data security Archives

Data Logging and Audit: The IAM advantage

One of the key functions of an effective Identity and Access Management (IAM) solution is data logging, to capture and store information about which users access what applications, and when. These logs can help to drive effective decision-making through auditing in three key areas – financial, security, and compliance. Here’s how.

Financial audits

Optimization of software licensing is an area where your IAM can play a role in financial auditing.

Through the logs maintained by your IAM, it is possible to extract actionable insights on the actual usage of software licenses that your organization owns, and therefore the number of users actively using each application, and whether there is very low usage of certain applications.

This makes optimization possible by reducing the number of licenses for specific applications if they are in excess, and by dropping or retiring applications that are not being used.

It is important to note that most IAMs will only capture the base data that would feed such audits and analysis, and generally would not provide these insights within the platform. However, if you are working with a highly flexible IAM, such customizations should be possible to implement.

Security audits

Logging user actions can help companies improve security as it is a way for administrators to detect breaches early, and also analyze and provide verifiable evidence of the source of breaches.

An effective IAM solution would maintain detailed logs monitoring all access and activity on the organization’s apps, ensuring that there is no unaccounted access. This provides complete visibility into which users have accessed which applications, and when.

Security auditing verifies whether all documented protocols are being followed and assists in preventing and tracking down malicious activity. To maximize the security benefits of audit logging, logs should be reviewed regularly and often enough to detect security incidents.

Compliance audits

Compliance audits help to ensure the efficiency of compliance programs, to ensure that your organization achieves and maintains certifications and recognized standards, in turn leading to improved customer loyalty and satisfaction.

Your IAM can help to provide verifiable evidence of compliance with security, data protection, and privacy standards and laws. This is achieved through features such as multi-factor authentication and enforcement of strong password policies. Similarly, prompt deprovisioning of user accounts through a single sign-on (SSO) functionality, and dissemination of mandatory employee communications through the common platform of the IAM go a long way towards complying with statutory standards.

Compliance logs are also useful when it comes to following General Data Protection Regulation such as respecting employees’ right to be forgotten.

Are you making the most of the logs captured by your IAM to manage financial, security, and compliance audits at your organization? Unlock the value of your data, and take it even further with customized reporting and dashboards with a highly flexible IAM solution like Akku.

Managing Identity and Access in the Workplace

Identity and access management, sometimes simply known as identity management, refers to the IT function of maintaining security through the management of digital identities. In a workplace, this includes provisioning employees with accounts to all applications and platforms they will be using for their official tasks, assigning them with the right kind of permissions to each of these applications/platforms, and making sure that the right people have the right access to the right resources and data. Continue reading Managing Identity and Access in the Workplace

Why an IAM solution is a Crucial Investment for Financial Services Organizations

Today, migrating to the cloud is a crucial stage in a financial enterprise’s growth and development. It is, quite simply, the most efficient way of running operations. With this in mind, financial services organizations are investing significant resources in cloud-based technologies, including infrastructure, platform, and software as a service. Continue reading Why an IAM solution is a Crucial Investment for Financial Services Organizations

Begin Here to Build a Trusted Business

According to the PwC 21st Annual Global Survey, reliability, congruence, consistency, and transparency are the four pillars for building trust among customers and other stakeholders. The same survey also found that 65% of CEOs are concerned about declining trust in business. If you have the same concern, here are some useful suggestions!

Continue reading Begin Here to Build a Trusted Business

Overcoming the Challenges of the Media Industry With Identity

When the digital revolution started, media companies were among the first ones to embrace it. Today, most media companies create content targeted exclusively at online subscribers on digital platforms, pivoting their efforts to become more user-friendly for a digital audience.

In order to convert free digital users into paid users, it is also important to effectively profile them and target the right ads to the right users. Therefore, it becomes crucial to learn more about the users logging in to view media content – whether on an online magazine or a video streaming platform. At the same time, user information that is collected online needs to be safeguarded and the methods used for data handling must adhere to strict regulations. Continue reading Overcoming the Challenges of the Media Industry With Identity

Security vs. Usability

Security vs. usability – the debate has been around for quite a while now. Which one would you prioritize? Would you consider convenience more important than security when it comes to the identity management of consumers? What are your users more inclined to? Is there a way to find a balance between the two? Continue reading Security vs. Usability

Is Social Login a Secure Login?

Social login is a form of single sign-on, where users are allowed to log into an application or website using one of their existing social media account credentials. A social login, therefore, eliminates the need for users to register on yet another online platform – saving them the need to remember yet another set of credentials.

If you are a business, you may have noticed that a social login option on your online platform has had a positive effect on the number of registrations you receive. If you are an individual user, you may have found the option to either “Sign up” or “Login with Facebook/Google” and felt relieved that you were able to access the platform in just a few seconds by choosing the latter. But have you ever thought of how secure this method of login really is?

