Government Entities and their Move to the Cloud

Governments across the globe rely increasingly on technology today to serve their citizens better. But with the rapid evolution of technology, it is often a struggle for the different departments of government to keep up. This happens due to insufficient funds, security concerns or simply a lack of motivation to meticulously plan and implement the move.

Of these, security is the most critical consideration, since government agencies and departments are possibly the first line of defense against any cyber attack. This is especially true when it comes to government entities wanting to migrate their operations to the cloud.

Cloud Security Concerns

The United States of America has been one of the first few countries to understand the advantages and scalability that cloud computing offers and has already migrated over half of its government operations to the cloud. But what is holding back ALL governments from fully embracing the cloud? And what can be done about it?

When a cloud network is accessed remotely, the security measures kept in place at the end user’s system determines the security strength of the entire cloud network. This means that governments have to not only have iron-clad security for their data stored in the cloud but also ensure that individual devices which access the network have equally strong security protocols in place.

Solution 1: Identity and Access Management

One way to go about resolving the issue would be to decrease the complexity involved with cloud access and operations. Usually, when there are several applications hosted on the cloud, its users are required to remember several sets of credentials to access them. This leads to setting of simple passwords, which in turn leads to an easy to hack security. An Identity and Access Management or IAM solution can be deployed across the cloud network so that the users need to remember only a single set of credentials for all the applications they are authorized to use.

Another advantage of protecting your network with an IAM solution is that in case the device gets stolen or lost, it is easy to remotely delete an account, making it almost impossible for an outsider to enter your network.

Solution 2: Device and IP based Restriction

A security solution which comes with provisions for device and IP based restriction allows only access to a cloud network only from whitelisted devices and IP addresses. Any attempt to access the network from an IP address or a device that has not been explicitly whitelisted is simply rejected, and the admin of the network is notified. This serves to identify potential breach attempts, based on which improvements to cloud security measures may also be taken up.

Solution 3: Password Policy Enforcement

A cloud network’s security is only as strong as its weakest password. If a cloud network does not have a Single Sign-on solution in place, it means that every user has to remember as many passwords as the number of applications he/she is allowed to access in the cloud network. This means that for the ease of remembering the passwords, users tend to set weak and easy to hack passwords. Implementing a strong password policy will ensure that all the passwords used to access a cloud network comply with a specified minimum standard.

Cloud security solutions come in several architectures and platforms. But when it comes to critical data of a nation’s citizens, and the systems used to access that data, only the best solution is safe enough.

Akku from CloudNow is one such identity and access management solution which secures your cloud network from vulnerabilities and delivers on all the solutions described above. Get in touch with us to know more.  

Cloud Security Solutions – Why do you need them?

Migration to the cloud is no longer an emerging trend. It is now a well-established method of running the operations of a business. With the cloud, you can manage data and applications in a secure environment and ensure that your users face virtually no latency while using your applications. But although the cloud comes with a basic framework for security, it still has its inherent security risks which need highly specific cloud security solutions to reliably protect your data.

To understand the need for implementing an effective cloud security solution, a deeper understanding of what causes and constitutes a cloud security threat is important.

Why Do You Need Cloud Security Solutions?

Unsecured Access Points

With several of your applications operating from the cloud, it is crucial to manage their access. Traditional methods of granting access to applications on the cloud require users to remember several sets of credentials. But with such a method, forgotten passwords would be common, draining the productivity of both your IT team and your users. To overcome this, users tend to set weak passwords which are easy to remember. But weak passwords are also easy to hack! The solution to this problem is to use an Identity and Access Management solution like CloudNow Technologies’ Akku.

Unprotected APIs

Application Programming Interfaces (APIs) are software interfaces which allow two different components of software to talk to each other. APIs are responsible for getting the requests from client systems and passing it onto the server and then retrieving the response and sending it back to the client. Considering that such an integral component is a part of your network architecture, a web application security solution is kept in place to eliminate the threat of unchecked network access from unauthorized users.

Types of Cloud Security Issues

DoS attack

DoS or Denial of Service is a distributed and malicious attack, designed to corrupt your servers and deny access to legitimate users. Such attacks require a complete hack of your network and injections of the attack code. A DoS attack is another common threat faced by organizations operating on the cloud. To eliminate this type of attack, it is important to maintain an intelligent firewall which can effectively stop the attack.

