Can an IAM solution prevent Credential Phishing?

The most common misconception regarding credential phishing is that it is people-driven and not organization-driven. Therefore, organizations tend to underestimate the impact it can have on them if even one of their employees is a victim of credential phishing. We suggest reviewing your entire security strategy to ensure that you are protected against phishing. 

Here is everything you need to know about credential phishing attacks.

Continue reading Can an IAM solution prevent Credential Phishing?

User Lifecycle Management made easy with Akku

The employee lifecycle is an HR model that identifies the different stages an employee goes through during his/her stint at an organization. Employee lifecycle management, therefore, involves the steps taken by HR in optimizing the flow of the cycle. Typically, the employee lifecycle involves the following stages: recruiting, onboarding, training and development, retention, and offboarding. 

In modern organizations, where the employee is also a user (of one or more applications), a similar user lifecycle begins at the onboarding stage and continues until the employee exits the organization.

When it comes to the efforts involved in the user lifecycle management, both the HR and the IT teams have roles to play. The process involves creating user accounts and user roles, assigning permissions, setting up custom restrictions, continually monitoring user activity, modifying user roles, keeping employees compliant, disseminating mandatory and relevant training material, and finally, removing access when they offboard.

Here’s how Akku can make user lifecycle management easy for you:

Onboarding

With Akku’s single sign-on admin dashboard, multiple user accounts to different applications can be created and assigned to a single set of credentials for the user, all in a few clicks. Through this dashboard, user roles and permissions can also be assigned easily, saving time and improving efficiency at the onboarding stage. 

With Akku for user lifecycle management, the organization can ensure user account provisioning on the employee’s very first day at the organization so that new employees can hit the ground running.

User Management & Usage Analytics

Akku provides administrators with granular control over user access to data and apps. When employees are promoted or moved internally within the organization to newer roles, it only takes minutes to reassign permissions to existing apps or add new apps into the employee’s kitty.

By checking a user’s real time access and use of each assigned application, Akku also helps to reassign permissions or remove accounts that may not be necessary for a particular user. Akku also allows IT to more easily conduct audits by keeping an audit trail in reports that specify when users were provided or revoked certain levels of access and who has assigned these permissions.

Compliance & Communication Management

Akku enables you to keep your users updated, well trained and compliant through effective communication with its Internal Communication feature. Through this feature, HR and IT administrators can share information and updates, either addressing them to all users within the organization or with specific departments alone. The same feature can also be used to disseminate training material to upskill and qualify users for a future-ready workforce.

Not only does Akku help in disseminating information and training material, it also allows for tracking user viewing and consumption of these communications.

Deprovisioning

During the course of an employee’s stay at the organization, he/she may have accessed and used different corporate applications. When the employee leaves the organization, it is critical to revoke access to all of those applications promptly. If this activity is missed, even for a single account in a single application, the organization is risking compromise and misuse of organizational data.

With Akku’s single sign-on dashboard offering a complete and comprehensive view of all accounts and applications accessed by a user, deprovisioning of access to all of them is only clicks away. 

Akku offers a comprehensive solution to corporate identity lifecycle management. To know more about the features and applications of Akku, get in touch with us today!

What is Continuous Authentication?

Technology users today are spoilt for choice when it comes to the types of devices and the variety of platforms through which they can stay connected to work and social groups. They can access their accounts from simply anywhere and at any time, as long as they can authenticate their identities.

However, the process of authentication as we know it has remained largely static – the user provides the system with their credentials at the time of access, the system matches it against its database of user data and provides the user access to the network on successfully validating their credentials.

Continuous authentication brings in a new approach to network security, and the reception it has received goes to show the importance companies attach to their security today. Continuous authentication can help your organization protect itself from ‘session imposters’ who try to take over sessions which are open even after the employee is done using them. It also helps you protect your network from credential stuffing attacks and phishing.

What is Continuous Authentication?

In continuous authentication, users are rated based on ‘authentication scores’ which aim to determine, based on user behavior, if the user is actually who he/she is claiming to be. With advanced algorithms which are fast becoming smart enough to understand human behavior, networks can essentially monitor user behavior to determine a user’s authenticity. 

