Akku Vs. Okta – Understand Before you Choose

Akku and Okta are both highly efficient cloud security solutions that strive to help companies manage and secure user authentication on applications in their network, and to transform their customer experiences. Here are a few key differences between the features of Akku and Okta. 

Single Sign-on

Akku’s requires only a one-click login for universal login access for all applications. This ensures both high security and productivity.

Okta’s one-click authentication has made user login process 50 times faster. This user-friendly and customizable feature uses OTP to access to 5,500 pre-installed applications, ensuring direct navigation. 

Multi-factor Authentication (MFA)

Akku’s MFA is simple, inexpensive, and easy-to-use. It provides multiple layers of security to the sign-in process using Time-based OTP (TOTP) and push notification. The former generates passwords every 30 seconds while the latter generates notifications to authorize login attempts.

Okta’s MFA is secure, simple, and intelligent. It verifies access using user’s knowledge, possession, and biometric factors instead of passwords. It also generates security questions, OTPs, and push notifications for a user’s authentication.

Content Filtering

Akku offers a customizable content filtering feature that ensures high productivity across your organization while improving network security. This functionality prevents employees from accessing and browsing irrelevant websites during office hours and prevents distractions and aids in providing secure network access.

Akku prevents your employees from accessing irrelevant YouTube videos which can affect employee productivity and blacklists their personal email id from being accessed using your network or systems.

Okta, unlike Akku, does not provide any content filtering features.

Time- and Location-based Restriction

While providing access to users anytime from anywhere is necessary, it is important to make sure that this feature does not compromise on security. With Akku’s time- and location-based restriction feature, security will always be on guard to restrict unusual user activities. It also restricts access to your network from specific geo-locations to prevent potential security breaches.

Okta does not offer standard products that provide time- and location-based restriction capabilities.

Password Policy Management 

Through this feature, Akku allows you to set a minimum requirement for password standardization. This prevents anyone in your organization from possibly setting weak or easy-to-hack passwords. This also allows for password consistency across your organization.

Okta comes with a password policy standardizer which is similar to Akku’s.

Internal Communications

This feature ensures end-to-end communication between the management and the employees. This feature sends push notifications to the employees for each announcement. These notifications appear as soon as a user logs in, to ensure he does not miss any information. To ensure a response from the employee’s side, it restricts action until he has read and replied to the message. This also helps you in ensuring standards compliance across your organization without any gaps.

Okta does not have a well-structured internal communications system like that of Akku.

Akku, a product by CloudNow Technologies, is a robust identity and access management solution that helps improve data security and productivity and ensures transparency and control in tandem. For the modern organization, it is crucial to maximize security, compliance and productivity across your organization and Akku’s features are specifically built around that purpose. Contact us today to know more about how Akku can help you secure your network.

All the information presented in this article is accurate as of May 5th, 2019.

Agent-based Cloud Security Solution? No thanks!

If your organization relies on the cloud for a majority of its operations, you may want to look closer at the type of architecture your security solution uses – whether it is agent-based or agentless. While some might say that it is irrelevant and that you should focus only on the security solution’s efficiency, we beg to differ. Picking the right kind of cloud security solution can drastically affect your organization’s day-to-day operations and how much ownership you can take over the security solution. Continue reading Agent-based Cloud Security Solution? No thanks!

A How-to Guide to Privileged Identity Management

Privileged Identity Management (PIM) refers to the control and monitoring of access and activity involving privileged user identities within an organization. Privileged identities include those of superusers or super control users such as Chief Executive Officer (CEO), Chief Information Officer (CIO), Database Administrator (DBA), and other top management officials.

Usually, such accounts are given access to all applications and data within an organization, along with the highest levels of permissions. However, many times, such unlimited access has been the cause for data breaches. When an organization’s data is compromised from a privileged user or their account, it is known as Privilege Abuse or Privileged User Abuse. Continue reading A How-to Guide to Privileged Identity Management

What is advanced server access?

Advanced Server Access is a relatively new aspect of identity and access management system for the cloud. In fact, it fits better under the umbrella of privileged access management (PAM). PAM is built on top of IdPs and ADs, which are crucial for identity and access management for on-prem networks. By being used in conjunction with ADs, PAM has been able to successfully provide enhanced control over identity for administrators and other privileged users.

What is PAM?

Privileged access management helps to secure and control privileged access to critical assets on an on-premise network. With PAM, the credentials of admin accounts are placed inside a virtual vault to isolate the accounts from any risk. Once the credentials are placed in the repository, admins are required to go through the PAM system every time they need access to the critical areas of a network. For every single login, their footprint is logged and authenticated. After every cycle, the credentials are reset, ensuring that admins have to create a new log for every access request. Continue reading What is advanced server access?

Is Social Login a Secure Login?

Social login is a form of single sign-on, where users are allowed to log into an application or website using one of their existing social media account credentials. A social login, therefore, eliminates the need for users to register on yet another online platform – saving them the need to remember yet another set of credentials.

