When large organizations like LinkedIn, Twitter and Facebook report password hacks, it throws some light on how vulnerable current systems are, as well as the need for multi-factor authentication. However, multi-factor authentication is shrouded in myths that may prevent organizations from adopting it.
Best practices and common sense dictate that we use unique, hard-to-guess passwords for each application that we use. However, most of us place convenience over security and give in to the worst password habit – using a single, easy-to-remember password across all our applications. This is simply because of the management of multiple passwords, each following different password policy rules, can be difficult. The problem with this approach is that our single password if hacked or even guessed successfully, can be used in a credential stuffing attack to gain access to several of our personal accounts. Continue reading Web Authentication – The Future of Going Passwordless
WebAuthn (Web Authentication API) is a global standard specification for secure authentication on the Web, formulated in 2018 by the World Wide Web Consortium (W3C).
This browser-based API allows user authentication on web applications through the creation of strong “credentials” and user-agent-mediated access to authenticators. This could be either in the form of hardware tokens (like U2F security keys) or in-built modules (biometric readers like Google Hello, Apple Touch ID) in the platform. Web Authn has garnered the support of all leading browsers like Chrome, Firefox, and Edge, and is compatible with all leading platforms.
How does WebAuthn Work?
With WebAuthn, a relying party (such as web service) can integrate a strong layer of authentication into applications with a choice of authenticators. It replaces the need for a password with the generation of a private-public key pair (credential) created for a website. While the private key is stored on the user’s device, the public key is generated randomly and shared with the server. The server then uses the public key to confirm the user’s identity.
The following steps are involved in WebAuthn:
The user opens a website using their device
On the request of the web service (replying party) through the Credential Manager API, the browser generates a new credential, specifying the user’s device capabilities.
During the registration process, the user is offered multiple authentication options. This may vary from external authenticators to biometric authenticators like fingerprint analysis or facial recognition.
Choosing any of the authenticators offered, the user completes the registration process.
The authenticator generates a key pair (a public and a private key) – the public key is forwarded to the server, the private key is stored in the user’s device
Why use WebAuthn?
The public key and private key, both need to be used in conjunction. Therefore, by eliminating the need for a “secret” such as a password, WebAuthn drastically improves data security and prevents data breaches. Even if the public key is hacked, it will not function without the private key – which is stored in the user’s device – and becomes useless.
These are some of the scenarios in which WebAuthn can be useful:
While it is natural to feel apprehensive on the cloud, especially if you are new to it, remember that there are a number of ways to stay in control of your organization’s applications and data, even while ensuring that authorized users can access them with greater ease.
A password is the first and most basic level of security you can apply to protect your applications from unauthorized access. However, with several hackers and bots lurking on the internet, a password is also vulnerable to attack. With the provision to set up and enforce a strong password policy, Akku allows users to only set up strong, complex passwords that are difficult to crack.
2.Adding multiple layers of security
If your business relies on highly sensitive data, you need to protect it with more than just your users’ passwords. Akku’s Multi-factor Authentication (MFA) functionality does just that, integrating a powerful additional layer of security into the sign-in process. If this functionality is enabled, Akku demands users to reconfirm their identities by using a TOTP or a push notification.
3.Enabling admins to set up restrictions
Typically, a cloud application can be accessed from anywhere and at any time. This, while being one of the biggest boons of cloud computing, can also be a potential threat. This is why, Akku enables administrators to set up restrictions — to limit access to one or more critical applications outside of a certain time slot or location, or even from unrecognized IPs or devices.
4.Preventing suspicious logins
In addition to enabling administrators to set up tailored restrictions for each user based on time, location, IP address and device, Akku also detects and responds to suspicious and unusual user activity. For example, if a user has logged in from two different countries (one familiar, one unfamiliar) within a matter of minutes or hours, access will be denied.
5.Keeping admins in control, remotely
Akku comes with a smartphone application which enables admins to receive notifications and alerts, even when they are not in the office. Moreover, with one-click access to their dashboard, they can view or review user activity as well as provide, edit or revoke access and permissions to users.
6.Encrypting all data
Akku comes with custom salted-hash functionality – a combination of salting and hashing techniques – that is used to encrypt user credentials. This way, even if users are accessing your organization’s applications form unsafe or open networks, the data is kept safe in an encrypted format.
7.Maintaining filters for company-owned devices
Akku protects your company-owned devices from malicious content by enabling you to maintain DNS filters – blocking personal email, irrelevant website access, and YouTube filtering – even when the device is being used from a network outside the organization’s firewall.
Akku is a robust, flexible identity and access management (IAM) solution that can help your organization leverage the cloud without worrying about data security, privacy, compliance with standards, and productivity. To know more or to see how Akku can be integrated with your organization’s applications, get in touch with us today!
As organizations increasingly place their data and applications across multiple locations on the cloud, zero trust security is rapidly gaining ground as the network security model of choice among enterprises.