Data Breach

Cyber wars now directly translate to breaches and corruption of data. Since most organizations have to rely on third-party cloud vendors for storage, they increasingly feel like they are not in control of what happens to their data and applications. Data breach is one of the most common types of security threats, whether it happens on the cloud or any other type of storage. For this reason, companies have to go a step further and deploy high-end security solutions to prevent data breaches. While the move to the cloud can improve the efficiency of your operations to a great extent, it also requires you to choose a vendor you can trust to protect your network against the threats mentioned above. CloudNow’s cloud security solutions provide you with the security edge you require to peacefully conduct operations on the cloud without worrying about the threats trying to breach your network.

Akku – Secure your Enterprise Communication

Akku is a great way to control and authenticate communication channels for any enterprise.

One of the biggest threats to any organization is the possibility of a data breach, which can result in loss of data, loss of trust, and ultimately, loss of growth of the business. This makes data security a critical aspect to consider in any enterprise.

An important consideration, especially for SME businesses, is to secure their data – most companies still look for a way to do it in the traditional approach to data security – with an on-premise local environment.

Running the organization with an on-premise environment requires a dedicated workforce, this can be replaced with a secure cloud-based environment. But how does this fit in with Akku? Akku is a pure cloud Identity and Access Management solution that can be integrated with cloud, hybrid or on-prem applications.

So how can Akku help your organization?

Akku’s first great feature would be its Single Sign-on (SSO), where any enterprise’s user accounts and applications can be integrated into a single platform – making access easy for users and control easy for admins.

Unauthorized access is restricted by Akku, which is built on a certificate-based authentication architecture.

It is also possible to filter the content accessed by an organization’s users – DNS filtering to control websites that can be accessed, YouTube filtering to ensure only relevant video content is viewed, and even personal email blocking to improve productivity and security.

Akku also maintains highly granular logs, allowing for detailed reporting on user behavior – time, location, OS and so on for users logging in.

These are just a few of the functionalities that Akku brings to the table to add value to your organization’s data security.

So fight back against data breaches, and tell the world “My Data and Communication are secure!”

Protecting Your Vault: Safeguard your Data Center with an IAM Solution

At most enterprises, data centers are a repository of information contained within a network of servers from where data is transmitted to other touch points for processing. While these data centers could be cloud-based or on-premise, the security of such business-critical data is of paramount importance.

There could be several vulnerabilities in your network in the form of entry points that seem like they can be ignored. While there are several measures you can implement to physically secure your data center, it takes a lot more to secure remote or even on-premise servers from virtual attacks. An effective data center security solution will allow you to intuitively monitor all the entry points for possible attacks and ensure that you are protected against any breach.

One major part of the solution is the implementation of an Identity and Access Management (IAM) solution as part of your security system.

Staying Protected Online using an Identity and Access Management Solution

The two biggest focus areas for any security solution are authentication and authorization. Although there are overlaps in the usage of the two terms, there are distinct in the way they allow access of data.

Authentication determines if the user trying to enter a system is in fact who he/she is claiming to be, while authorization determines whether the user has the permission to access the data or application that he/she is attempting to access.

A comprehensive IAM solution should be able to intelligently allow you to do both by acting as the Identity Provider (IdP) for your cloud, on-premise or hybrid network and interact with the servers in the data centers to check for authentication and authorization using advanced, yet easy to implement, system architectures.

The Akku Solution

CloudNow’s Akku is an enterprise-grade IAM solution that plays this role perfectly using its custom SAML to provide a robust Single Sign-on (SSO) solution, or to integrate with an SSO solution already in place for your other applications. As an IdP, Akku communicates with the server at the time of login to carry out authentication and validate authorization.

By using a high-end security solution, you can effectively control access to your network and data center and reduce the number of resources dedicated to data center security.

Akku also removes any need for any middleware which could otherwise complicate or even corrupt the security system.

The implementation of an efficient and cost-effective security solution like Akku can go a long way in allowing you to focus on improving the operational efficiency of your organization instead of being caught up with the security threats to your data.

Everything You Need to Know About Secure Passwords

Your password – your secret passphrase or PIN that you use for your email, social media profile, or applications at work – is necessary for you to gain access to your accounts. But more importantly, your password plays a critical role in ensuring that no one else has access to your accounts, ensuring the security and privacy of your own as well as your organization’s data and applications.

