Workforce Identity & Access Management (IAM) Archives | Page 4 of 7

Single Sign-On and why your organization needs it!

Single Sign-On (SSO) is a session and user authentication service where one set of credentials – typically a username and password – can be used by an organization’s users to access multiple apps.

SSO delivers tighter control for admins, helping to keep an organization’s data more secure by providing access only to users who really need it. At the same time, it makes operations more secure at the user level too – when users don’t need to remember a large number of credentials, they would be more willing to use stronger passwords.

Besides its inherent security, SSO also simplifies provisioning and de-provisioning, which in effect also increases security by preventing unauthorized access to apps and data.

How secure is your SSO?

Some misconceptions also exist regarding SSO – key among them is that SSO leads to an increased security risk, almost like putting all your eggs in one basket. After all, with one system controlling access across all of an organization’s applications, what if that single system is compromised?

It is therefore important to understand that SSO functions through a system of secure tokens which do not carry any sensitive data, making it a very safe proposition. We’ll explore exactly how this works, and how these tokens ensure security, later in this article.

What are SSO tokens and how do they work?

SSO tokens are tiny sets of digitally signed structured information to ensure mutual trust between parties.

It’s like an exclusive club with select invitees, where guards at the entrance check, approve, and stamp each guest’s hand. Event staff will know the exact shape and color of the stamp used and therefore authenticate the entry. Similarly, in the digital world, the service and identity providers communicate via tokens.

Tokens don’t include sensitive data like user’s password or biometric information, ensuring that any interception or attack on the tokens does not reveal the information. The same token can be used to add on new services to the same SSO platform as well. It facilitates identity verification separately from other cloud services, making SSO possible.

Data Security through SSO

SSO improves enterprise security as it reduces the number of attack surfaces because users only log in once each day and only use one set of credentials.

It also significantly reduces the possibilities of password-related hacks. With SSO, users only need to remember one password for all their applications. So, they are more likely to create complex and hard-to-guess passwords. They are also less likely to reuse passwords or write them down.

Another reason SSO is popular among enterprises is that it allows scaling up. Both access to new apps and addition of new people can be managed without sacrificing security, because identity and access management are already addressed. And rapid provisioning and deprovisioning without needing to worry about human error means more reliable and secure access management.

For added security, SSO can also be paired with Multi-Factor Authentication (MFA), where additional factors of authentication are required beyond just the user’s password, to reconfirm the identity of the user.

Akku incorporates robust and secure token-based SSO functionality, helping to deliver greater security and efficiency. Contact us today for more information.

Business from anywhere: IAM as a vital piece of the Business Continuity puzzle

COVID-19 was a shock to the global economy. The pandemic aside, the enforced and voluntary closure of offices has dramatically changed the way businesses work. Overnight, employees were instructed to work from home, in many cases indefinitely. There are still tens of thousands of organizations around the world who are still unsure of when, if ever, they will resume a traditional office-oriented working environment.

Business Continuity Plan (BCP) challenges for enterprises

Even more than the longevity of office closure however, it was the suddenness with which it hit that was so disruptive. For businesses without a BCP to address such an eventuality, it took many painful weeks or more before they could resume operations.

When remote operations did begin, many businesses – especially in domains involving sensitive data, such as healthcare and BFSI – faced concerns and scrutiny from both their customers and regulatory authorities. With large workforces working from home, data and application security became a genuine worry.

As you prepare for the next major global disruption, here’s how an Identity & Access Management (IAM) solution like Akku could play an important role in keeping your business running in a work-from-anywhere world.

Remote identity management with Active Directory

A majority of global enterprises use on-prem Microsoft Active Directory (AD) to manage user identities across their organization. It’s an effective solution as long as all users are working from the same premises. When they are not, however, a cloud-based identity management solution is essential.

As a robust IAM solution, Akku can integrate with your on-premise Active Directory through a secure tunnel – by doing this, all the user credentials and identity stored on your AD can be accessed by your IAM from anywhere. This allows you to continue to use your familiar AD for identity management, while also eliminating the need to take up a complex and expensive migration of your identity management system to the cloud.

Once your IAM enables access to your user identities from your AD from any location, you can then progress to the Access Management functionality of the IAM platform, to grant due access to all necessary assets (files, platforms and applications) to only the specific users who require it.

Security during remote access

A major concern with the work-from-anywhere environment is security. To preserve the sanctity of your assets, you need to control the users accessing them, and ensure secure access for authorized users. Two key ways to achieve this are through device-based restrictions and multi-factor authentication.