Zero Trust Security is a security model in which a user, irrespective of whether he/she is within or outside the network perimeter, requires an additional verification to get access into a network. There is no particular technology or software product associated with this security model. It simply requires an additional security layer to verify users. This could be anything from biometric verification like thumb-print scanning, or a digital signature verification. Of the two, biometric verification is preferable as it can neither be recreated nor hacked.
Traditionally, organizations have been using what is referred to as the castle-and-moat approach to network security. In this model, the network is the ‘castle’ which is protected by security solutions as a ‘moat’. With this approach, part-of-the-network users were blindly trusted and allowed to enter the castle. However, as companies grew, their data and applications grew with them and the need to split them and store them in multiples silos rose. It also became easier for hackers to gain entry into a “protected” network by accessing a single user’s credentials.
Instead of the castle-and-moat model, adopting the zero trust security model and adding an additional layer of security to a network has been shown to prevent instances of data breaches.
Principles behind zero trust security
1. Trust no one: The model assumes that all the users of the network are potential attackers and hence, no users or systems are to be automatically trusted.
2. Least-privilege access: The users are given access based on a need-to-use basis and nothing more. This can eliminate each user’s exposure to vulnerable parts of a network.
3. Microsegmentation: The entire network is split into segments, each with its own authentication process.
The network of an organization is its gold mine and most organizations are increasing their spend on network security. Implementing a zero trust security model can go a long way in protecting your network from breaches.
Akku from CloudNow is an intelligent security solution which helps you enforce a zero trust security policy. To know more about its features and how it can benefit your organization’s network security, get in touch with us now.
On average, every person has 7.6 accounts – that’s a lot of user IDs and passwords for an individual! Remembering the user ID and password for all these accounts is obviously very cumbersome, and third party service providers have capitalized on this to provide password management services. A password manager is essentially a single repository for all your credentials. Two very popular password managers are LastPass and Dashlane. These are applications which will store your credentials in a “secure” database. However, they haven’t been spared by hackers, who breached their security to get access to thousands of user credentials.
Governments across the globe rely increasingly on technology today to serve their citizens better. But with the rapid evolution of technology, it is often a struggle for the different departments of government to keep up. This happens due to insufficient funds, security concerns or simply a lack of motivation to meticulously plan and implement the move.
Of these, security is the most critical consideration, since government agencies and departments are possibly the first line of defense against any cyber attack. This is especially true when it comes to government entities wanting to migrate their operations to the cloud.
Cloud Security Concerns
The United States of America has been one of the first few countries to understand the advantages and scalability that cloud computing offers and has already migrated over half of its government operations to the cloud. But what is holding back ALL governments from fully embracing the cloud? And what can be done about it?
When a cloud network is accessed remotely, the security measures kept in place at the end user’s system determines the security strength of the entire cloud network. This means that governments have to not only have iron-clad security for their data stored in the cloud but also ensure that individual devices which access the network have equally strong security protocols in place.
Solution 1: Identity and Access Management
One way to go about resolving the issue would be to decrease the complexity involved with cloud access and operations. Usually, when there are several applications hosted on the cloud, its users are required to remember several sets of credentials to access them. This leads to setting of simple passwords, which in turn leads to an easy to hack security. An Identity and Access Management or IAM solution can be deployed across the cloud network so that the users need to remember only a single set of credentials for all the applications they are authorized to use.
Another advantage of protecting your network with an IAM solution is that in case the device gets stolen or lost, it is easy to remotely delete an account, making it almost impossible for an outsider to enter your network.
Solution 2: Device and IP based Restriction
A security solution which comes with provisions for device and IP based restriction allows only access to a cloud network only from whitelisted devices and IP addresses. Any attempt to access the network from an IP address or a device that has not been explicitly whitelisted is simply rejected, and the admin of the network is notified. This serves to identify potential breach attempts, based on which improvements to cloud security measures may also be taken up.
Solution 3: Password Policy Enforcement
A cloud network’s security is only as strong as its weakest password. If a cloud network does not have a Single Sign-on solution in place, it means that every user has to remember as many passwords as the number of applications he/she is allowed to access in the cloud network. This means that for the ease of remembering the passwords, users tend to set weak and easy to hack passwords. Implementing a strong password policy will ensure that all the passwords used to access a cloud network comply with a specified minimum standard.
Cloud security solutions come in several architectures and platforms. But when it comes to critical data of a nation’s citizens, and the systems used to access that data, only the best solution is safe enough.
In general, a certificate is a means of creating evidence. In the domain of identity and access management, a certificate creates evidence in the form of a digital signature to verify the identity of an individual, a company, or other entity, and associates that identity with a public key.
Like a driver’s license or passport, a certificate provides a generally recognized proof of a person’s identity. Certificates have one main purpose: to establish trust.
Authentication is the process that verifies that a user is who they say they are. So a certificate makes authentication more efficient because the identity cannot be changed.
By enabling the certificate-based authentication, it is possible to reliably evaluate the user’s right to access the requested resource.
How does it work?
First, the user enters their private password.
The client receives the private key, and creates an evidence – in this case, in the form of a certificate or digital signature.