With advancements in technology, it is important to be aware that there are equally advanced ways in which people steal information belonging to others, and even more ways through which they can misuse that information. Therefore, it goes without saying that secure passwords are of prime importance.

Common Password-Related Mistakes

You can’t blame yourself for being naturally inclined to choose a simple password that will be easy to remember. Unfortunately, these are the very same passwords that are also easy to guess or crack with a hacking software. Remember that, if information about you that can be found online – your date of birth, favourite colour, pet’s name, and so on – is incorporated into your password, it becomes even more vulnerable.

Another mistake made by most people is that a common password is used across multiple online accounts. The problem with doing this is, if someone manages to crack your password to one account, you are giving them free access to the rest!

Writing down your password or saving it somewhere online? This is a very naive act that can put your entire online data at risk of being accessed and stolen easily. Some of the other mistakes you might be making when it comes to passwords is that you don’t change the factory-set or default password, you use the same password for too long, and so on.

Tips to Set Up a Secure Password

    • Create a long password with a minimum length of 10-12 characters
    • Use a combination of uppercase letters, lowercase letters, numbers, and special characters
    • Special characters need to spread out across the password and not be limited to the first or last place
    • Do not use the same password for multiple security points
    • Change your passwords every 1-3 months
    • Avoid using words with obvious references to your personal life
    • Avoid using dictionary words as a whole

Passwords in the Workplace

In the workplace, the importance of a secure password is further amplified because the breach of a corporate network can have consequences that will affect the entire business.

Employees, who are otherwise the biggest assets to a company or business, also become the weakest link in the security chain protecting its data. The reason? Poor password selection and the subsequent compromise to data security. A single password, if compromised, can open the security gates and let intruders in.

Combating Weak Passwords in the Workplace

A good password policy is the weapon of choice when it comes to combating the threat of weak passwords.

A password policy is a set of guidelines that help users set up strong and secure passwords. When a password policy is enforced, a user is not allowed to create a password that does not abide by these guidelines.

Some essential features of a password policy are:

1) Password Length & Complexity Requirement

The password policy ensures that every password created is of a minimum length (for example, at least 6 characters long) and needs to use a variety of character types (uppercase letters, lowercase letters, numbers, special characters).

2) Minimum & Maximum Password Age

This part of the password policy decides how often a password is to be changed. Ideally, a good password policy ensures the expiry of a password once in 3 months, so the user is forced to create a new password. However, if a policy prompts the user to change their password too often, they may be tempted to write it down or store it elsewhere. This, again, will compromise security.

3) Password History

When a user is prompted to change a password, he/she may tend to reuse a password they had earlier used for the same application. By enforcing a good password policy, users will not be allowed to reuse an old password at least for another 5 times.

4) Number of Failed Attempts

A password policy also establishes the maximum number of invalid attempts allowed before an account will be locked out temporarily. Once locked, the account may need administrator support to be unlocked and made accessible again.

Beyond Password Security

For companies and businesses that use highly-sensitive data, it may be required to go one step beyond just a good password policy that enforces strong passwords. In such cases, a two-factor or multi-factor authentication functionality may be enforced, where additional layers of security are integrated into the sign-in process.

With such a functionality, users will be required to re-validate their identity using one or more of the following:

    • A one-time password or PIN
    • A thumbprint or retina scan
    • A Yubikey, smart card, USB token, or magnetic strip card

Usually, a good Identity and Access Management (IAM) like Akku by CloudNow Technologies will provide companies and businesses with the security features they require by enforcing strong password policies, multi-factor authentication functionalities, and other advanced security features like IP and device-based restrictions.

Are your users’ weak passwords keeping you up at night? Speak to us to see how Akku can help with Password Policy Enforcement and Multi-factor Authentication.

A Step Closer to GDPR Compliance: A Strong Password Policy

The European Union enforced the General Data Protection Regulation (GDPR) in May 2018 with three main aims: to harmonize data privacy laws across Europe, to protect and empower the data privacy of all EU citizens and to reshape the way organizations across the region approach data privacy. As you can see “data privacy” is the keyword in all three of the above mentioned aims. With multiple data breaches coming to light in the recent years, even from several of the world’s biggest corporates, the European Union has enforced stringent measures to regulate the use and prevent the misuse of citizens’ data through the GDPR.

