Web content filtering: The benefits to hybrid organizations

The main objectives behind web content filtering are accuracy, scalability, and maintainability and unless you have the right service provider working with your organization, these three objectives are going to be hard to meet.

It’s because the three are like cogs in the wheel, and every one of them counts. Accurate blocking makes scalability and maintenance difficult, while easily scalable and maintainable content filtering systems may not be as accurate. 

That’s why content filtering as a service is constantly evolving to address all of these issues and ensure enterprises have a multi-layered defense strategy in place against viruses, malware, phishing attacks, and so on.

First, let’s look at why your hybrid organization needs it

  • Managing compliance requirements:
    By blocking offensive or distracting sites such as social networking platforms and video streaming services on a corporate network you are improving employee productivity as well as ensuring you are managing compliance requirements.
  • Managing bandwidth:
    Web content filtering and YouTube category-based filtering enable organizations to track and regulate access to websites based on their content categories, it can prevent the use of high bandwidth sites like streaming sites that can reduce network performance.
  • Managing cyber threats:
    Web content protects the network by blocking sites that are high-risk, spam, and malicious websites, as well as preventing data leakage. Websites can be blocked by category. For example, websites that come under categories such as Social Media or Entertainment can be blocked.

So, why not just use a firewall, you may wonder.

Well, you can, but the firewall will naturally block particular websites based on defined rules, and that means you cannot allow sub-categories within the website to be whitelisted. For instance, say, a channel on youtube. If your firewall is set to block youtube, the site as a whole will be inaccessible.

The second reason a firewall may not be a perfect choice is that it depends on the internet connection, not on the user or device. And in this era of hybrid working, firewalls can be bypassed if users connect to their home internet.

What you want is to keep the company devices safe and protect them from the risk of compromise even if they access the net from an outside firewall.

Use content filtering the right way

Content filtering is a tool and like any tool, knowing how to use it correctly will help you accomplish your goal. The right service provider can help you navigate the realm of web content filtering.

Take Akku’s content filter for instance. It can be configured to whitelist and blacklist sites. Even within the whitelisted sites, like for instance, YouTube, the Akku filter allows specifically whitelisted channels or categories, blocking all the other irrelevant ones. Akku’s filter uses a proxy server to read each video’s metadata to only allow viewing YouTube content that is allowed, for instance, some reference data or upskilling resources. The filter also allows you to restrict employees by user category defined on Akku’s identity access management solution.

In the hybrid work environment, content filtering by user works better than a firewall internet connection-based content filtering. It’s also helpful for companies too small to invest in on-prem firewalls.

Akku’s dedicated sales specialists are always ready to help with any information you need on content filtering. Contact us to find out more.

The simpler way to manage Remote Employee Onboarding

When onboarding new employees, it’s important to keep the process as simple as possible. When all new user activity occurs in a single system, onboarding, especially remote onboarding, becomes seamless and effortless.

If your onboarding system is integrated with Akku, or if you use Akku itself as the onboarding system, this system becomes the first point of engagement for the user with the organization. Every step of the onboarding process is guided by this tool. Since it collects all the user data requested at the very beginning of the interaction with the new employee, Akku becomes the single source of truth for the entire career journey of the employee.

The onboarding process

Once the employee has been recruited, they are instructed to create an Akku account using their personal email address. A website link is then sent to the employee’s personal email id. Upon clicking on this link, the employee is led to a portal where they can begin onboarding by requesting their new corporate credentials.

Once they receive their new credentials, users log on to the same system using their corporate email address and password. On the same landing page, they see the list of guidelines to be followed, documents to be submitted with deadlines, date and location of reporting, how and what to do upon joining the organization, and more. All details are shared in a single window, often including a downloadable offer letter.

A single source of truth

Since the onboarding process for all employees is undertaken through a common digitized system, Akku becomes a ‘single source of truth’ for all information related to each employee. 