For example, in a banking application, if the security solution detects an anomaly in user behavior, it can prompt a logout or request for additional information like fingerprint or password to ensure that the account is used only by the designated person.

Continuous authentication has become powerful enough to analyze information from the various sensors of smartphones and other devices to monitor the pressure on the keypad, the amount of time being spent on an application etc. 

With certain continuous authentication solutions, organizations can also assign restrictions based on tolerable risk by specifying the minimum confidence score and factors like a user’s location or time of the access request. 

When you implement a continuous authentication solution, think in terms of acceptable risk and context – certain applications in your network might need lower authentication scores than other, more critical, applications. 

While planning to deploy a continuous authentication system, it is also important to ensure that it is compatible with your existing security solution and covers all the areas of your organization’s network.

We understand that cybersecurity is becoming more fluid and security solutions are becoming more powerful and customizable. Akku’s DNS filtering and geolocation features can be used to score your users, and this information can be used to continuously authenticate them. To know more about how we can help you, get in touch with us now.

A How-to Guide to Privileged Identity Management

Privileged Identity Management (PIM) refers to the control and monitoring of access and activity involving privileged user identities within an organization. Privileged identities include those of superusers or super control users such as Chief Executive Officer (CEO), Chief Information Officer (CIO), Database Administrator (DBA), and other top management officials.

Usually, such accounts are given access to all applications and data within an organization, along with the highest levels of permissions. However, many times, such unlimited access has been the cause for data breaches. When an organization’s data is compromised from a privileged user or their account, it is known as Privilege Abuse or Privileged User Abuse. Continue reading A How-to Guide to Privileged Identity Management

What is advanced server access?

Advanced Server Access is a relatively new aspect of identity and access management system for the cloud. In fact, it fits better under the umbrella of privileged access management (PAM). PAM is built on top of IdPs and ADs, which are crucial for identity and access management for on-prem networks. By being used in conjunction with ADs, PAM has been able to successfully provide enhanced control over identity for administrators and other privileged users.

What is PAM?

Privileged access management helps to secure and control privileged access to critical assets on an on-premise network. With PAM, the credentials of admin accounts are placed inside a virtual vault to isolate the accounts from any risk. Once the credentials are placed in the repository, admins are required to go through the PAM system every time they need access to the critical areas of a network. For every single login, their footprint is logged and authenticated. After every cycle, the credentials are reset, ensuring that admins have to create a new log for every access request. Continue reading What is advanced server access?

The Importance of Single Sign-on for Educational Institutions

Let’s admit it: schools and universities today are not what they used to be back when we were growing up. Digitization has swept over almost every aspect of educational institutions. Classrooms have become “smart”, with blackboards being replaced or supplemented by LED screens. Students can simply log in to portals from where they can access information about grades, access lessons from learning apps, and more. Teachers don’t use physical attendance registers today; they mark the daily attendance of their students on tablets – data from which triggers automatic, customized messages to the parents of students who are absent from class.

With such revolutionary change taking over educational institutions, they are also under the rising threat of becoming the target of hackers. Therefore, it is important to ensure enhanced security across the network to prevent student and parent information from being exploited. What’s more, there are cases of students themselves becoming hackers these days – attempting to manipulate grades, using their fellow students’ information to bully them online, and engaging in other malicious activities.

Here are some ways in which a single sign-on solution can not only enhance security but also improve the efficiency of administrators in your educational institution.

Easy Provisioning and Deprovisioning

Every year, a set of students graduate and a new set of students are enrolled. This means that creating accounts and providing access to student portals is a never-ending process. More importantly, denying access to a student who no longer studies at the institution must not be overlooked.

With an SSO, administrators can view – in a single dashboard – all of the apps related to a particular user account and take action quickly and effectively without having to provision/deprovision accounts individually across apps or portals.

Instant Access to all Apps

A survey conducted in the USA showed that 25% of class-time is spent in troubleshooting and teachers trying to help students log in to their respective learning applications. In most cases, the use of multiple applications, and therefore multiple credentials, is the main problem here.