Compliance and Consequences

As stated specifically in the GDPR, all enterprises (whether businesses or organizations) must take a “high level of protection of personal data” as one of their top priorities so that the “abuse or unlawful access or transfer” of such data may be prevented. If data is breached, or if GDPR procedures are compromised, the enterprise will face serious penalties. The fine for the non-compliance to GDPR for breach of data could be up to €20 million or 4% of annual global turnover, whichever is higher, depending on the type and extent of the breach.

This applies not only to enterprises within the EU, but also to those that may be located outside and offer goods or services of any type to the EU. The GDPR rules also apply to cloud controllers and processors.

The Emphasis on Passwords

Interestingly, the GDPR does not place any direct regulations on the way passwords are created or used. However, when it comes to the protection of online data, it’s hard to argue against securing passwords being the logical first step. On the one side, businesses that provide access to customers through an online portal typically ensure that they are creating secure passwords to sign in to by enforcing password policies that define their length and other parameters.

However, the slip often occurs when the employees of these enterprises are allowed to create weak passwords for accessing in-house applications. What is often forgotten is that these applications also carry sensitive data that belong to both the enterprise and its customers. A compromise here can cost the enterprise more than just the data; it will cost its credibility as well.

A strong password policy, therefore, becomes a key first step in the path to GDPR compliance.

The Inevitability of a Password Policy

By enforcing a strong password policy, administrators can ensure that users of an enterprise’s applications set up and use only passwords that are secure and, therefore, much less susceptible to brute force attacks and other hacking attempts.

A password policy defines and enforces a set of rules that include the minimum length, acceptable combination of small and upper case letters, use of numbers and special characters, expiration period of passwords and so on.

Without a password policy, the administrators of an enterprise would have no control over the type of passwords their users set, and would have their hands tied when it comes to situations that lead to a data breach, making it hard to demonstrate the GDPR’s requirement of a “high level of protection of personal data”.

This makes a strong password policy a critical requirement for every on-premise as well as cloud-based application, both for data security and to work towards complying with this aspect of the GDPR.

The Hybrid and Multi Cloud Conundrum

Unfortunately, setting in place a password policy across all of an enterprise’s applications is much easier said than done.

Most enterprises use a wide range of applications across different platforms – both cloud-based and on-premise – with each application operating on different technologies and each with its own identity management and password policy, controlling how users set up passwords in each application can often be an expensive and time consuming process.

Implementing a common bridge layer across of the applications used by the enterprise in the form of an Identity and Access Management (IAM) solution to act as the identity provider (IdP) across all applications is the best way to overcome this challenge.

The Akku Solution

Akku is an identity and access management solution that integrates all of the on-premise and cloud-based applications of an enterprise, providing a single platform for administrators to control employee access, permissions, and levels of control within its different applications.

With Akku playing the role of the identity provider (IdP), it enables administrators to set up a single password policy that will instantly be applied to all of the applications that are accessed by a user at the workplace. This password policy holds good, irrespective of whether the application is on-premise or cloud-based, or across different platforms. Akku also allows for the secure resetting of passwords, as specified by GDPR standards. Besides password policy enforcement, Akku also utilizes a custom salted-hash function, users’ credentials are also encrypted to ensure a high level of security.

Want to explore a quick and hassle-free password policy implementation across your enterprise applications? Get in touch with us today at sales@akku.work

Bolster Data Security with a Powerful and Flexible Password Policy

An array of information being stored online comes with major security risks. Therefore safeguarding data is an important consideration at any organization. And the security of your data relies heavily on the strength of your users’ passwords. The stronger your passwords, the more secure your data! It is important for administrators to drive a strong password policy enforcement, as it is the first layer of defence against black hat hackers and scammers.

A password policy is a set of rules created to upgrade an application’s security by requiring its users to frame a strong password and to utilize it in an appropriate way.

Why is Securing your Border Vital?

In today’s scenario setting up unique passwords for multiple applications is a burden for any user. Most users rely on using a single password for multiple applications, which can put the organization’s data at risk.

This makes implementing a strong password policy essential in protecting your data. Additionally, setting a Password Policy forms a part of the policies or rules for an organization to comply with ISO and PCI certifications.

Top Four Factors for Password Policies

Enforcing a strong password policy in an organization is an uphill task. There are some fundamental norms which are followed by a majority of organizations.

1. Length: The longer the password, the more difficult it is to crack. Set a minimum of 8 characters for your users’ passwords.