This makes onboarding seamless from the documentation perspective, as the new employee has to upload documents to a single location, and all departments involved can access them directly, as and when needed.

Similarly, since provisioning happens through Akku, access to all relevant software and other digital assets is also granted effortlessly through a single application. Not only is provisioning seamless, but authorized managers across departments can also view details pertaining to the new employee via Akku’s dashboards, as it is the single source of information about the new team member.

Remote onboarding 

This kind of single-window onboarding is extremely valuable to employees working remote or hybrid, as most of their interaction with the organization will be virtual. An efficient onboarding process makes a great first impression. It shows that as an employer, you consider employee support to be a tech priority.

Much of the Know Your Employee (KYE) documentation can (or sometimes, should) be completed before the employee actually joins the organization. Since the portal is open at any time and can be accessed from anywhere, remote document collection (in the form of soft copies) is seamless. This is especially important and useful for employees working remotely, as they may not be located in the same area as your office and could need to travel to visit the office to submit hard copies.

Similarly, since employees are also offered virtual orientation, knowledge transfer and access provisioning, remote onboarding becomes easier.

Benefits to remote employees

  1. Seamless documentation: As discussed earlier, since Akku is a single source of truth, all documentation takes place virtually through the portal itself.
  2. Seamless provisioning: As an Akku-based onboarding system of this kind is a single source of truth in the organization, employees do not have to go outside the system to upload data and documentation about themselves, nor to access relevant information, knowledge, or relevant assets.
  3. Seamless knowledge transfer and training: Akku is integrated with a communication system to push messages and communiques to users. Using this tool, orientation, knowledge transfer and initial training can take place through the system itself.
  4. Seamless reporting: The same tool provides user activity monitoring as well, for the duration of onboarding and orientation, since it tracks the progress of the new employee through the predefined process. Akku can directly intimate HR, reporting manager and head of department regarding the progress of the employee through the KYE process via the system dashboards.
  5. Seamless identity management: Since Akku is a full-fledged IAM, the new employee can directly be provisioned with access to all required software and other assets through Akku itself. At the same time, account credentials for single sign-on (SSO) can also be directly generated.

Automated, single-window onboarding for remote employees makes the process significantly more efficient, especially for large enterprises with a huge number of employees joining per day. Single-window reporting is also a feature that smaller businesses find extremely useful, as it makes user management much more efficient for small HR teams. 

Wondering how to make your onboarding process more efficient? Take it digital with Akku. Contact our team today to discuss how to get started.

Maintaining in-house control of your digital access gateways

Unless you have the right kind of access control, you don’t have ownership of your assets. For digital assets, you also need a proper access gateway, which should not be under third-party control for storage and management. That’s because losing access keys means losing control of assets. With digital gateways, one can access the assets without needing to know where the keys are. It is very important to always keep these gateways running, disaster-free and tamper-free, and free of vendor lock. 

Digital vaults

In a smart society and business set-up, every person has the right to their own digital vault to store their digital keys, with a common gateway to access all their assets. This digital gateway should be tamper-free, immutable and self-sovereign. You need a reliable, dependable single gateway for all digital assets wherever they are, with distributed and decentralized systems.

Multi-cloud data storage

Cloud computing makes this possible, as it works with distributed and elastic principles itself. Data can be distributed into multi-cloud platforms. One can build need-based custom IAMs for digital gateways by spanning its infrastructure into a multi-cloud environment with distributed storage like Hadoop and distributed databases with hash sharding, as distributed technology has self-balancing and auto-scaling features.

In-house or third-party?

It is extremely complex to build such a system manually. Instead, you can achieve the same result with the Google Anthos multi-cloud platform. As it can work on other cloud platforms as well as on on-prem platforms, it is vendor-lock-free.

Google Anthos

Since Anthos is a multi-cloud platform, you are not forced to depend on specific highly integrated tools specific to that cloud service provider. Rather than siloize each cloud environment, you can use Anthos to deploy and manage workloads to multiple cloud platforms. Google Anthos allows the creation of Kubernetes clusters in both AWS and Azure environments.