By restricting asset access to only registered or company-owned devices, you ensure that the organization’s apps and data are not impacted by any malware or security vulnerabilities that may exist on non-authorized devices. Multi-factor authentication (MFA) reconfirms the identity of the user accessing the company’s digital assets by additional means beyond a password – such as time-based OTPs or push notifications, for instance.

Through implementation of an IAM solution along with increasing the security of your cloud assets, you can also manage highly granular access control. Each individual user can be granted access to only the files, platforms and software that they require, with easy provisioning and deprovisioning to quickly and reliably provide and revoke access.

Real-world benefits during disruptions

Through a straightforward implementation of Akku that integrates with your Active Directory and acts as the identity provider to all of your applications, you are geared up to manage remote working at a moment’s notice.

In a world of increasing uncertainty, this means business continuity, with uninterrupted, secure and efficient operations through any circumstances that may arise.

COVID-19 was a once in a century phenomenon, but large-scale disruptive events are not that uncommon. Allow us to help you create your BCP to address any eventuality by setting up Akku to enable a seamless and secure work-from-anywhere operations. Contact our team of experts to get started.

Burn down the Firewall! The Future is Device-level Security

Many enterprises have built their cybersecurity around their firewalls. But increasingly, the firewall is losing favor in modern enterprises with apps and data on the cloud being accessed from devices and networks anywhere in the world.

The traditional cybersecurity tool is a network security device that monitors traffic to or from the network. It allows or restricts traffic based on a defined set of security rules.

Legacy firewalls: Blurring boundaries

The issue with this is that firewalls do not go far enough in securing your systems. By the nature of their operation, firewalls create boundaries around your network. Today, with enterprises using many interlinked networks, multiple IPs and cloud computing, boundaries are fading. As a result, firewalls are less effective.

Based on a recent study, businesses are increasingly mistrustful of firewalls. Over 60 percent of respondents stated that: (1) their legacy firewalls don’t prevent cyberattacks against critical business and cloud-based applications; (2) their legacy firewalls cannot contain a breach of their organization’s data center perimeter; and (3) their legacy firewalls do not enable enterprise-wide Zero Trust.

As Gartner puts it, Zero Trust is “useful as a shorthand way of describing an approach where implicit trust is removed from all computing infrastructure”.

In addition, legacy firewalls impact organization flexibility and speed to a large extent. It is hard to update security rules on the firewall, and the study found that on average, enterprises take as much as three weeks to update firewall rules to accommodate any update needed. This can have a crushing security impact. They also limit access control, with policies that are often not sufficiently granular.

For all these reasons, legacy firewalls are increasingly falling into disfavor with enterprises of all sizes.

Cloud Access Security Broker (CASB)

A traditional firewall stands between your network and a non-trusted network (for example, the Internet). However, cloud data and apps are hosted on the Internet and as a result, legacy firewalls are not very good at protecting apps and data on the cloud.

Just like a traditional firewall protects the trusted network against attacks, a CASB protects cloud assets (applications, data, platforms and infrastructure) against cyberattack. They act as a foundational cybersecurity tool and resolve many of the issues associated with legacy firewalls.

A cloud-hosted or on-premises software, a CASB acts as an intermediary between users and cloud service providers, and can secure SaaS, PaaS or IaaS environments. It provides visibility into application access, maintains logs of activity, and allows enterprises to modify and create policies that suit cloud infrastructure and assets. A good CASB brings together key elements of privilege access management (PAM), identity and access management (IAM) and identity governance and administration (IGA).

Identity and Access Management solution (IAM)

As many as 90 percent of businesses believe that an IAM is indispensable to their cybersecurity plans. An IAM offers device-level security. This helps plug the gaps left by legacy and CASBs. Through IAMs, enterprises can provide granular access control, with unique rules defined for each user and class of user.

IAM offers comprehensive password management support, in the form of password policy management and single sign-on (SSO) SSO allows users to create and remember just one set of credentials for a whole suite of applications. This reduces risk of password loss and noting the password in unsafe locations. With password policy management, businesses can define rules to create strong, secure passwords that are less prone to cracking.

User-friendly provisioning and deprovisioning makes errors less likely. IT administrators find it easier to remember to revoke access when employees leave the organization when deprovisioning can be done with a single click. This also secures cloud apps against unauthorized access.

