Author: Dinesh Harikrishnan

Dinesh is a results-driven sales leader with a proven track record of scaling revenue, building high-performance teams, and forging strong client relationships. As our VP of Sales, he brings deep industry expertise, a strategic mindset, and a passion for driving growth through innovative, customer-focused solutions.

Healthcare Data, HIPAA Compliance, and Akku

The Health Insurance Portability and Accountability Act (HIPAA) has been effective in the USA since 1996. 

The Act actually has five different section titles, namely Health Insurance Reform, Administrative Simplification, Tax-Related Health Provisions, Application and Enforcement of Group Health Plan Requirements, and Revenue Offsets – however, the mention of ‘HIPAA Compliance’ most often refers to compliance to the second title – Administration Simplification. 

This is the most challenging aspect of the HIPAA Act, as it comes with strict regulations on protecting the data of patients in an industry that is often a major target for data breaches and malicious activity. Identity and access management across applications used in a healthcare facility, therefore, becomes critical to HIPAA compliance.

Here’s how Akku can help in ensuring data privacy and preventing both outsider and insider attacks on patient data, and, ultimately, compliance to HIPAA’s stringent regulations.

Protecting your data

  • Akku strengthens security around the login process by allowing you to set up and enforce a strong password policy as well as multi-factor authentication to reinforce password-based security
  • It also employs a custom salted-hash encryption methodology – a combination of salting and hashing techniques – for user credentials and data

Preventing unauthorized access

  • Akku allows you to exercise tight control over which users have access to what applications and data, so that access is not available to users who may not require it
  • It prevents accidental and malicious data breaches by allowing access to applications only from whitelisted network IP addresses and devices
  • The system also automatically blocks suspicious access attempts at abnormal times or from unexpected locations, and also enables the set up of time-based and location-based restrictions

Ensuring privacy and accountability

  • Every Akku implementation is set up independently in a separate server instance, so privacy on the cloud is ensured
  • Akku provides administrators with complete visibility by maintaining detailed logs maintained for every activity taking place across the apps and in the server

Beyond HIPAA

In addition to helping your healthcare facility become HIPAA compliant, Akku also makes it easy to set up integrations across your Hospital Information System (HIS), Lab Information System (LIS), Patient Management System (PMS) and more. This, in turn, improves collaboration between various departments and enhances overall productivity.

To know more about Akku’s complete set of features and their specific benefits to your facility, contact us today!

Akku Vs. Okta – Understand Before you Choose

Akku and Okta are both highly efficient cloud security solutions that strive to help companies manage and secure user authentication on applications in their network, and to transform their customer experiences. Here are a few key differences between the features of Akku and Okta. 

Single Sign-on

Akku’s requires only a one-click login for universal login access for all applications. This ensures both high security and productivity.

Okta’s one-click authentication has made user login process 50 times faster. This user-friendly and customizable feature uses OTP to access to 5,500 pre-installed applications, ensuring direct navigation. 

Multi-factor Authentication (MFA)

Akku’s MFA is simple, inexpensive, and easy-to-use. It provides multiple layers of security to the sign-in process using Time-based OTP (TOTP) and push notification. The former generates passwords every 30 seconds while the latter generates notifications to authorize login attempts.

Okta’s MFA is secure, simple, and intelligent. It verifies access using user’s knowledge, possession, and biometric factors instead of passwords. It also generates security questions, OTPs, and push notifications for a user’s authentication.

Content Filtering

Akku offers a customizable content filtering feature that ensures high productivity across your organization while improving network security. This functionality prevents employees from accessing and browsing irrelevant websites during office hours and prevents distractions and aids in providing secure network access.

Akku prevents your employees from accessing irrelevant YouTube videos which can affect employee productivity and blacklists their personal email id from being accessed using your network or systems.

Okta, unlike Akku, does not provide any content filtering features.

Time- and Location-based Restriction

While providing access to users anytime from anywhere is necessary, it is important to make sure that this feature does not compromise on security. With Akku’s time- and location-based restriction feature, security will always be on guard to restrict unusual user activities. It also restricts access to your network from specific geo-locations to prevent potential security breaches.

Okta does not offer standard products that provide time- and location-based restriction capabilities.

Password Policy Management 

Through this feature, Akku allows you to set a minimum requirement for password standardization. This prevents anyone in your organization from possibly setting weak or easy-to-hack passwords. This also allows for password consistency across your organization.

Okta comes with a password policy standardizer which is similar to Akku’s.

