Tag: data security

Protecting Your Vault: Safeguard your Data Center with an IAM Solution

At most enterprises, data centers are a repository of information contained within a network of servers from where data is transmitted to other touch points for processing. While these data centers could be cloud-based or on-premise, the security of such business-critical data is of paramount importance.

There could be several vulnerabilities in your network in the form of entry points that seem like they can be ignored. While there are several measures you can implement to physically secure your data center, it takes a lot more to secure remote or even on-premise servers from virtual attacks. An effective data center security solution will allow you to intuitively monitor all the entry points for possible attacks and ensure that you are protected against any breach.

One major part of the solution is the implementation of an Identity and Access Management (IAM) solution as part of your security system.

Staying Protected Online using an Identity and Access Management Solution

The two biggest focus areas for any security solution are authentication and authorization. Although there are overlaps in the usage of the two terms, there are distinct in the way they allow access of data.

Authentication determines if the user trying to enter a system is in fact who he/she is claiming to be, while authorization determines whether the user has the permission to access the data or application that he/she is attempting to access.

A comprehensive IAM solution should be able to intelligently allow you to do both by acting as the Identity Provider (IdP) for your cloud, on-premise or hybrid network and interact with the servers in the data centers to check for authentication and authorization using advanced, yet easy to implement, system architectures.

The Akku Solution

CloudNow’s Akku is an enterprise-grade IAM solution that plays this role perfectly using its custom SAML to provide a robust Single Sign-on (SSO) solution, or to integrate with an SSO solution already in place for your other applications. As an IdP, Akku communicates with the server at the time of login to carry out authentication and validate authorization.

By using a high-end security solution, you can effectively control access to your network and data center and reduce the number of resources dedicated to data center security.

Akku also removes any need for any middleware which could otherwise complicate or even corrupt the security system.

The implementation of an efficient and cost-effective security solution like Akku can go a long way in allowing you to focus on improving the operational efficiency of your organization instead of being caught up with the security threats to your data.

Addressing the Data Security and Audit Worries of a Leading Manufacturer

Company X is a leading automotive hardware manufacturer. In the competitive manufacturing environment, documentation of activity are standardization of processes are critical requirements.

In the case of Company X, this was already in place, and in fact they had achieved ISO certifications for their process-based approach and class-leading quality.

However, certification brought with it a constant stream of audits to ensure that processes were in fact being followed, and standards maintained. This posed a recurring problem, since a single failed audit could result in the loss of certification and loss of business.

The employees of Company X were well equipped – every employee was given an email address, and employees above a certain grade were provided with a laptop and a smartphone as well. But being an ISO-certified enterprise, the security of devices and data were vital.

Diagnosis and Prognosis

Given the background and the critical business impact of a failed audit, potential problem areas were quickly identified, along with solutions.

One of the first problem areas that needed to be addressed was that many employees tended to set weak, easy-to-crack passwords that exposed the company to data security threats, while also failing to comply with ISO standards.

A strong, universal, standards-compliant password policy was necessary to ensure uniformly high security across user accounts.

A mandatory ISO-compliant password policy for all users could easily be set up with Akku.

The next point of concern was the possibility that sensitive business data could be compromised by employees.

The solution to this was to enable employees to access their company email accounts only from the devices provided by the company.

Akku enabled restricting access to company mail only from devices with its SSL Key installed.

Another issue identified was that website browsing restrictions were implemented only on the company’s firewall. Therefore, exposure of company devices to malware and external threats while outside the firewall was a looming worry.

A DNS filter to restrict browsing access even outside the firewall became essential.

Akku’s website filter provided this functionality with powerful control and ease of use. This helped to keep the company’s devices secure, whether they were located within the company firewall or not.

This type of device-based access control offered by Akku seemed to tick all the boxes, but it would fail to serve its purpose if it could be tampered with by a user.

Many legacy solutions built using plugins were found to be vulnerable to misuse – with these solutions, it was possible for users to find a way to circumvent the access control by simply removing the plugin to enable unrestricted access. The device could then be made to appear uncompromised by reinstalling the plugin later. Such a solution was far from water-tight.

With Akku on the other hand, the implementation of a certificate-based architecture overcame this potential challenge. This was because any attempt to tamper with Akku’s certificate would completely restrict access to their authorized services like official email and other SaaS-based applications. Reactivation would require a certificate password, available only with the systems admin.

By enabling easy identification of any attempts to evade the implemented access restrictions, potential leaks were plugged and accountability enforced.

Trial by Fire

The road to full implementation of Akku was a challenging one.

After the problem areas at Company X were identified and Akku was presented as the solution, a PoC was run successfully with 30 users to confirm that all requirements were in fact addressed completely.

With this first hurdle crossed, the client next proposed implementation and testing at their Japanese parent company. Stringent testing on every parameter of Akku’s performance was carried out over a period of several weeks in Japan.

At the end of this process, Akku was approved for the final roll-out across 300 users.