In a very real way, identity is the new firewall. When the device is secure against unauthorized logins, business-critical apps and data are as well, whether housed on-premises or on the cloud. Secure identity and access with an IAM you trust – like Akku, the premier IAM. Contact our experts today to discuss how to get started.

6 Password Policy Management Best Practices for a more secure IT environment

Remote working has impacted the world of cybersecurity in multiple ways. Remote workers are often not protected by enterprise-level security and so are more prone to cyberattack. The FBI reported a 300% increase in cybercrimes since the pandemic began, and remote work has increased the average cost of a data breach substantially.

Employees working from home are also distracted –

“47% of remote workers cited distraction as the reason for falling for a cyberattack.”

In other words, if you do not have a plan in place to mitigate these risks, you are setting yourself up for a potentially devastating cybersecurity breach.

One simple way to protect your organization from breaches is to apply a strong password policy at all levels of the organization, and enforce it by implementing a secure password policy management solution (PPM).

Here are some password policy best practices you may find useful.

1. Increase password length and strength

Brute force attacks try all possible combinations of characters to arrive at the password. A 6 string password with only upper or lower case letters can be cracked in 8 seconds. An 18 character password with upper and lower case letters, numbers and symbols can take 1 quintillion years to crack! By adding a special character, combining both upper and lower case letters or adding numbers, encryption can be much more secure.

Image Credit: ghacks.net

The full strength of the Advanced Encryption Standard (AES) comes to bear when users create passwords of 32 characters for 128-bit encryption and 64 characters for 256-bit encryption. However, passwords of around 10 characters are strong enough for most applications.

2. Simplify as much as possible

A password made of only numbers has 10 options for each character in the string, one made of numbers and letters has 36 options, and if you include special characters that adds another 32 possible characters for each spot in the string. This makes it more challenging for brute force attacks to be successful. Complexity in terms of the kind of characters that can be used in the password is, therefore, an advantage.

However, do not mandate the usage of these different kinds of characters. This can lead to frustration and reuse of the same password with minor character substitutions (P@ssword or Passw0rd, for example). This is especially the case when the policy also demands frequent changes of password. If the old password is compromised, such minor variations will be relatively easy to guess, too.

To mitigate this risk, don’t mandate the use of special characters and reduce the frequency of mandatory password reset to approximately once a year. A long password using only lowercase letters is more secure than a short one which is a variant of an older password.

3. Do not allow password reuse

Do not allow reuse of earlier passwords during periodic password reset to increase security. Train your staff not to use minor variations of their earlier passwords, and instead look for completely different passwords.

Also train staff on the risks of reusing passwords across home and work accounts. Password reuse results in a huge surge in credential stuffing attacks. If any service is compromised and your password and username are stolen, hackers could use the same credentials to try and hack your other accounts. Each account must therefore use unique credentials to maintain security.

4. Reinforce passwords using multi-factor authentication (MFA)

Multi-factor authentication uses a combination of things you know, such as a password or PIN; things you have, such as a badge or smartphone; and things you are, such as biometric data, to authenticate your right to access a particular system, data or application.

Enabling MFA ensures that even if a password is stolen, the system is not compromised.

5. Use a secure password manager

Many users find it difficult to remember their passwords for multiple online services, and so either use a single password for all, or, worse, save all their passwords to an unreliable password manager.

If you do opt for a password manager, choose one that is highly secure, in order to mitigate the risk involved. Most IAM solutions will include a password manager or, with Single Sign-on, completely do away with the need for multiple passwords. A single secure password is enough to log on to your IAM and access your applications and data.

6. Use an IAM application for Password Policy Management (PPM)

It’s one thing to lay down rules for password policy across the organization. It’s quite another to enforce the policy. An Identity Access Management (IAM) application can help you ensure that all your users consistently comply with a high standard of security while setting their passwords, without the need for a separate password policy enforcement tool.

Administrators can customize and define password policy for all users in the organization. You can also specify upon whom the policy should be enforced, based on the users’ access level. Password policies can of course also be defined as blanket rules.

A common perception is that the risks associated with breached passwords do not apply to your organization as you have secure systems. But your organization’s data security is only as strong as the weakest password of your users. In 2020, 770 million credential stuffing attacks occurred. That means that if your employee’s personal passwords are compromised, and they have reused the same password at work, your data is compromised too. Worse, 17% of all sensitive files are accessible to all employees, and about 60% of companies have over 500 accounts with non-expiring passwords.