If you are a business, you may have noticed that a social login option on your online platform has had a positive effect on the number of registrations you receive. If you are an individual user, you may have found the option to either “Sign up” or “Login with Facebook/Google” and felt relieved that you were able to access the platform in just a few seconds by choosing the latter. But have you ever thought of how secure this method of login really is?

Let us look at the various aspects that affect the security of social login.

Social networks invest more on security

Social login is, by and large, considered to be a secure login method. This is because social media platforms including Google and Facebook are huge, powerful corporations in the online world with more potential than the original business (to whose website/application you are logging into) to set up strong security measures.

One compromised credential = multiple compromised accounts

On the other hand, if a hacker does manage to crack the social account – either due to a weak password or through a brute-force attack, this puts not only a user’s social media profile under threat but all of the applications and websites in which the user has used a social login option. The problem is only made worse with advanced threats like credential stuffing.

Similarly, if an individual’s phone is stolen and unlocked, with a Facebook or Google account that is still logged in, more than just one account is again compromised.

Third-party tracking scripts continue to threaten

Research conducted by Princeton’s Center for Information Technology Policy revealed that, when you log in to a website or application using social login, a third party might be able to place tracking scripts on the website or application. These tracking scripts have the ability to steal information that you have shared with the website or application during the social login – and sometimes even more than just that!

Although Facebook has announced, post publication of this study, that it would address this loophole in their universal login API, experts say that the issue may be deeper and more complicated than that. It is a harsh reality that a number of companies today create software and tracking tools that can be used to scoop, steal and sell information from such platforms.

So, what is the solution?

While the ease and convenience of social login is undeniable, it is also becoming increasingly difficult to ignore the potential threats of using such a feature. The next time you are thinking about a social login, keep these points in mind:

  • Enable multi-factor authentication and risk-based adaptive authentication features that are provided by your social media network. A number of social network providers have set up these built-in security enhancement features, but they may not be enabled by default. Make sure to check your account/privacy settings and make the appropriate changes. This way, an additional layer of security will back you up even in case that your username/password are compromised.
  • Check what permissions are being asked of you by the website or application that you are registering to using a social login. There will be a request to access your name, public profile and a few other details sometimes. Provide only information that you think is relevant to the site and deny all others. It might also help if you go back to your social media account and check what all is part of your public profile, and change those settings in order to limit the information you are allowing someone else to access.
  • Use the social login feature selectively. If you are wary of a website or application, or if you are sure you will not be using it too ofteis n (and hence will not need a quick login method), then avoid logging in to them using your social media credentials. We suggest creating an email ID only for such occasional-use sign ups and using that to register instead.

If you are a business offering social login, you could offer your users with more security by integrating your application or service with an identity and access management solution (IAM) like Akku which comes with advanced features like multi-factor authentication, location-based restrictions, and suspicious login prevention. We also recommend that you speak to a cloud specialist on other cloud security measures that you can implement.

The Key to Data Security: WebAuthn

What is WebAuthn?

WebAuthn (Web Authentication API) is a global standard specification for secure authentication on the Web, formulated in 2018 by the World Wide Web Consortium (W3C).

This browser-based API allows user authentication on web applications through the creation of strong “credentials” and user-agent-mediated access to authenticators. This could be either in the form of hardware tokens (like U2F security keys) or in-built modules (biometric readers like Google Hello, Apple Touch ID) in the platform. Web Authn has garnered the support of all leading browsers like Chrome, Firefox, and Edge, and is compatible with all leading platforms.

How does WebAuthn Work?

With WebAuthn, a relying party (such as web service) can integrate a strong layer of authentication into applications with a choice of authenticators. It replaces the need for a password with the generation of a private-public key pair (credential) created for a website. While the private key is stored on the user’s device, the public key is generated randomly and shared with the server. The server then uses the public key to confirm the user’s identity.

The following steps are involved in WebAuthn:

  1. The user opens a website using their device
  2. On the request of the web service (replying party) through the Credential Manager API, the browser generates a new credential, specifying the user’s device capabilities.
  3. During the registration process, the user is offered multiple authentication options. This may vary from external authenticators to biometric authenticators like fingerprint analysis or facial recognition.
  4. Choosing any of the authenticators offered, the user completes the registration process.
  5. The authenticator generates a key pair (a public and a private key) – the public key is forwarded to the server, the private key is stored in the user’s device

Why use WebAuthn?

The public key and private key, both need to be used in conjunction. Therefore, by eliminating the need for a “secret” such as a password, WebAuthn drastically improves data security and prevents data breaches. Even if the public key is hacked, it will not function without the private key – which is stored in the user’s device – and becomes useless.

