If your organization relies on the cloud for a majority of its operations, you may want to look closer at the type of architecture your security solution uses – whether it is agent-based or agentless. While some might say that it is irrelevant and that you should focus only on the security solution’s efficiency, we beg to differ. Picking the right kind of cloud security solution can drastically affect your organization’s day-to-day operations and how much ownership you can take over the security solution. Continue reading Agent-based Cloud Security Solution? No thanks!
Category: Cybersecurity Insights
Beware of Credential Stuffing
In recent times, you might have noticed user accounts being compromised by the millions, and yet companies refute these claims saying that their systems are secure and have not been attacked. In these cases, the companies are right – instead of a direct attack, the hackers may have performed an attack called ‘credential stuffing’. In this type of attack, hackers get their hands on usernames and passwords of one application or service and stuff the same credentials on another login for another digital provider.
For example, if you have used the same user ID and password for creating your Facebook and Twitter accounts, a hacker who has access to your Facebook user id and password can use the same for getting into your Twitter account. This does not mean that Twitter’s systems are faulty. It simply means that your credentials have been stuffed. Credential stuffing attacks use code injection techniques to test the credentials against multiple accounts like social media, online marketplaces, and bank accounts. Once access is gained, the hacker can get access to personal information, credit card information and other personally verifiable information.
In recent times, this type of attack has gained popularity due to the fact that most users use the same user ID and password for multiple accounts. The situation right now is precarious for most online users – a recent breach of breaches has given hackers access to a whopping 2.2 billion user IDs and passwords. It is called a ‘breach of breaches’ because a few hackers hacked into millions of Dropbox and LinkedIn accounts and compiled a list of plain text credentials. However, another team of hackers hacked into this list to compile an even bigger list of stolen credentials.
If you have built enterprise applications, how sure can you be that your users have created different passwords for all your applications? There is no way for you to know for sure. However, you could put in place a password policy which prevents them from using the same password for all the applications in your network.
Akku from CloudNow Technologies allows you to set custom password policies to help you standardize the passwords set by your users. You can also leverage it to prevent the setting of the same passwords. To know more, get in touch with us now.
7 Ways in Which Akku can Help you Address Security Challenges
While it is natural to feel apprehensive on the cloud, especially if you are new to it, remember that there are a number of ways to stay in control of your organization’s applications and data, even while ensuring that authorized users can access them with greater ease.
Here are 7 ways in which Akku, the Identity and Access Management (IAM) solution from CloudNow, can help you address security challenges
1.Helping users create strong passwords
A password is the first and most basic level of security you can apply to protect your applications from unauthorized access. However, with several hackers and bots lurking on the internet, a password is also vulnerable to attack. With the provision to set up and enforce a strong password policy, Akku allows users to only set up strong, complex passwords that are difficult to crack.
2.Adding multiple layers of security
If your business relies on highly sensitive data, you need to protect it with more than just your users’ passwords. Akku’s Multi-factor Authentication (MFA) functionality does just that, integrating a powerful additional layer of security into the sign-in process. If this functionality is enabled, Akku demands users to reconfirm their identities by using a TOTP or a push notification.
3.Enabling admins to set up restrictions
Typically, a cloud application can be accessed from anywhere and at any time. This, while being one of the biggest boons of cloud computing, can also be a potential threat. This is why, Akku enables administrators to set up restrictions — to limit access to one or more critical applications outside of a certain time slot or location, or even from unrecognized IPs or devices.
4.Preventing suspicious logins
In addition to enabling administrators to set up tailored restrictions for each user based on time, location, IP address and device, Akku also detects and responds to suspicious and unusual user activity. For example, if a user has logged in from two different countries (one familiar, one unfamiliar) within a matter of minutes or hours, access will be denied.
5.Keeping admins in control, remotely
Akku comes with a smartphone application which enables admins to receive notifications and alerts, even when they are not in the office. Moreover, with one-click access to their dashboard, they can view or review user activity as well as provide, edit or revoke access and permissions to users.
6.Encrypting all data
Akku comes with custom salted-hash functionality – a combination of salting and hashing techniques – that is used to encrypt user credentials. This way, even if users are accessing your organization’s applications form unsafe or open networks, the data is kept safe in an encrypted format.
7.Maintaining filters for company-owned devices
Akku protects your company-owned devices from malicious content by enabling you to maintain DNS filters – blocking personal email, irrelevant website access, and YouTube filtering – even when the device is being used from a network outside the organization’s firewall.
