identity and access management Archives | Page 3 of 5

What is Zero Trust Security?

As organizations increasingly place their data and applications across multiple locations on the cloud, zero trust security is rapidly gaining ground as the network security model of choice among enterprises.

Zero Trust Security is a security model in which a user, irrespective of whether he/she is within or outside the network perimeter, requires an additional verification to get access into a network. There is no particular technology or software product associated with this security model. It simply requires an additional security layer to verify users. This could be anything from biometric verification like thumb-print scanning, or a digital signature verification. Of the two, biometric verification is preferable as it can neither be recreated nor hacked.

Traditionally, organizations have been using what is referred to as the castle-and-moat approach to network security. In this model, the network is the ‘castle’ which is protected by security solutions as a ‘moat’. With this approach, part-of-the-network users were blindly trusted and allowed to enter the castle. However, as companies grew, their data and applications grew with them and the need to split them and store them in multiples silos rose. It also became easier for hackers to gain entry into a “protected” network by accessing a single user’s credentials.

Instead of the castle-and-moat model, adopting the zero trust security model and adding an additional layer of security to a network has been shown to prevent instances of data breaches.

Principles behind zero trust security

1. Trust no one: The model assumes that all the users of the network are potential attackers and hence, no users or systems are to be automatically trusted.

2. Least-privilege access: The users are given access based on a need-to-use basis and nothing more. This can eliminate each user’s exposure to vulnerable parts of a network.

3. Microsegmentation: The entire network is split into segments, each with its own authentication process.

4. Multi-factor authentication: Access to the network requires additional evidence that the user is legitimate.

The network of an organization is its gold mine and most organizations are increasing their spend on network security. Implementing a zero trust security model can go a long way in protecting your network from breaches.

Akku from CloudNow is an intelligent security solution which helps you enforce a zero trust security policy. To know more about its features and how it can benefit your organization’s network security, get in touch with us now.

Why data breaches happen & what you can do to stop them

War seems to have taken a new form in the Information age. Large corporations have reported increased data breaches in the last couple of years and the number is all set to increase in 2019.

Continue reading Why data breaches happen & what you can do to stop them

Working Online? Watch out for Identity Theft!

Identity theft is as real as your identity and as dangerous as the one who steals it. It occurs when an unauthorized person or entity uses your personal information to assume your identity and commit fraud and other criminal activities including stealing from you, or from others in your name.

What does an identity thief steal?

Your name, address, credit card or bank account information, and even information that might otherwise seem harmless, such as photographs, information about your family members or your date of birth could be used in harmful ways in the wrong hands.

How does identity theft happen?

Identity thieves are well-organized, tech-savvy, creative and have seemingly innocent online personalities. They can steal information, simply by requesting it from an unassuming person or by using technological attacks to capture millions of records from enterprises. Sometimes, a stolen wallet or a carelessly-thrown receipt or letter can also lead to identity theft.

Here are some of the ways in which an identity theft may take place in your organization:

Data Breaches

A data breach, accidental or malicious, can have a heavy cost on both the organization involved and the individuals whose data is compromised.

Improper security on company-owned devices or devices that have access to your organization’s data is one of the leading causes of data breaches that lead to identity theft.

Phishing

Phishing involves sending deceptive emails with links to malicious websites that may either request or steal your information. If one of your employees is manipulated by such an email and clicks on a link it provides, it can be dangerous to the organization itself.

Even if your organization’s email can manage to keep out such mails from employee inboxes, if your employee has access to their personal email at the workplace, they are at the risk of being compromised.

Public Wi-Fi Connections

One of the problems with allowing your employees to work remotely is the possibility that they may be working from places that offer open or free public wireless internet connectivity. A criminal who also has access to the same network could also be able to observe all of your employee’s activities.

Mishandled Passwords

Carelessness with passwords, whether in terms of the creation of weak passwords or the way they are stored, can make your employees and your organization susceptible to identity theft.

Read our blog on Everything You Need to Know about Secure Passwords to know more about keeping passwords safe.

How can you prevent identity theft?

When it comes to preventing identity theft, the first step to take is to sensitize your employees on the different ways in which it can happen. Studies have proven that employees are the preferred channels that identity thieves use when they target organizations.

From your end, you also need to:

Set a strong password policy across your enterprise applications, to ensure that your organization is not compromised through your employees’ use of weak passwords
Use two-factor authentication or multi-factor authentication to enhance the security of applications carrying sensitive data
Ensure that your DNS filter works effectively to block out malicious websites that your employees may try to access
Block access to employees’ personal emails at work, so that there a lesser chance of data compromise and data breaches through phishing
Set up IP-based or device-based restrictions so that unauthorized persons are kept out of your applications when they try to access them from unsafe locations or unrecognized devices

An identity and access management solution (IAM) like Akku can help you take control of all the preventive methods listed above, all in one go.