Internal Communications

This feature ensures end-to-end communication between the management and the employees. This feature sends push notifications to the employees for each announcement. These notifications appear as soon as a user logs in, to ensure he does not miss any information. To ensure a response from the employee’s side, it restricts action until he has read and replied to the message. This also helps you in ensuring standards compliance across your organization without any gaps.

Okta does not have a well-structured internal communications system like that of Akku.

Akku, a product by CloudNow Technologies, is a robust identity and access management solution that helps improve data security and productivity and ensures transparency and control in tandem. For the modern organization, it is crucial to maximize security, compliance and productivity across your organization and Akku’s features are specifically built around that purpose. Contact us today to know more about how Akku can help you secure your network.

All the information presented in this article is accurate as of May 5th, 2019.

To Implement or Ignore: MFA for Custom Apps & Websites

Multi-factor authentication (MFA) is one of the most highly recommended security measures in this age of brute-force attacks, data breaches and other such cyber attacks. And while some off-the-shelf SaaS applications may already come with a built-in MFA feature, when it comes to a custom-built application or website, businesses have to make the tough decision between reinforced security and the high cost at which it comes.

Continue reading To Implement or Ignore: MFA for Custom Apps & Websites

The Problem with SMS-based Authentication

As mobile phones became more sophisticated, their usage shifted from being communication oriented to application oriented. But phone numbers were never intended to be used as secure identifiers – their purpose is to simply act as subscriber identifiers during call routing. When applications use phone numbers in their login processes, it can give attackers and hackers an advantage.

Here are a few ways in which your OTP can be intercepted by hackers:

  1. Man in the Middle attack

This is a type of eavesdropping attack in which a hacker places himself as a proxy or relay between the OTP sender and receiver. For the sender and receiver, the communication will seem like it is happening only between those two, whereas it is actually passing through an impersonator. Black hat hackers often hack into financial websites and place high-level codes which will allow them to intercept messages between banks and users, making it convenient for him/her to access an account.

  1. Malware attack

Ready-to-download malware which can easily hack into a user’s mobile devices are available online. In addition to grabbing your SMS content, these can also access other areas of your phone like your gallery and directory to extract more personal information. In fact, a few of these malware are disguised as mobile applications like fitness trackers, timers, alarm clocks, etc.

  1. SIM cloning attack

Investigative agencies use SIM cloning attacks to monitor and track suspects. However, SIM cloning modules are easy to find and purchase by anyone if they look hard enough. Using this, a user is cut off from his/her mobile network and calls and messages are redirected to the new SIM in the attacker’s phone. To carry out a SIM cloning attack, the SIM being cloned has to be of the GSM type.

  1. SMS-C hack attack

All messages are required to pass to SMS-C servers placed in a mobile service provider’s network. Only after being processed by the SMS-C servers is the message transmitted to a mobile phone. If hackers manage to hack SMS-C servers, they can very easily gain access to all the messages entering and exiting the network. SMS-C servers are often protected by high-end security solutions which are hard to break through. However, it is not impossible.

  1. Brute force attack

In brute force attacks, any and all combinations of numbers are tried to get the right OTP. If the number of entries is limited, brute force attacks can become ineffective in gaining access to an account, simply due to the number of combinations available. It also helps if the OTP is 6 digits instead of 4 digits as the combinations required to successfully execute a brute force attack increases by a factor of 100. Due to such a poor success rate, brute force attacks are not preferred by hackers.

For organizations, there is no reliable way of finding if your employees’ numbers have been compromised. To ensure that your network is secure, we suggest looking for a less-risky option for authenticating your users. You could go for an improved multi-factor authentication method like using the biometrics of a person to verify his/her identity. While there are more sophisticated attacks which can hack a biometric authentication system, it would be almost impossible to recreate a person’s thumbprint or retina blood pattern.

With Akku from CloudNow Technologies, you can easily create a fool-proof identity and access management system by integrating multi-factor authentication using biometric scanners in your login process. To make a significant improvement to your network security by enforcing biometric multi-factor authentication, get in touch with us now.

3 Important steps to improve network security against brute-force attacks

A brute-force attack is a type of cybercrime which involves automated hacking activity using bots. The primary aim of a brute-force attack is to crack a password in order to gain access to a user account in an unauthorized manner. Using the automation tool, an attacker repetitively attempts different alpha-numeric combinations at considerable speed – thousands per second – until the user’s password is determined and the account is unlocked.