Akku is a robust, flexible identity and access management (IAM) solution that can help your organization leverage the cloud without worrying about data security, privacy, compliance with standards, and productivity. To know more or to see how Akku can be integrated with your organization’s applications, get in touch with us today!
Hashing And Salting – The What And How
“irgvctxmsr” – sounds like gibberish, doesn’t it? But if you were to decrypt this string using a mono-alphabet shift cipher where each letter has been shifted to the right by 4 numbers, you would see that it spells “encryption”!
Protecting critical data and information by encrypting them was first performed by Julius Caesar in 120 BC. The art of encryption has been through several modern shifts, and currently most of the data on the internet is protected using sophisticated encryption algorithms like AES (Advanced Encryption Standard), RSA (Rivest-Shamir-Adlemen), ECC (Elliptic Curve Cryptography) and PGP (Pretty Good Privacy).
Deciphering an encrypted message requires a key. Nowadays, messages are encrypted using public keys and decrypted using private keys. The private keys are shared privately between two trusted parties. Losing a private key can be disastrous, as encrypted messages can then be read by anybody with access to the private key.
Password Hashing
While encryption is a two-way function and is primarily done with the intention of being decrypted, password hashing is a one-way function. Hashing allows us to use a mapping function to map data of any size to a fixed length. The resultant output is called the hash value. Technically, hashing is reversible – however, the computing power required to get the original message makes it impossible for the original message to be decoded. Simply put, encryption protects the data in transit while hashing is used to authenticate the data and lets you know if it has been tampered with.
Here is how it works – consider that you have a digital document that you have digitally signed and uploaded to your website for another person to download. Now, you will run a hash function on the document and another one on your digital signature and encrypt the resulting hash values. Once a designated person downloads the document, the browser decrypts the hash values using a key and runs the same hash function on the document. If the resulting hash values are the same for the sender and receiver, it means the document and signature have not been tampered with.
Modern hashing algorithms include SHA (Security Hashing Algorithm), RIPEMD, WHIRLPOOL, and TIGER.
Salted Passwords
Salting is the process of adding an additional layer of security to the hashing process by adding a unique value to the end of the password and hashing the new password. By adding even one letter to your password and hashing it, you can change its hash value and make it harder for interceptors to find your password. For example, if your password is “V67gHD92”, you can add a unique character or string to the end of it and make it something like “V67gHD92SPICE”. Here, the word “SPICE” is called the salt.
Salting a password protects any data from brute force attacks in which bots attempt every possible combination of letters and numbers until the password is cracked. However, if the attacker knows your salt, the entire process of salting becomes worthless.
In this day and age where network and information protection requires meticulous planning and dedicated resources, we at CloudNow Technologies want to make things easy for you. Our network security solution Akku is designed to protect your network against sophisticated and high-level attacks. To know more about how we can help you protect your network, get in touch with us now.
3 Important steps to improve network security against brute-force attacks
A brute-force attack is a type of cybercrime which involves automated hacking activity using bots. The primary aim of a brute-force attack is to crack a password in order to gain access to a user account in an unauthorized manner. Using the automation tool, an attacker repetitively attempts different alpha-numeric combinations at considerable speed – thousands per second – until the user’s password is determined and the account is unlocked.
With the advent of the cloud and the rapid innovations in technology, a brute-force attack has emerged as one of the most common types of outsider attack against web applications.
Here are three steps that will go a long way in improving the security of your network against brute-force attacks:
Enforce a strong password policy
A password is the first line of security when it comes to preventing unauthorized access. A strong password policy, therefore, can ensure that your users set up passwords that are strong and not easily compromised. Here are some important aspects you can regulate by setting up a password policy:
- Password Length
A brute-force attack typically works by continuously trying every possible combination using numbers, letters and special characters. The shorter the password length, the fewer the combinations and the easier it is to crack. If the password length is known (or is fixed), again, it becomes easy for the attacker to attempt combinations of that particular length, although it will take longer depending on its length.
- Password Complexity
A dictionary attack is a subset of the brute-force attack, which attempts to crack a password by trying all English words and then trying them with multiple combinations of other words and numbers. If users are setting simple passwords because they are easy to remember, they will also be easier to crack.
- Password Expiry
Periodically, the system must prompt the user to change their password so that any possible ongoing attack can be effectively guarded against. Moreover, this practice will also mitigate undetected breaches of privileged accounts.