Source: https://cloud.google.com/anthos/clusters/docs/multi-cloud

For any organization to keep its digital world alive and healthy, this kind of multi-cloud environment with hybrid cloud architecture is required. It might be the foundation of the smart world.

At CloudNow – creators of the Akku Identity and Access Management solution – we understand the importance of maintaining the sustainability and privacy of digital gateways, the real holder of all digital assets. Contact our team to learn more about how to implement a cloud-based access control system that works for your organization.

When should you implement an IAM solution?

In which stage of the user or employee lifecycle should an IAM solution ideally be implemented? The answer is: Right at the beginning, during onboarding. When the IAM is implemented early, it becomes part of the organization’s culture and ethos.

Provisioning and onboarding

Access to necessary applications and data needs to be provisioned as soon as the employee is onboarded. When an IAM is not used, access may be provisioned improperly with the intent to keep track manually and perform proper provisioning later.

For enterprise-level organizations with a huge number of employees, this causes issues at a later stage, as you may not have a proper record of the rights provided to each individual. When access provisioning is done properly with an IAM, access privileges will be tracked automatically to keep track of what access is and is not given to each employee.

Redundant data capture is also a real problem as the same data is entered by the new employee in the HRMS and then in the IAM for provisioning. By using a single platform, the redundancy is eliminated.

Single-platform onboarding

Instead of onboarding through multiple tools such as an HRMS or ERP, you can complete onboarding through a single platform – an IAM, such as Akku. You can also integrate your HRMS with Akku’s REST API, if you prefer. When using Akku for onboarding, your employees can upload all required induction documents through the IAM dashboard itself. This could include proof of identity documents, experience certificates, etc. Akku also allows you to set deadlines and schedule reminders for each employee. 

Why choose Akku?

Many businesses choose to work with Active Directory to simplify onboarding. However, there are certain issues with AD, including non-seamless remote working and of course, the enterprise-level costing.

Additionally, in as much as 50-70 percent of cases, in our experience, employees are brought in via a different tool and then asked to provide details on IAM as well. Instead, you can streamline the process with Akku, a tool that allows single-point data capture for onboarding.

The twin benefits of IAM: Streamlining compliance processes and security

Process reliability, transparency, traceability, and flexibility – the four aspects of modern IT security. An Identity and Access Management solution (IAM) is the foundation for all four.

IAM plays an important role in regulatory compliance. To achieve certifications like ISO and meet standards such as the European General Data Protection Regulation (GDPR), an enterprise needs to ensure strong documentation and process standardization, provided for by a robust IAM program. With live data and analytics from the IAM, you can confirm you are standards-compliant, any time. You don’t need to scramble for documentation at audit time.

The right IAM provides availability of information and automated security measures result in faster processing, compliance with legal regulations, fewer violations, and reduced vulnerability. Here’s what to look for when selecting your IAM solution provider.

Are the access logs being maintained?

Maintaining logs ensures that no one accesses the server without being accounted for. With the right IAM, such as Akku, every entry to the data host server, and every server activity, is accounted for with timestamps. 

Akku ensures double security and accountability. If an Akku executive needs server access, your IT admin will receive an OTP for authentication; both need to be logged on simultaneously for access by either. It applies the principles of ‘zero trust’ or ‘least privilege’, wherein all traffic is authenticated, authorized, and continuously validated at all times.

Are you receiving instant alerts?

The GDPR requires that any information that can identify a person be protected – from their personal and contact details to their bank accounts and health records and even their political views. GDPR requires that all data breaches be reported within 72 hours. Your solution provider must enable you to do this. Akku, for instance, sends instant alerts upon encountering any suspicious activity.

Is your solutions provider enforcing password policies?

Passwords are integral to cybersecurity; they are an organization’s first line of defense. However, according to the 10th edition of the Verizon Data Breach Investigations Report, 81% of hacking-related breaches leveraged stolen and/or weak passwords. 

