloud-based web filtering software which allows you to specify which domains need to be blocked, for any reason – especially security or productivity concerns.