Use multi-factor authentication
Multi-factor authentication puts an additional layer of security between the brute-force attacker and your data. With MFA, even if the password has been correctly identified by the bot, the attacker will be unable to proceed because the system will require either an OTP or a confirmation from a different device (such as a smartphone app).
Another way to set up an additional layer of security at the login point would be to use a captcha – a box showing warped text or images and require manual entry of a response. This will effectively keep out a bot that is executing automated scripts.
Set up an account lockout policy
Set up a policy wherein you can detect and block suspicious login attempts. Locking an account after three failed login attempts, or attempts to login from a different country or an unlikely hour can prevent intruders from entering into the system. To resume work, the authorized user will need to seek administrator intervention to unlock the account.
You can also set up a progressive delay lockout wherein an account is locked for a fixed period of time after a certain number of failed login attempts. The lockout period can progressively increase with the increasing number of failed attempts and helps keep out brute-force attack bots long enough to make them ineffective.
Akku is an Identity and Access Management (IAM) solution that comes equipped security features to accomplish all the steps described above. Whether you are working with cloud-based or on-premise apps or a combination of both, Akku can help you protect your data from brute-force attacks. Contact us today.
What is Zero Trust Security?
As organizations increasingly place their data and applications across multiple locations on the cloud, zero trust security is rapidly gaining ground as the network security model of choice among enterprises.
Zero Trust Security is a security model in which a user, irrespective of whether he/she is within or outside the network perimeter, requires an additional verification to get access into a network. There is no particular technology or software product associated with this security model. It simply requires an additional security layer to verify users. This could be anything from biometric verification like thumb-print scanning, or a digital signature verification. Of the two, biometric verification is preferable as it can neither be recreated nor hacked.
Traditionally, organizations have been using what is referred to as the castle-and-moat approach to network security. In this model, the network is the ‘castle’ which is protected by security solutions as a ‘moat’. With this approach, part-of-the-network users were blindly trusted and allowed to enter the castle. However, as companies grew, their data and applications grew with them and the need to split them and store them in multiples silos rose. It also became easier for hackers to gain entry into a “protected” network by accessing a single user’s credentials.
Instead of the castle-and-moat model, adopting the zero trust security model and adding an additional layer of security to a network has been shown to prevent instances of data breaches.
Principles behind zero trust security
1. Trust no one: The model assumes that all the users of the network are potential attackers and hence, no users or systems are to be automatically trusted.
2. Least-privilege access: The users are given access based on a need-to-use basis and nothing more. This can eliminate each user’s exposure to vulnerable parts of a network.
3. Microsegmentation: The entire network is split into segments, each with its own authentication process.
4. Multi-factor authentication: Access to the network requires additional evidence that the user is legitimate.
The network of an organization is its gold mine and most organizations are increasing their spend on network security. Implementing a zero trust security model can go a long way in protecting your network from breaches.
Akku from CloudNow is an intelligent security solution which helps you enforce a zero trust security policy. To know more about its features and how it can benefit your organization’s network security, get in touch with us now.
Why is multi-factor authentication indispensable?
Ever heard of the butterfly theory? A single flap of a butterfly’s wings in Australia has the potential to cause a tsunami in Indonesia. Similarly, a minor tweak in your IT infrastructure has the potential to make every node of your network vulnerable to serious attacks, irrespective of their relationship. To ensure that network security remains as streamlined as possible through any number of changes to your IT systems, it is crucial to add a virtually unhackable component to your network security.
Continue reading Why is multi-factor authentication indispensable?
Why data breaches happen & what you can do to stop them
War seems to have taken a new form in the Information age. Large corporations have reported increased data breaches in the last couple of years and the number is all set to increase in 2019.
Continue reading Why data breaches happen & what you can do to stop them
Password Managers can be Hacked. Now What?
On average, every person has 7.6 accounts – that’s a lot of user IDs and passwords for an individual! Remembering the user ID and password for all these accounts is obviously very cumbersome, and third party service providers have capitalized on this to provide password management services. A password manager is essentially a single repository for all your credentials. Two very popular password managers are LastPass and Dashlane. These are applications which will store your credentials in a “secure” database. However, they haven’t been spared by hackers, who breached their security to get access to thousands of user credentials.
5 Cloud Security Myths Busted
One of the main reasons for a number of traditional, older enterprises still being wary of cloud computing is the concern they have over the security of their data on the cloud. There are a number of myths surrounding cloud security that make it difficult for many enterprises to take the plunge and undertake cloud migration to leverage the many benefits of the cloud.
