Business from anywhere: IAM as a vital piece of the Business Continuity puzzle

COVID-19 was a shock to the global economy. The pandemic aside, the enforced and voluntary closure of offices has dramatically changed the way businesses work. Overnight, employees were instructed to work from home, in many cases indefinitely. There are still tens of thousands of organizations around the world who are still unsure of when, if ever, they will resume a traditional office-oriented working environment.

Business Continuity Plan (BCP) challenges for enterprises

Even more than the longevity of office closure however, it was the suddenness with which it hit that was so disruptive. For businesses without a BCP to address such an eventuality, it took many painful weeks or more before they could resume operations.

When remote operations did begin, many businesses – especially in domains involving sensitive data, such as healthcare and BFSI – faced concerns and scrutiny from both their customers and regulatory authorities. With large workforces working from home, data and application security became a genuine worry.

As you prepare for the next major global disruption, here’s how an Identity & Access Management (IAM) solution like Akku could play an important role in keeping your business running in a work-from-anywhere world.

Remote identity management with Active Directory

A majority of global enterprises use on-prem Microsoft Active Directory (AD) to manage user identities across their organization. It’s an effective solution as long as all users are working from the same premises. When they are not, however, a cloud-based identity management solution is essential.

As a robust IAM solution, Akku can integrate with your on-premise Active Directory through a secure tunnel – by doing this, all the user credentials and identity stored on your AD can be accessed by your IAM from anywhere. This allows you to continue to use your familiar AD for identity management, while also eliminating the need to take up a complex and expensive migration of your identity management system to the cloud.

Once your IAM enables access to your user identities from your AD from any location, you can then progress to the Access Management functionality of the IAM platform, to grant due access to all necessary assets (files, platforms and applications) to only the specific users who require it.

Security during remote access

A major concern with the work-from-anywhere environment is security. To preserve the sanctity of your assets, you need to control the users accessing them, and ensure secure access for authorized users. Two key ways to achieve this are through device-based restrictions and multi-factor authentication.

By restricting asset access to only registered or company-owned devices, you ensure that the organization’s apps and data are not impacted by any malware or security vulnerabilities that may exist on non-authorized devices. Multi-factor authentication (MFA) reconfirms the identity of the user accessing the company’s digital assets by additional means beyond a password – such as time-based OTPs or push notifications, for instance.

Through implementation of an IAM solution along with increasing the security of your cloud assets, you can also manage highly granular access control. Each individual user can be granted access to only the files, platforms and software that they require, with easy provisioning and deprovisioning to quickly and reliably provide and revoke access.

Real-world benefits during disruptions

Through a straightforward implementation of Akku that integrates with your Active Directory and acts as the identity provider to all of your applications, you are geared up to manage remote working at a moment’s notice. 

In a world of increasing uncertainty, this means business continuity, with uninterrupted, secure and efficient operations through any circumstances that may arise.

COVID-19 was a once in a century phenomenon, but large-scale disruptive events are not that uncommon. Allow us to help you create your BCP to address any eventuality by setting up Akku to enable a seamless and secure work-from-anywhere operations. Contact our team of experts to get started.

Burn down the Firewall! The Future is Device-level Security

Many enterprises have built their cybersecurity around their firewalls. But increasingly, the firewall is losing favor in modern enterprises with apps and data on the cloud being accessed from devices and networks anywhere in the world. 

The traditional cybersecurity tool is a network security device that monitors traffic to or from the network. It allows or restricts traffic based on a defined set of security rules.

Legacy firewalls: Blurring boundaries

The issue with this is that firewalls do not go far enough in securing your systems. By the nature of their operation, firewalls create boundaries around your network. Today, with enterprises using many interlinked networks, multiple IPs and cloud computing, boundaries are fading. As a result, firewalls are less effective.

Based on a recent study, businesses are increasingly mistrustful of firewalls. Over 60 percent of respondents stated that: (1) their legacy firewalls don’t prevent cyberattacks against critical business and cloud-based applications; (2) their legacy firewalls cannot contain a breach of their organization’s data center perimeter; and (3) their legacy firewalls do not enable enterprise-wide Zero Trust.

As Gartner puts it, Zero Trust is “useful as a shorthand way of describing an approach where implicit trust is removed from all computing infrastructure”.