A single sign-on solution, as the name suggests, eliminates the need for multiple credentials, and with it, reduces the time taken to remember and correctly enter them. This also reduces the number of stray passwords, prevents users from writing down passwords and using other methods to remember credentials that are prone to compromise, and also reduces the time taken in resetting forgotten passwords.

Secure Password Policy Enforcement

Students of today may be sharp, but technology is sharper and acts as a double-edged sword. This is why, when it comes to protecting your network from brute-force attacks and other modern security threats, a strong password policy is essential. After all, a compromised password of a student could compromise the security of the entire network in more ways than one.

An SSO typically acts as the identity provider (IdP) to all the applications or portals used within the institution and, therefore, can be used to set up and enforce a strong password policy. This will ensure that passwords created by users of the institution’s applications meet a certain set of requirements with regard to length and complexity.

SSO and Beyond – Akku

Akku, by CloudNow, is an identity and access management solution that includes a powerful SSO functionality. But SSO is only one of many in a slew of features packed into this IAM solution.

Akku can also help you ensure safer interactions on the internet with filters, harness the power of YouTube for teaching/learning, use multi-factor authentication to restrict access to confidential data and more.

For more information on what Akku can do for your institution, get in touch today!

Why Blocking Personal Emails in the Workplace is Essential

Your employees accessing their personal email at work for a few minutes in a day sounds harmless enough. But access to personal email in the workplace is in fact a potential hazard to company data, security and productivity for a number of reasons.

Continue reading Why Blocking Personal Emails in the Workplace is Essential

5 Cloud Security Myths Busted

One of the main reasons for a number of traditional, older enterprises still being wary of cloud computing is the concern they have over the security of their data on the cloud. There are a number of myths surrounding cloud security that make it difficult for many enterprises to take the plunge and undertake cloud migration to leverage the many benefits of the cloud.

Here are a few of these myths, and why you should stop believing them!

Myth 1: It’s not safe to use the cloud

The biggest myth of them all is that the cloud is simply insecure and more vulnerable to attacks. We understand where this comes from. If you have something you want to protect, you would rather keep it at home, under your watchful eye. By the same logic, people believe that if their data is not located within their own office premises, it isn’t safe.

When you host your data locally, you will need to constantly update your firmware and keep all your security solutions up-to-date. It also requires several maintenance and management procedures and testing at specified intervals to overcome vulnerabilities that may arise due to configuration changes.

On the other hand, when it comes to the cloud, most of these steps are taken care of by the cloud service providers, who run regular audits for their cloud security controls to make the cloud environment as safe as possible. What’s more, cloud platforms are equipped with a wide range of security capabilities that can be customized to suit specific security needs of enterprises. You may also consult cloud service providers and cloud advisory experts like CloudNow to understand and take steps to prevent potential security risks.

Myth 2: Data on the cloud can be accessed by anyone

This is a common concern for enterprises when it comes to using a public cloud. If you are using a public cloud, that doesn’t mean that your data is available publicly or to other users of the shared cloud!

Even on a shared cloud, the data of each enterprise or individual is stored as a separate instance. Despite being transmitted on a shared network, data is encrypted to prevent other entities from deciphering or decoding the data. People also tend to assume that a private cloud would be safer. Quite contrary to this belief, multi-tenant clouds or public clouds, in fact, offer an additional layer of security to separate internal network systems due to the very fact that they are accessed by many.

Find out if a public, private or hybrid environment will suit your business best. Ask CloudNow!

Myth 3: The cloud provider will take care of security

Having said (above) that cloud providers take security very seriously and go to great lengths to secure your cloud environment, on the other side of the aisle is another myth – that the cloud provider will handle it all.

While it is true that the provider does take some measures, there are certain aspects to protecting the security of your data that can only be handled by you. Therefore, it can be said that cloud security solutions are a shared responsibility of the provider, the customer and all the users involved.

More specifically, the security of the overall cloud infrastructure and the physical security of the servers are all responsibilities of the cloud service provider. However, when it comes down to your data, your cloud application security and your users, and how each of these interact on the cloud, the responsibility for their security lies with you.