These are some of the scenarios in which WebAuthn can be useful:

  • Setting up two-factor authentication (with or without passwords) that is resistant to friction and phishing
  • Using biometric authorization that eliminates the need for passwords
  • Recovering lost or stolen devices and bootstrapping of new devices 

Find out how you can improve data security and prevent data breaches with Akku. Get in touch with us for a free demo today!

Beware of Credential Stuffing

In recent times, you might have noticed user accounts being compromised by the millions, and yet companies refute these claims saying that their systems are secure and have not been attacked. In these cases, the companies are right – instead of a direct attack, the hackers may have performed an attack called ‘credential stuffing’. In this type of attack, hackers get their hands on usernames and passwords of one application or service and stuff the same credentials on another login for another digital provider.

For example, if you have used the same user ID and password for creating your Facebook and Twitter accounts, a hacker who has access to your Facebook user id and password can use the same for getting into your Twitter account. This does not mean that Twitter’s systems are faulty. It simply means that your credentials have been stuffed. Credential stuffing attacks use code injection techniques to test the credentials against multiple accounts like social media, online marketplaces, and bank accounts. Once access is gained, the hacker can get access to personal information, credit card information and other personally verifiable information.

In recent times, this type of attack has gained popularity due to the fact that most users use the same user ID and password for multiple accounts. The situation right now is precarious for most online users – a recent breach of breaches has given hackers access to a whopping 2.2 billion user IDs and passwords. It is called a ‘breach of breaches’ because a few hackers hacked into millions of Dropbox and LinkedIn accounts and compiled a list of plain text credentials. However, another team of hackers hacked into this list to compile an even bigger list of stolen credentials.

If you have built enterprise applications, how sure can you be that your users have created different passwords for all your applications? There is no way for you to know for sure. However, you could put in place a password policy which prevents them from using the same password for all the applications in your network.

Akku from CloudNow Technologies allows you to set custom password policies to help you standardize the passwords set by your users. You can also leverage it to prevent the setting of the same passwords. To know more, get in touch with us now.

To Implement or Ignore: MFA for Custom Apps & Websites

Multi-factor authentication (MFA) is one of the most highly recommended security measures in this age of brute-force attacks, data breaches and other such cyber attacks. And while some off-the-shelf SaaS applications may already come with a built-in MFA feature, when it comes to a custom-built application or website, businesses have to make the tough decision between reinforced security and the high cost at which it comes.

Continue reading To Implement or Ignore: MFA for Custom Apps & Websites

7 Ways in Which Akku can Help you Address Security Challenges

While it is natural to feel apprehensive on the cloud, especially if you are new to it, remember that there are a number of ways to stay in control of your organization’s applications and data, even while ensuring that authorized users can access them with greater ease.

Here are 7 ways in which Akku, the Identity and Access Management (IAM) solution from CloudNow, can help you address security challenges

1.Helping users create strong passwords

A password is the first and most basic level of security you can apply to protect your applications from unauthorized access. However, with several hackers and bots lurking on the internet, a password is also vulnerable to attack. With the provision to set up and enforce a strong password policy, Akku allows users to only set up strong, complex passwords that are difficult to crack.

2.Adding multiple layers of security

If your business relies on highly sensitive data, you need to protect it with more than just your users’ passwords. Akku’s Multi-factor Authentication (MFA) functionality does just that, integrating a powerful additional layer of security into the sign-in process. If this functionality is enabled, Akku demands users to reconfirm their identities by using a TOTP or a push notification.

3.Enabling admins to set up restrictions

Typically, a cloud application can be accessed from anywhere and at any time. This, while being one of the biggest boons of cloud computing, can also be a potential threat. This is why, Akku enables administrators to set up restrictions — to limit access to one or more critical applications outside of a certain time slot or location, or even from unrecognized IPs or devices.

4.Preventing suspicious logins

In addition to enabling administrators to set up tailored restrictions for each user based on time, location, IP address and device, Akku also detects and responds to suspicious and unusual user activity. For example, if a user has logged in from two different countries (one familiar, one unfamiliar) within a matter of minutes or hours, access will be denied.

5.Keeping admins in control, remotely

Akku comes with a smartphone application which enables admins to receive notifications and alerts, even when they are not in the office. Moreover, with one-click access to their dashboard, they can view or review user activity as well as provide, edit or revoke access and permissions to users.

6.Encrypting all data

Akku comes with custom salted-hash functionality – a combination of salting and hashing techniques – that is used to encrypt user credentials. This way, even if users are accessing your organization’s applications form unsafe or open networks, the data is kept safe in an encrypted format.

7.Maintaining filters for company-owned devices

Akku protects your company-owned devices from malicious content by enabling you to maintain DNS filters – blocking personal email, irrelevant website access, and YouTube filtering – even when the device is being used from a network outside the organization’s firewall.

Akku is a robust, flexible identity and access management (IAM) solution that can help your organization leverage the cloud without worrying about data security, privacy, compliance with standards, and productivity. To know more or to see how Akku can be integrated with your organization’s applications, get in touch with us today!