In addition, legacy firewalls impact organization flexibility and speed to a large extent. It is hard to update security rules on the firewall, and the study found that on average, enterprises take as much as three weeks to update firewall rules to accommodate any update needed. This can have a crushing security impact. They also limit access control, with policies that are often not sufficiently granular.

For all these reasons, legacy firewalls are increasingly falling into disfavor with enterprises of all sizes.

Cloud Access Security Broker (CASB)

A traditional firewall stands between your network and a non-trusted network (for example, the Internet). However, cloud data and apps are hosted on the Internet and as a result, legacy firewalls are not very good at protecting apps and data on the cloud.

Just like a traditional firewall protects the trusted network against attacks, a CASB protects cloud assets (applications, data, platforms and infrastructure) against cyberattack. They act as a foundational cybersecurity tool and resolve many of the issues associated with legacy firewalls.

A cloud-hosted or on-premises software, a CASB acts as an intermediary between users and cloud service providers, and can secure SaaS, PaaS or IaaS environments. It provides visibility into application access, maintains logs of activity, and allows enterprises to modify and create policies that suit cloud infrastructure and assets. A good CASB brings together key elements of privilege access management (PAM), identity and access management (IAM) and identity governance and administration (IGA).

Identity and Access Management solution (IAM)

As many as 90 percent of businesses believe that an IAM is indispensable to their cybersecurity plans. An IAM offers device-level security. This helps plug the gaps left by legacy and CASBs. Through IAMs, enterprises can provide granular access control, with unique rules defined for each user and class of user.

IAM offers comprehensive password management support, in the form of password policy management and single sign-on (SSO) SSO allows users to create and remember just one set of credentials for a whole suite of applications. This reduces risk of password loss and noting the password in unsafe locations. With password policy management, businesses can define rules to create strong, secure passwords that are less prone to cracking.

User-friendly provisioning and deprovisioning makes errors less likely. IT administrators find it easier to remember to revoke access when employees leave the organization when deprovisioning can be done with a single click. This also secures cloud apps against unauthorized access.

In a very real way, identity is the new firewall. When the device is secure against unauthorized logins, business-critical apps and data are as well, whether housed on-premises or on the cloud. Secure identity and access with an IAM you trust – like Akku, the premier IAM. Contact our experts today to discuss how to get started.

Identity and Access Management in the age of Bimodal IT

An important new practice that has emerged over the past few years in IT management is Bimodal IT, defined by Gartner as the practice of managing two separate but coherent styles of work: one focused on predictability; the other on exploration.

While the application of the Bimodal concept within an enterprise has been the subject of much discussion, employing these two modes of management in the context of Identity and Access Management has not.

Here’s our take on how the Bimodal concept fits into our scheme of things as an Identity and Access Management solution provider.

Mode 1

By the standard definition of Bimodal IT, the focus of Mode 1 is on ensuring that existing applications and business functions are kept running smoothly. Therefore, Mode 1 clearly prioritizes stability over innovation.

In the context of IAM, businesses are becoming increasingly complex in the digital age, with touchpoints and interactions with increasingly large numbers of people or users, both within and outside the organization. 

Managing this change requires IAMs to undertake a gradual evolution towards becoming simpler and more scalable. A good example of this would be the need to build in the ability to automate decision-making for setting access rules and permissions based on dynamically collected information on users, from multiple sources.

This evolutionary approach is important to ensure continued forward movement, embracing new practices and technologies, while continuing to place primary emphasis on seamless operations.

Mode 2

Mode 2 in Bimodal IT, on the other hand, places its focus squarely on innovation. In Mode 2, the priority is to undertake larger, but less certain, leaps forward, to enable the existence of entirely new business processes and approaches. 

To look at the Identity and Access Management universe, in Mode 2, the mandate would be to build the next, future-ready new IAM platform. This could involve the development of an all-new, simpler and more scalable architecture from scratch, or incorporating increased agility to adapt to a fast evolving environment, for example.

Mode 2 involves planning and building for scenarios and use-cases that go beyond what conventional thinking can conceive of, to drive the next big change. But with this focus on innovation comes a need to accept some risk as well.

Akku is an enterprise IAM solution, and our journey to get here has involved adopting different facets of Bimodal IT. This process has helped us build a platform that delivers solutions to a range of use-cases that few others can match, and to do it reliably and seamlessly. Talk to us today to see how Akku could enable identity and access management, and more, at your organization.