At your end, you will need to set up a password policy, add layers of authentication for your users’ login process when they need access to sensitive data, set up your own DNS filters and restrictions – all of which have to do with your users and the way they handle your data on the cloud. Moreover, your administrators will need to handle identity management including permissions given to each of your users with regard to what they can access and how much they can do while using cloud applications. Opting for an identity and access management solutionIAM ) like Akku can help by acting as a single sign on (SSO) platform and making password policy enforcement, multi-factor authentication (MFA) security and implementation of other security measures easier to implement.

Myth 4: Cloud security is a hassle for HR

According to a survey conducted by Cybersecurity Insiders, “staff expertise and training” were listed by 56% of respondents as the top reasons for hesitating to opt for cloud solutions. They believed that opting for a cloud SaaS would require rehiring or retraining the IT teams.

It is indeed surprising that a majority of companies believed this myth which underestimates their own teams who have managed to handle on-premise data and applications effortlessly!

Most cloud security solutions are actually extremely intuitive and user-friendly, and most of them can be managed by IT personnel through simple training and re-certification programmes.

And if you choose a cloud solutions provider like CloudNow to partner with you, your partner will be able guide you through the process.

Myth 5: Cloud and compliance don’t get hand in hand

Data breaches and violations to data privacy and other policies have caused governments to set up and enforce stringent data protection policies in order to increase the accountability of enterprises handling the personal data of citizens. And for some reason, business owners tend to believe that managing compliance issues on the cloud is far more complex than it is with an on-premise server.

However, the truth is far from that. Many cloud service providers, in fact, facilitate the process of keeping you compliant, as per the security requirements of your industry. For example, if you are in the healthcare industry and need to comply by HIPAA, then your cloud provider can help you maintain event logs for information access attempts with an intrusion detection systems (IDS).

What’s more, using an IAM solution can help you stay compliant and also ready for security audits. With a solution like Akku, administrators are given full control to customize and choose their password policies and other security features required for compliance and maintenance of security standards. The default password policy of Akku complies with the password policy requirements of industry standards such as ISO 27001 and PCI DSS and is customizable to the last detail.

Want to know more about using Akku to improve your cloud security? Visit www.akku.work or email us at sales@akku.work

Working Online? Watch out for Identity Theft!

Identity theft is as real as your identity and as dangerous as the one who steals it. It occurs when an unauthorized person or entity uses your personal information to assume your identity and commit fraud and other criminal activities including stealing from you, or from others in your name.

What does an identity thief steal?

Your name, address, credit card or bank account information, and even information that might otherwise seem harmless, such as photographs, information about your family members or your date of birth could be used in harmful ways in the wrong hands.

How does identity theft happen?

Identity thieves are well-organized, tech-savvy, creative and have seemingly innocent online personalities. They can steal information, simply by requesting it from an unassuming person or by using technological attacks to capture millions of records from enterprises. Sometimes, a stolen wallet or a carelessly-thrown receipt or letter can also lead to identity theft.

Here are some of the ways in which an identity theft may take place in your organization:

Data Breaches

A data breach, accidental or malicious, can have a heavy cost on both the organization involved and the individuals whose data is compromised.

Improper security on company-owned devices or devices that have access to your organization’s data is one of the leading causes of data breaches that lead to identity theft.

Phishing

Phishing involves sending deceptive emails with links to malicious websites that may either request or steal your information. If one of your employees is manipulated by such an email and clicks on a link it provides, it can be dangerous to the organization itself.

Even if your organization’s email can manage to keep out such mails from employee inboxes, if your employee has access to their personal email at the workplace, they are at the risk of being compromised.

Public Wi-Fi Connections

One of the problems with allowing your employees to work remotely is the possibility that they may be working from places that offer open or free public wireless internet connectivity. A criminal who also has access to the same network could also be able to observe all of your employee’s activities.

Mishandled Passwords

Carelessness with passwords, whether in terms of the creation of weak passwords or the way they are stored, can make your employees and your organization susceptible to identity theft.

Read our blog on Everything You Need to Know about Secure Passwords to know more about keeping passwords safe.

How can you prevent identity theft?

When it comes to preventing identity theft, the first step to take is to sensitize your employees on the different ways in which it can happen. Studies have proven that employees are the preferred channels that identity thieves use when they target organizations.