That’s why you need documented proof of strong passwords, and enforceable policies in place to make sure the passwords are indeed strong and secure. One solution is when the IAM’s default password policy is itself compliant with industry standards, as is the case with Akku. It can be further customized based on your organization’s compliance needs. If you need more information on this, do get in touch with the executives at Akku.

Are you “forgetting” employees the right way?

To comply with GDPR, you need to respect ex-employees’ “right to be forgotten”. Employee data can be stored only for a specific purpose. For instance, if you use an employee’s information for a seminar in April with their consent, you cannot use it again in December without their explicit consent. Also, there may be contractual or self-employed workers, and data protection regulation requires that you delete their data once they have left the organization. Since IAMs like Akku manage the entire user lifecycle, one-point deprovisioning and deletion of records makes this easy.

What about managing internal communication?

Certain employee training programs and surveys are mandatory for compliance with  the various norms and laws. While it isn’t a standard feature in all IAMs, some solutions like Akku offer an internal messaging feature. Using this, videos and other content can be rolled out seamlessly for continuous learning. 

Can you check app usage?

Does your IAM solution provider allow you to track all aspects of activity on your server environment? They ought to, as this gives you a better understanding of patterns of usage, actual utilization, and other useful information. Using this data, you can make decisions like whether you need to upgrade the server, increase or decrease the number of app licenses, and so on. Akku is one of the IAMs that provide this facility.

If you are looking at improving audit compliance and making standardization easier, it’s important to roll out an effective Identity and Access Management solution that works for your unique needs. Connect with Akku to learn more.

A malicious user gaining access to your apps can be catastrophic. Here’s how a secure SSO could help.

In any enterprise, it is a given that employees will come and go, and many will switch roles within the organization as well. At the same time, the same is true for the applications that the company uses – new apps will be deployed, old ones will be retired, and changes are constant.

What this means is a continuous churn – in identity management for users, and service providers, by means of the SaaS applications in use. Ensuring data and app security across the organization depends heavily on ensuring secure communication between your identity provider and service providers.

Deploying a robust Single Sign-On (SSO) solution represents the best answer to this challenge. An SSO allows an enterprise to manage the identities of employees in one place, and delegate access and privileges from there.

Most SaaS providers support SSO integration as it is the most efficient route to centralized identity and access management. The SSO authentication method also enables users to securely access multiple apps and websites with a single set of credentials, which reduces issues like password fatigue, which boosts security, lowers IT help desk load, and increases organizational efficiency.

How SSO works

To get your SSO in place, you need to find the right identity provider. The identity provider is essentially a service that securely stores and manages digital identities. An SSO works based on a trust relationship between the app and the identity provider.

Organizations establish a trust relationship between an identity provider and their service providers to allow their employees or users to then connect with the resources they need. Such a trust relationship is established by exchanging digital certificates and metadata. The certificate carries secure tokens which contain identity information like email address and password, to authenticate that the request has come from a trusted source and to verify identity. 

Although SSO can work with as many apps as the organization wants, each must be configured with a unique trust relationship.

How the Service Provider-Identity Provider relationship works

Once an identity provider is onboarded, every time a user tries to connect to a service provider, the sign-in request is sent to the central server where the identity provider is hosted. The identity provider validates the credentials and sends back a token. If their identity cannot be verified, the user will be prompted to log into the SSO or verify credentials using other methods like a TOTP. Once the identity provider validates the credentials it sends the user a token.

The token confirming the successful authentication is validated by the service provider against the certificate initially configured and shared between service provider and identity provider, after which the user can access the application.

The identity provider verifies the user credentials and sends back an ‘authentication token’ (almost like a temporary ID card) to the service provider. And, of course, all this happens in a fraction of a second.