Now, the client sends the evidence through a secured connection across the network.
The server uses the evidence to authenticate the user identity.
Finally, the server authorizes the evidence and allows access.
This brings us to the question of how to implement a certificate-based authentication in your organization.
Akku by CloudNow is a powerful and secure identity and access management solution that uses certificate-based authentication to control user identity and secure access to your environment. Learn more at www.akku.work
Cloud technology has broken several operational barriers to make remote data access easy. It allows you to scale your business with minimal cost while securely holding business-critical data and applications. But with all these advantages comes a catch – managing personnel access for all the applications and files in your network has become increasingly cumbersome.
Why does your organization need an Identity and Access Management Solution?
Managing the credentials of all your employees across all the verticals of even a small to mid sized organization is time-consuming. It can drain the productivity of your company’s Human Resource and IT management teams. They are valuable resources who could otherwise focus on their core competencies to help you grow your business.
In addition to this, securing your network from breaches and other threats can be challenging with so many people accessing your cloud from various devices and locations. If your network is compromised, all your critical business data is compromised along with it.
A strong Single Sign-on (SSO) function is at the heart of an IAM solution. The first step in implementing an SSO is to determine and streamline the role of the identity provider (IdP). The IdP is responsible for bringing all the applications and data on your cloud network to a centralized platform. From this platform, access and identity services are managed through a customized Security Assertion Markup Language (SAML). When a high end, customizable SAML is integrated with your enterprise cloud network, it can result in a secure Single Sign-on solution.
With a cloud SSO setup, you can provide each member of your organization with single login credentials for any or all the applications in your cloud network. With your own powerful Identity Provider, you can redirect all access authentications to a safe and fast network. With this setup in place, it is possible to consolidate a single node in your network to control access to your entire organization’s cloud network.
Features of an IAM System
With an efficient Identity and Access Management system, you can accomplish so much more than just rudimentary monitoring of your cloud network. It will come with a well rounded set of features which allows you to control your cloud in a convenient platform. If your network is fitted with a powerful cloud IAM solution, it will automatically come with provisions in place to handle password standardization and multi-factor authentication frameworks.
Allocating a single set of credentials for your employees to access relevant data and applications is made easy by implementing an SSO solution for your cloud network. As the admin of your network, it also becomes simple for you to handle access operations in a single dashboard. In addition to this, if the need arises for a user to be removed, it can be done in a few short steps instead of removing access individually for all your applications. When all of this comes together seamlessly, it results in improved productivity across your organization.
Sometimes, in spite of the password protection measures you have implemented to secure your cloud, you might feel the need to bring in an additional layer of security to protect all your critical business applications. When that need arises, a well structured IAM solution allows you to keep in place, a multi-factor authentication system. It ensures that your system is insulated against remote attacks and prevents unauthorized access from getting a foothold in your secure network. This will enable you to extract data from TOTPs, thumbprint scanners or even Yubikeys and verify the users accessing your cloud network.
Password Policy Enforcement
Another challenge faced while trying to secure a cloud network is the varying standards of all the passwords of all the users who access it. The difference in standards can make breaches easier to happen and there rises a need for standardization of all the password credentials issued to the users of your cloud. But with an IAM solution, you can set the minimum standard required to set a password. With an effective password policy enforcement, you can rest assured that all your critical data is protected irrespective of the number of service providers you are associated with. It consolidates all the applications on your network under a single identity and verifies that all the passwords required to access your network comply with PCI and ISO/IECt standards.
Securing your cloud with an effective Identity and Access Management solution can empower you to control identity and access across your cloud environment. In addition to this, an IAM solution helps you improve data security, privacy, standards compliance, and productivity.
Identity and Access Management (or IAM) solutions – also known as Identity Management (IdM) solutions – form a critical component of an enterprise’s IT security. And when used with cloud-based applications, they form part of a powerful cloud security set up too.
In simple terms, an IAM helps to control which users can access what data, as well as from where and when this access is permitted.
So how does an IAM work?
In any Identity and Access Management solution, one of the core concepts at play is that of an Identity Provider (IdP). The IdP brings all of the enterprise’s cloud-based application on to a common platform from where identity information can be managed and authentication services provided through the use of a Security Assertion Markup Language (SAML).
Through this process, it becomes possible to establish a single point of control across all of an organization’s cloud applications, and to provide a single point of access to all users, in the form of a Single Sign-on (SSO) – one of the fundamental functionalities of an IAM.
What features do IAMs offer?
Most IAMs offer some or all of the following features:
Enables administrators to provide each user with a single login to access any or all of the local and cloud applications used by the organization.
Provides a powerful additional layer of access protection through a TOTP or other methods.
Password Policy Enforcement
Enables enforcement of a custom password policy across the organization, to comply with statutory (or the company’s own) security standards.
Is Akku an Identity and Access Management solution?
Akku is indeed an IAM solution, but it’s also so much more. It brings to the table all the security and access restrictions that a standard Identity and Access Management solution has to offer, along with several additional features to boost security and productivity across your cloud environment: