Addressing the Data Security and Audit Worries of a Leading Manufacturer

Company X is a leading automotive hardware manufacturer. In the competitive manufacturing environment, documentation of activity are standardization of processes are critical requirements.

In the case of Company X, this was already in place, and in fact they had achieved ISO certifications for their process-based approach and class-leading quality.

However, certification brought with it a constant stream of audits to ensure that processes were in fact being followed, and standards maintained. This posed a recurring problem, since a single failed audit could result in the loss of certification and loss of business.

The employees of Company X were well equipped – every employee was given an email address, and employees above a certain grade were provided with a laptop and a smartphone as well. But being an ISO-certified enterprise, the security of devices and data were vital.

Diagnosis and Prognosis

Given the background and the critical business impact of a failed audit, potential problem areas were quickly identified, along with solutions.

One of the first problem areas that needed to be addressed was that many employees tended to set weak, easy-to-crack passwords that exposed the company to data security threats, while also failing to comply with ISO standards.

A strong, universal, standards-compliant password policy was necessary to ensure uniformly high security across user accounts.

A mandatory ISO-compliant password policy for all users could easily be set up with Akku.

The next point of concern was the possibility that sensitive business data could be compromised by employees.

The solution to this was to enable employees to access their company email accounts only from the devices provided by the company.

Akku enabled restricting access to company mail only from devices with its SSL Key installed.

Another issue identified was that website browsing restrictions were implemented only on the company’s firewall. Therefore, exposure of company devices to malware and external threats while outside the firewall was a looming worry.

A DNS filter to restrict browsing access even outside the firewall became essential.

Akku’s website filter provided this functionality with powerful control and ease of use. This helped to keep the company’s devices secure, whether they were located within the company firewall or not.

This type of device-based access control offered by Akku seemed to tick all the boxes, but it would fail to serve its purpose if it could be tampered with by a user.

Many legacy solutions built using plugins were found to be vulnerable to misuse – with these solutions, it was possible for users to find a way to circumvent the access control by simply removing the plugin to enable unrestricted access. The device could then be made to appear uncompromised by reinstalling the plugin later. Such a solution was far from water-tight.

With Akku on the other hand, the implementation of a certificate-based architecture overcame this potential challenge. This was because any attempt to tamper with Akku’s certificate would completely restrict access to their authorized services like official email and other SaaS-based applications. Reactivation would require a certificate password, available only with the systems admin.

By enabling easy identification of any attempts to evade the implemented access restrictions, potential leaks were plugged and accountability enforced.

Trial by Fire

The road to full implementation of Akku was a challenging one.

After the problem areas at Company X were identified and Akku was presented as the solution, a PoC was run successfully with 30 users to confirm that all requirements were in fact addressed completely.

With this first hurdle crossed, the client next proposed implementation and testing at their Japanese parent company. Stringent testing on every parameter of Akku’s performance was carried out over a period of several weeks in Japan.

At the end of this process, Akku was approved for the final roll-out across 300 users.

What is an IAM ?

Identity and Access Management (or IAM) solutions – also known as Identity Management (IdM) solutions – form a critical component of an enterprise’s IT security. And when used with cloud-based applications, they form part of a powerful cloud security set up too.

In simple terms, an IAM helps to control which users can access what data, as well as from where and when this access is permitted.

So how does an IAM work?

In any Identity and Access Management solution, one of the core concepts at play is that of an Identity Provider (IdP). The IdP brings all of the enterprise’s cloud-based application on to a common platform from where identity information can be managed and authentication services provided through the use of a Security Assertion Markup Language (SAML).

Through this process, it becomes possible to establish a single point of control across all of an organization’s cloud applications, and to provide a single point of access to all users, in the form of a Single Sign-on (SSO) – one of the fundamental functionalities of an IAM.

What features do IAMs offer?

Most IAMs offer some or all of the following features:

Single Sign-on

Enables administrators to provide each user with a single login to access any or all of the local and cloud applications used by the organization.

Multi-factor Authentication

Provides a powerful additional layer of access protection through a TOTP or other methods.

Password Policy Enforcement

Enables enforcement of a custom password policy across the organization, to comply with statutory (or the company’s own) security standards.

Is Akku an Identity and Access Management solution?

Akku is indeed an IAM solution, but it’s also so much more. It brings to the table all the security and access restrictions that a standard Identity and Access Management solution has to offer, along with several additional features to boost security and productivity across your cloud environment:

   1) IP- and Device-based Restriction
   2) Personal Email Blocking
   3) YouTube Filtering
   4) Website Filtering

Do visit the main website for more information on Akku’s powerful value proposition, and to see how Akku can help you control your cloud.