Here are a few of these myths, and why you should stop believing them!
Myth 1: It’s not safe to use the cloud
The biggest myth of them all is that the cloud is simply insecure and more vulnerable to attacks. We understand where this comes from. If you have something you want to protect, you would rather keep it at home, under your watchful eye. By the same logic, people believe that if their data is not located within their own office premises, it isn’t safe.
When you host your data locally, you will need to constantly update your firmware and keep all your security solutions up-to-date. It also requires several maintenance and management procedures and testing at specified intervals to overcome vulnerabilities that may arise due to configuration changes.
On the other hand, when it comes to the cloud, most of these steps are taken care of by the cloud service providers, who run regular audits for their cloud security controls to make the cloud environment as safe as possible. What’s more, cloud platforms are equipped with a wide range of security capabilities that can be customized to suit specific security needs of enterprises. You may also consult cloud service providers and cloud advisory experts like CloudNow to understand and take steps to prevent potential security risks.
Myth 2: Data on the cloud can be accessed by anyone
This is a common concern for enterprises when it comes to using a public cloud. If you are using a public cloud, that doesn’t mean that your data is available publicly or to other users of the shared cloud!
Even on a shared cloud, the data of each enterprise or individual is stored as a separate instance. Despite being transmitted on a shared network, data is encrypted to prevent other entities from deciphering or decoding the data. People also tend to assume that a private cloud would be safer. Quite contrary to this belief, multi-tenant clouds or public clouds, in fact, offer an additional layer of security to separate internal network systems due to the very fact that they are accessed by many.
Find out if a public, private or hybrid environment will suit your business best. Ask CloudNow!
Myth 3: The cloud provider will take care of security
Having said (above) that cloud providers take security very seriously and go to great lengths to secure your cloud environment, on the other side of the aisle is another myth – that the cloud provider will handle it all.
While it is true that the provider does take some measures, there are certain aspects to protecting the security of your data that can only be handled by you. Therefore, it can be said that cloud security solutions are a shared responsibility of the provider, the customer and all the users involved.
More specifically, the security of the overall cloud infrastructure and the physical security of the servers are all responsibilities of the cloud service provider. However, when it comes down to your data, your cloud application security and your users, and how each of these interact on the cloud, the responsibility for their security lies with you.
At your end, you will need to set up a password policy, add layers of authentication for your users’ login process when they need access to sensitive data, set up your own DNS filters and restrictions – all of which have to do with your users and the way they handle your data on the cloud. Moreover, your administrators will need to handle identity management including permissions given to each of your users with regard to what they can access and how much they can do while using cloud applications. Opting for an identity and access management solution ( IAM ) like Akku can help by acting as a single sign on (SSO) platform and making password policy enforcement, multi-factor authentication (MFA) security and implementation of other security measures easier to implement.
Myth 4: Cloud security is a hassle for HR
According to a survey conducted by Cybersecurity Insiders, “staff expertise and training” were listed by 56% of respondents as the top reasons for hesitating to opt for cloud solutions. They believed that opting for a cloud SaaS would require rehiring or retraining the IT teams.
It is indeed surprising that a majority of companies believed this myth which underestimates their own teams who have managed to handle on-premise data and applications effortlessly!
Most cloud security solutions are actually extremely intuitive and user-friendly, and most of them can be managed by IT personnel through simple training and re-certification programmes.
And if you choose a cloud solutions provider like CloudNow to partner with you, your partner will be able guide you through the process.
Myth 5: Cloud and compliance don’t get hand in hand
Data breaches and violations to data privacy and other policies have caused governments to set up and enforce stringent data protection policies in order to increase the accountability of enterprises handling the personal data of citizens. And for some reason, business owners tend to believe that managing compliance issues on the cloud is far more complex than it is with an on-premise server.
However, the truth is far from that. Many cloud service providers, in fact, facilitate the process of keeping you compliant, as per the security requirements of your industry. For example, if you are in the healthcare industry and need to comply by HIPAA, then your cloud provider can help you maintain event logs for information access attempts with an intrusion detection systems (IDS).
What’s more, using an IAM solution can help you stay compliant and also ready for security audits. With a solution like Akku, administrators are given full control to customize and choose their password policies and other security features required for compliance and maintenance of security standards. The default password policy of Akku complies with the password policy requirements of industry standards such as ISO 27001 and PCI DSS and is customizable to the last detail.
Want to know more about using Akku to improve your cloud security? Visit www.akku.work or email us at sales@akku.work