From your end, you also need to:

  • Set a strong password policy across your enterprise applications, to ensure that your organization is not compromised through your employees’ use of weak passwords
  • Use two-factor authentication or multi-factor authentication to enhance the security of applications carrying sensitive data
  • Ensure that your DNS filter works effectively to block out malicious websites that your employees may try to access
  • Block access to employees’ personal emails at work, so that there a lesser chance of data compromise and data breaches through phishing
  • Set up IP-based or device-based restrictions so that unauthorized persons are kept out of your applications when they try to access them from unsafe locations or unrecognized devices

An identity and access management solution (IAM) like Akku can help you take control of all the preventive methods listed above, all in one go.

Get in touch with us through sales@akku.work if you wish to know more about how Akku can help protect your organization from identity theft through identity/access management.

The What, Why and How of Two-factor Authentication (2FA): Decoded

Whether or not you know what it is called, you have likely used 2FA at least once in your life online.

Remember the time you tried logging into your email account from a new device and your email service provider sent you an SMS with a PIN (OTP), to re-validate that it was actually you attempting to login? You would have been allowed access to your inbox only after you entered the correct OTP.

Or the time you tried to transfer money to someone through internet banking. Even though you already entered your customer ID and password, your bank’s application would want to make sure that someone else hadn’t stolen your credentials. They do this by sending you an email with a PIN or a link to click on, for additional validation.

This is exactly what 2FA or two-factor authentication solution is all about.

Known by many names two-factor authentication, two-step authentication, two-step verification or dual factor authentication, 2FA refers to a second level of authentication added on in order to enhance security inherent to a login process. This is in addition to the username and password step, which is relatively susceptible to hacking.

When two or more layers are added to the login authentication process, it’s also known as multi-factor authentication or MFA.

Types of MFA security

A two or multi-factor authentication process typically asks you for ‘something you know’ in the first step, such as your email ID/username and password.

In the second step, it may ask you to authenticate your identity with ‘something you have’ or ‘something you are’.

Something you know the knowledge factor:

This could be your username and password, as in any ordinary login process, or it could be a PIN.

Something you have the possession factor:

This traditionally referred to hand-held token items, such as smart cards or Yubikeys embedded with a certificate to identify the user. Nowadays, a ‘possession’ could also be your smartphone, containing an app which sends a push notification or a TOTP. This is especially beneficial since tokens like smart cards are relatively more prone to being lost, stolen or misplaced.

Something you are the inherence factor:

Biometric authentication could involve the scanning of a biological element that is exclusively yours such as your fingerprint, hand geometry, retina, iris and so on. Voice recognition can also be used.

Two-factor authentication for your business

If your business relies on highly sensitive data or handles personal data of clients, you need to have an information security management system in place. This is especially crucial these days as several governments are imposing stringent regulations to ensure that the privacy of their citizens is not compromised. Some business standard certifications also require security compliances to certify your business and, therefore, it is important for you to protect sensitive data with more than just single-factor authentication (SFA).

By setting up 2FA or MFA security in all your business applications, you are assured of a higher degree of protection. In this manner, even if somebody does steal, guess or hack a password or even a list of passwords, through a brute force attack, they will be stopped at the second level as they attempt to log in to a specific individual’s account.

Multi-factor authentication solutions by Akku

When your business uses multiple applications, it may be both expensive and difficult to set up and streamline multi-factor authentication in each. That is where Akku comes in, with the promise to address all these concerns once and for all.

Once you opt for Akku, it becomes a common identity provider (IdP) across all your enterprise applications and creates a single sign-on (SSO) page through which your users can access them. Having brought all of your applications to a single platform through the SSO, Akku then seamlessly implements the multi-factor authentication functionality across them all.

With Akku, users can decide to use any of the following options as their second factor for re-validating their identity, giving them the power of choice:

    • A push notification delivered to their smartphone through the Akku mobile app
    • A time-based OTP (TOTP) which expires in 30 seconds through an authentication app (such as Google authenticator)
  • A PIN sent through an SMS to their registered mobile number

Interested to know more? Visit www.akku.work or get in touch with us through sales@akku.work