Implementing a robust Identity and Access Management (IAM) solution brings you several steps closer to protecting your user credentials and corporate data. Worldwide, cybercrime costs will hit $6 trillion annually this year. Don’t let your organization succumb to a Data breach! With these simple steps, you can stay safe with multiple layers of data protection. Allow our team at Akku to help you secure your systems.

IAM as the Solution to Healthcare Sector Challenges

Healthcare organizations are unique in the volume and sensitivity of information that they hold. Reports say that healthcare is among the 5 most cyber-attacked industries over the past 5 years.

The 2020 Breach Barometer published by Protenus reports that in 2019, more than 41 million patient records were breached, and around 40% of the respondents surveyed in Europe and the U.S. were concerned hackers would breach their digital data.

The importance of bolstering cloud security in such an environment is therefore vital, and deploying an Identity and Access Management (IAM) system can play an important role in this process.

Here is a look at some of the key challenges facing the healthcare sector, and how an IAM could help to overcome them.

#Challenge 1: Enabling easy but secure access

Very often, breaches of patient data occur due to a lack of caution on the part of patients themselves, with the use of easily compromised passwords. This applies equally to healthcare providers too, with the need to access multiple applications, and therefore, the need to memorize multiple passwords.

The IAM Solution:

Enforcing a strong password policy can help ensure that patients and providers alike set strong passwords that are more difficult to breach. Additionally, by enabling multi-factor authentication (MFA), an additional layer of security is added above the password. And to make things easier for providers, bringing all applications onto a single platform to provide them with a single point of access means that just one set of credentials is all that they need to remember.

# Challenge 2: Compliance with regulations

Healthcare is a highly monitored industry and there are certain established regulations to follow. For instance, in the USA you have the Health Insurance Portability and Accountability Act (HIPAA), as well as newer industry-specific regulations like Electronic Prescribing for Controlled Substances (EPCS), for which compliance is non-negotiable.

These newer regulations call for adherence to certain prescribed standards of data security along with detailed audit capabilities.

The IAM Solution:

With an appropriate IAM solution, compliance requirements can be largely met through strong data encryption, implementing standards-compliant password policies across users, providing only the minimum necessary access to users, and comprehensive logging of every user action across applications and data points.

# Challenge 3: Driving digital transformation

COVID-19 has accelerated the speed of digital transformation, with the healthcare sector right at the center of the revolution. Telemedicine, Patient Access Management, and a host of other new requirements, each need control over a number of identities and access entitlements.

The healthcare industry is under growing pressure to adapt to changing business models and technology innovation, as there is an ever-increasing need to protect access to sensitive data.

The IAM Solution:

With features like single sign-on, IAM offers an integrated approach to patient care, enforcing security and compliance capabilities to increase efficiency. In order to support the new digital-first world of healthcare, therefore, IAM has become a necessity rather than an add-on.

Clearly, IAM is the need of the hour in the healthcare industry. And Akku, the powerful and flexible enterprise cloud control solution created by CloudNow helps to facilitate identity and access management across your healthcare enterprise’s cloud environment. Talk to us today to discuss how Akku may be able to help with your compliance requirements.

Identity and Access Management Challenges in the Education Industry

The education industry faces unique identity and access management challenges; different education systems have specific IAM needs that depend on their environment. The central challenges include: Continue reading Identity and Access Management Challenges in the Education Industry

Access Management Across Different Devices and Browsers

In today’s technology ecosystem, a strong foundation for authorization plays an important role in the overall data security of a company. Controlling each user’s access to data, and monitoring this across devices and browsers is essential to your enterprise’s security.

Implementing a strong device policy is an integral aspect of data security

With a strong device policy in place, it is possible to exercise highly granular control over which of the company’s applications, information, and data your employees can access– through the company’s devices, as well as through their personal devices. Continue reading Access Management Across Different Devices and Browsers

Exploring the Difference Between Identity Management and Access Management

Only a small percentage of people across industries understand the difference between Identity Management and Access Management. The two concepts are certainly related and intricately interwoven, but they are still distinct in meaning and function.
Continue reading Exploring the Difference Between Identity Management and Access Management

Managing Identity and Access in the Workplace

Identity and access management, sometimes simply known as identity management, refers to the IT function of maintaining security through the management of digital identities. In a workplace, this includes provisioning employees with accounts to all applications and platforms they will be using for their official tasks, assigning them with the right kind of permissions to each of these applications/platforms, and making sure that the right people have the right access to the right resources and data. Continue reading Managing Identity and Access in the Workplace