Advantages of using SSO

  • Simplifies credentials management for users and admin
  • Improves speed of app access
  • Reduces time spent by IT support on recovering passwords
  • Offers central control of password complexity and MFA
  • Simplifies provisioning and de-provisioning
  • Secures the system as information moves encrypted across the network
  • Completely seamless/transparent to the user
  • Easy to add on new service providers

Akku is a powerful identity and access management solution that can enhance data security, efficiency, and productivity across your corporate network through its robust SSO feature. If you would like assistance on ensuring secure access for all your users to your organization’s applications, do get in touch with us.

Burn down the Firewall! The Future is Device-level Security

Many enterprises have built their cybersecurity around their firewalls. But increasingly, the firewall is losing favor in modern enterprises with apps and data on the cloud being accessed from devices and networks anywhere in the world. 

The traditional cybersecurity tool is a network security device that monitors traffic to or from the network. It allows or restricts traffic based on a defined set of security rules.

Legacy firewalls: Blurring boundaries

The issue with this is that firewalls do not go far enough in securing your systems. By the nature of their operation, firewalls create boundaries around your network. Today, with enterprises using many interlinked networks, multiple IPs and cloud computing, boundaries are fading. As a result, firewalls are less effective.

Based on a recent study, businesses are increasingly mistrustful of firewalls. Over 60 percent of respondents stated that: (1) their legacy firewalls don’t prevent cyberattacks against critical business and cloud-based applications; (2) their legacy firewalls cannot contain a breach of their organization’s data center perimeter; and (3) their legacy firewalls do not enable enterprise-wide Zero Trust.

As Gartner puts it, Zero Trust is “useful as a shorthand way of describing an approach where implicit trust is removed from all computing infrastructure”.

In addition, legacy firewalls impact organization flexibility and speed to a large extent. It is hard to update security rules on the firewall, and the study found that on average, enterprises take as much as three weeks to update firewall rules to accommodate any update needed. This can have a crushing security impact. They also limit access control, with policies that are often not sufficiently granular.

For all these reasons, legacy firewalls are increasingly falling into disfavor with enterprises of all sizes.

Cloud Access Security Broker (CASB)

A traditional firewall stands between your network and a non-trusted network (for example, the Internet). However, cloud data and apps are hosted on the Internet and as a result, legacy firewalls are not very good at protecting apps and data on the cloud.

Just like a traditional firewall protects the trusted network against attacks, a CASB protects cloud assets (applications, data, platforms and infrastructure) against cyberattack. They act as a foundational cybersecurity tool and resolve many of the issues associated with legacy firewalls.

A cloud-hosted or on-premises software, a CASB acts as an intermediary between users and cloud service providers, and can secure SaaS, PaaS or IaaS environments. It provides visibility into application access, maintains logs of activity, and allows enterprises to modify and create policies that suit cloud infrastructure and assets. A good CASB brings together key elements of privilege access management (PAM), identity and access management (IAM) and identity governance and administration (IGA).

Identity and Access Management solution (IAM)

As many as 90 percent of businesses believe that an IAM is indispensable to their cybersecurity plans. An IAM offers device-level security. This helps plug the gaps left by legacy and CASBs. Through IAMs, enterprises can provide granular access control, with unique rules defined for each user and class of user.

IAM offers comprehensive password management support, in the form of password policy management and single sign-on (SSO) SSO allows users to create and remember just one set of credentials for a whole suite of applications. This reduces risk of password loss and noting the password in unsafe locations. With password policy management, businesses can define rules to create strong, secure passwords that are less prone to cracking.

User-friendly provisioning and deprovisioning makes errors less likely. IT administrators find it easier to remember to revoke access when employees leave the organization when deprovisioning can be done with a single click. This also secures cloud apps against unauthorized access.

In a very real way, identity is the new firewall. When the device is secure against unauthorized logins, business-critical apps and data are as well, whether housed on-premises or on the cloud. Secure identity and access with an IAM you trust – like Akku, the premier IAM. Contact our experts today to discuss how to get started.