Let us look at the various aspects that affect the security of social login.

Social networks invest more on security

Social login is, by and large, considered to be a secure login method. This is because social media platforms including Google and Facebook are huge, powerful corporations in the online world with more potential than the original business (to whose website/application you are logging into) to set up strong security measures.

One compromised credential = multiple compromised accounts

On the other hand, if a hacker does manage to crack the social account – either due to a weak password or through a brute-force attack, this puts not only a user’s social media profile under threat but all of the applications and websites in which the user has used a social login option. The problem is only made worse with advanced threats like credential stuffing.

Similarly, if an individual’s phone is stolen and unlocked, with a Facebook or Google account that is still logged in, more than just one account is again compromised.

Third-party tracking scripts continue to threaten

Research conducted by Princeton’s Center for Information Technology Policy revealed that, when you log in to a website or application using social login, a third party might be able to place tracking scripts on the website or application. These tracking scripts have the ability to steal information that you have shared with the website or application during the social login – and sometimes even more than just that!

Although Facebook has announced, post publication of this study, that it would address this loophole in their universal login API, experts say that the issue may be deeper and more complicated than that. It is a harsh reality that a number of companies today create software and tracking tools that can be used to scoop, steal and sell information from such platforms.

So, what is the solution?

While the ease and convenience of social login is undeniable, it is also becoming increasingly difficult to ignore the potential threats of using such a feature. The next time you are thinking about a social login, keep these points in mind:

Enable multi-factor authentication and risk-based adaptive authentication features that are provided by your social media network. A number of social network providers have set up these built-in security enhancement features, but they may not be enabled by default. Make sure to check your account/privacy settings and make the appropriate changes. This way, an additional layer of security will back you up even in case that your username/password are compromised.

Check what permissions are being asked of you by the website or application that you are registering to using a social login. There will be a request to access your name, public profile and a few other details sometimes. Provide only information that you think is relevant to the site and deny all others. It might also help if you go back to your social media account and check what all is part of your public profile, and change those settings in order to limit the information you are allowing someone else to access.

Use the social login feature selectively. If you are wary of a website or application, or if you are sure you will not be using it too ofteis n (and hence will not need a quick login method), then avoid logging in to them using your social media credentials. We suggest creating an email ID only for such occasional-use sign ups and using that to register instead.

If you are a business offering social login, you could offer your users with more security by integrating your application or service with an identity and access management solution (IAM) like Akku which comes with advanced features like multi-factor authentication, location-based restrictions, and suspicious login prevention. We also recommend that you speak to a cloud specialist on other cloud security measures that you can implement.

The Key to Data Security: WebAuthn

What is WebAuthn?

WebAuthn (Web Authentication API) is a global standard specification for secure authentication on the Web, formulated in 2018 by the World Wide Web Consortium (W3C).

This browser-based API allows user authentication on web applications through the creation of strong “credentials” and user-agent-mediated access to authenticators. This could be either in the form of hardware tokens (like U2F security keys) or in-built modules (biometric readers like Google Hello, Apple Touch ID) in the platform. Web Authn has garnered the support of all leading browsers like Chrome, Firefox, and Edge, and is compatible with all leading platforms.

How does WebAuthn Work?

With WebAuthn, a relying party (such as web service) can integrate a strong layer of authentication into applications with a choice of authenticators. It replaces the need for a password with the generation of a private-public key pair (credential) created for a website. While the private key is stored on the user’s device, the public key is generated randomly and shared with the server. The server then uses the public key to confirm the user’s identity.

The following steps are involved in WebAuthn:

The user opens a website using their device
On the request of the web service (replying party) through the Credential Manager API, the browser generates a new credential, specifying the user’s device capabilities.
During the registration process, the user is offered multiple authentication options. This may vary from external authenticators to biometric authenticators like fingerprint analysis or facial recognition.
Choosing any of the authenticators offered, the user completes the registration process.
The authenticator generates a key pair (a public and a private key) – the public key is forwarded to the server, the private key is stored in the user’s device

Why use WebAuthn?

The public key and private key, both need to be used in conjunction. Therefore, by eliminating the need for a “secret” such as a password, WebAuthn drastically improves data security and prevents data breaches. Even if the public key is hacked, it will not function without the private key – which is stored in the user’s device – and becomes useless.

These are some of the scenarios in which WebAuthn can be useful:

Setting up two-factor authentication (with or without passwords) that is resistant to friction and phishing
Using biometric authorization that eliminates the need for passwords
Recovering lost or stolen devices and bootstrapping of new devices

Find out how you can improve data security and prevent data breaches with Akku. Get in touch with us for a free demo today!