2.Complexity: The level of security depends on the complexity of the password framed. Passwords must have a mix of uppercase characters (A-Z), lowercase characters (a-z), numbers (0-9) and punctuations ( eg. !, #, $,*).

3.Expiration: A best practice in improving password security is to have a periodic password expiry. Most often the validity is 30/45 days and at the end of expiry date, the user is forced to change their password.

4.Uniqueness: Require users to set a unique password that has not been used previously when they reset their password.

How Can a Forgotten Password be Securely Retrieved?

When a user logs in with the right password, he is permitted to access the organization’s applications. On the other hand, when a user logs in with incorrect credentials, if the organization allows SSPR (Self Service Password Reset) then the system prompts the user to reset the password on his own.

Here’s how it works – a window pops up with a certain number of questions, and when the user answers all the questions correctly, he is permitted to reset the password. However, this process leaves the door open to social engineering attacks by black hat hackers.

A safer approach is to disallow SSPR in the password policy of an organization. In this scenario, the only way to reset a user’s password is to reach out the admin – this is safer and does not allow any intrusion through social engineering, and therefore reduces the data security threat.

How can a Forgotten Password be Securely Retrieved
How can a Forgotten Password be Securely Retrieved

I shall write more about SSPR and social engineering in my next article.

Enforce a strong custom Password Policy across your organization using Akku’s Password Policy Enforcement feature which brings it all together for improved security.

Addressing the Data Security and Audit Worries of a Leading Manufacturer

Company X is a leading automotive hardware manufacturer. In the competitive manufacturing environment, documentation of activity are standardization of processes are critical requirements.

In the case of Company X, this was already in place, and in fact they had achieved ISO certifications for their process-based approach and class-leading quality.

However, certification brought with it a constant stream of audits to ensure that processes were in fact being followed, and standards maintained. This posed a recurring problem, since a single failed audit could result in the loss of certification and loss of business.

The employees of Company X were well equipped – every employee was given an email address, and employees above a certain grade were provided with a laptop and a smartphone as well. But being an ISO-certified enterprise, the security of devices and data were vital.

Diagnosis and Prognosis

Given the background and the critical business impact of a failed audit, potential problem areas were quickly identified, along with solutions.

One of the first problem areas that needed to be addressed was that many employees tended to set weak, easy-to-crack passwords that exposed the company to data security threats, while also failing to comply with ISO standards.

A strong, universal, standards-compliant password policy was necessary to ensure uniformly high security across user accounts.

A mandatory ISO-compliant password policy for all users could easily be set up with Akku.

The next point of concern was the possibility that sensitive business data could be compromised by employees.

The solution to this was to enable employees to access their company email accounts only from the devices provided by the company.

Akku enabled restricting access to company mail only from devices with its SSL Key installed.

Another issue identified was that website browsing restrictions were implemented only on the company’s firewall. Therefore, exposure of company devices to malware and external threats while outside the firewall was a looming worry.

A DNS filter to restrict browsing access even outside the firewall became essential.

Akku’s website filter provided this functionality with powerful control and ease of use. This helped to keep the company’s devices secure, whether they were located within the company firewall or not.

This type of device-based access control offered by Akku seemed to tick all the boxes, but it would fail to serve its purpose if it could be tampered with by a user.

Many legacy solutions built using plugins were found to be vulnerable to misuse – with these solutions, it was possible for users to find a way to circumvent the access control by simply removing the plugin to enable unrestricted access. The device could then be made to appear uncompromised by reinstalling the plugin later. Such a solution was far from water-tight.

With Akku on the other hand, the implementation of a certificate-based architecture overcame this potential challenge. This was because any attempt to tamper with Akku’s certificate would completely restrict access to their authorized services like official email and other SaaS-based applications. Reactivation would require a certificate password, available only with the systems admin.

By enabling easy identification of any attempts to evade the implemented access restrictions, potential leaks were plugged and accountability enforced.

Trial by Fire

The road to full implementation of Akku was a challenging one.

After the problem areas at Company X were identified and Akku was presented as the solution, a PoC was run successfully with 30 users to confirm that all requirements were in fact addressed completely.

With this first hurdle crossed, the client next proposed implementation and testing at their Japanese parent company. Stringent testing on every parameter of Akku’s performance was carried out over a period of several weeks in Japan.

At the end of this process, Akku was approved for the final roll-out across 300 users.