With the advent of the cloud and the rapid innovations in technology, a brute-force attack has emerged as one of the most common types of outsider attack against web applications.

Here are three steps that will go a long way in improving the security of your network against brute-force attacks:

Enforce a strong password policy

A password is the first line of security when it comes to preventing unauthorized access. A strong password policy, therefore, can ensure that your users set up passwords that are strong and not easily compromised. Here are some important aspects you can regulate by setting up a password policy:

  • Password Length

A brute-force attack typically works by continuously trying every possible combination using numbers, letters and special characters. The shorter the password length, the fewer the combinations and the easier it is to crack. If the password length is known (or is fixed), again, it becomes easy for the attacker to attempt combinations of that particular length, although it will take longer depending on its length.

  • Password Complexity

A dictionary attack is a subset of the brute-force attack, which attempts to crack a password by trying all English words and then trying them with multiple combinations of other words and numbers. If users are setting simple passwords because they are easy to remember, they will also be easier to crack.

  • Password Expiry

Periodically, the system must prompt the user to change their password so that any possible ongoing attack can be effectively guarded against. Moreover, this practice will also mitigate undetected breaches of privileged accounts.

Use multi-factor authentication

Multi-factor authentication puts an additional layer of security between the brute-force attacker and your data. With MFA, even if the password has been correctly identified by the bot, the attacker will be unable to proceed because the system will require either an OTP or a confirmation from a different device (such as a smartphone app).

Another way to set up an additional layer of security at the login point would be to use a captcha – a box showing warped text or images and require manual entry of a response. This will effectively keep out a bot that is executing automated scripts.

Set up an account lockout policy

Set up a policy wherein you can detect and block suspicious login attempts. Locking an account after three failed login attempts, or attempts to login from a different country or an unlikely hour can prevent intruders from entering into the system. To resume work, the authorized user will need to seek administrator intervention to unlock the account.

You can also set up a progressive delay lockout wherein an account is locked for a fixed period of time after a certain number of failed login attempts. The lockout period can progressively increase with the increasing number of failed attempts and helps keep out brute-force attack bots long enough to make them ineffective.

Akku is an Identity and Access Management (IAM) solution that comes equipped security features to accomplish all the steps described above. Whether you are working with cloud-based or on-premise apps or a combination of both, Akku can help you protect your data from brute-force attacks. Contact us today.

Protect your Business from Privilege Abuse with IAM

Privilege abuse – that is the security threat that your business’s IT team is most worried about. According to a survey conducted in March 2014 among more than 4000 IT security executives, over 88% of them fear that users who have access to the organization’s applications and data are the ones who are most likely to compromise it and lead to a security breach.

Privilege abuse, or privileged user abuse, refers to the inappropriate or fraudulent use of permitted access to applications and data. This could be done, either maliciously, accidentally or through ignorance of policies. In addition to causing financial losses, such insider breaches also damage the organization’s reputation, sometimes irreparably.

Continue reading Protect your Business from Privilege Abuse with IAM

Why data breaches happen & what you can do to stop them

War seems to have taken a new form in the Information age. Large corporations have reported increased data breaches in the last couple of years and the number is all set to increase in 2019.

Continue reading Why data breaches happen & what you can do to stop them

DNS Filters for a Safe, Compliant, Productive Workplace

Domain Name System (DNS) is an addressing system used by the internet through which domain names are located and translated into internet protocol (IP) addresses. When a user attempts to access a website through an internet browser, a DNS query is performed. The DNS server matches the request to the respective IP address of the domain and responds to the query by loading the requested web page on the user’s browser.

So what is DNS Filtering? It is a technique by which access to specific websites, web pages, or IP addresses, can be blocked or permitted. If a DNS filter is in place, the IP address being returned from the DNS server will be checked before it is permitted to load on the user’s browser. Therefore, DNS filtering ensures that the user is protected from online threats like viruses, malware, ransomware, and so on. DNS web filtering can also be used to block inappropriate websites and web pages that the user may be searching for, especially at the workplace.

Continue reading DNS Filters for a Safe, Compliant, Productive Workplace

IAM using SSO and Federated Identity Management

Identity management encompasses several operational mechanisms for managing users across a large system or network of applications. Two of the most prominent of those are Single Sign-on (SSO) and Federated Identity Management. Due to its evolving nature, identity and access management has several terms thrown around ambiguously. Even among developers, major differences are often missed while talking about federated identity and SSO. In this article, we aim to break down the difference between the two.

Continue reading IAM using SSO and Federated Identity Management