Get in touch with us through sales@akku.work if you wish to know more about how Akku can help protect your organization from identity theft through identity/access management.

Cloud Security 101: Identity and Access Management

An Identity and Access Management (IAM) solution allows organizations to manage user access to critical data. It is an intermediate layer between your users and your applications/data.

Deploying an IAM solution a proven way to improve network security in an organization. A good IAM solution should also reduce the time spent by your IT team to grant access for individual applications, thereby improving architectural simplicity and reducing the load on your servers. This also means that your users have to remember only one set of credentials to access several applications in your on-premise or cloud network.

What should you expect from a good IAM solution?

Streamlined User Access

An effective IAM solution should greatly reduce hassle by providing a slick and time efficient method to validate users. It should be able to do this without compromising on security, allowing only legitimate users to access your network from on-premise or remote systems.

Conventionally, at organizations that have numerous applications on their network, users need to remember multiple sets of credentials, which is inconvenient, but more secure. An effective IAM solution should be able to strike the right balance between the two extremes of convenience and security.

With a single set of user credentials to access all permitted applications and data, memorizing multiple credentials is avoided, improving productivity and ease of use.

Improved Security

Another important feature you should look out for is the ability to control user access to your network. This is typically delivered through device- and IP-based restrictions, which give you the ability to provide access only from specific devices or IP addresses to your network. In addition to simply whitelisting specific requests, an IAM solution should also be able to permanently block illegal access from blacklisted devices and IPs.

Seamless Admin Control

An identity and access management solution should give the administrators of your network a simple and intuitive dashboard with all the controls needed to secure your network and manage access across it. This can go a long way in reducing the cost and time for your IT team.

This includes managing creating and removing user accounts, as well as controlling the level of access provided to each individual user.

Identity and Access Management by Akku

Akku by CloudNow is a state-of-the-art Identity and Access Management solution for all your user management needs. Its powerful SSO function simplifies user identity and access management, IP- and device-based restrictions prevent unwarranted access, multi-factor authentication reinforces security, and a range of other versatile features put you in complete control of your network. Get in touch with us now to know more!

Meet GCP IAM: The Identity and Access Management Solution from Google

Google Cloud Platform (GCP) IAM comes as a free service that is available by default to all users of the Google Cloud Platform. GCP IAM is Google’s identity management console, enabling administrators of organizations to manage access and permissions provided to employees across the range of applications and resources that come as part of the Google Cloud Platform. The main function of the IAM is to grant specific users/roles with access to specific GCP resources and prevent unwanted access to other resources.

The fundamental building block of GCP IAM is an IAM Policy which answers the question of who (identity) has what access (role) to which data or applications (resource). This IAM Policy is made up of permissions, bundled into roles and matched by identities.

Let’s take a closer look at the concepts of identity, role, and resource as defined by GCP IAM, which make it a useful IAM solution.

Identity

A user’s identity can be accounted for through their Google account (assigned to an individual), Service account (assigned to a service related to the user’s role), a Google group (which can contain more than one Google/Service account), or a G Suite domain name (consisting of all G Suite accounts under a particular domain) or Cloud Identity domain (consisting of all G suite accounts under a particular organization) name.

Role

A role is a combination of permissions assigned to an identity. Traditionally, Google had what are now known as Primitive Roles – which were a standard set of 3 – namely, ‘Owner’, ‘Editor’ and or ‘Viewer’.

However, in GCP IAM, Google has gone not one but two steps further – with Predefined Roles and Custom Roles – in allowing administrators a wider range of options when it comes to assigning roles (and therefore, access to do less or more) to the organization’s resources.

With what are known as Predefined Roles, granular separation of duties, such as Instance Admin and Network Admin to name a few, is made possible. Custom Roles, as the name suggests, are roles which administrators can customize based on the organization’s needs.

Resource

As defined by Google, “resources are the fundamental components that make up all GCP services”, and include Cloud Pub/Sub topics, Compute Engine Virtual Machines, Cloud Storage Buckets, and App Engine Instances.

These resources can then be grouped into projects. Administrators can assign permissions based on different roles to identities in their organization in order to provide them with access to specific resources. On the other hand, they can also provide access to projects, which will then provide users with access to all resources under the project.

In the GCP hierarchy, a group of projects can also be placed under a team, teams can be placed under a department and departments can be placed under the organization. Administrators can decide the level of access they wish to give each user based on this hierarchy.

GCP IAM is great, but….

Despite the extensive control it provides to administrators, and the numerous possibilities in authorizing user access, GCP IAM has one downside.

Organizations today utilize a wide range of applications, not all of them being GCP resources. They may use a combination of resources from Amazon Web Services, IBM or Azure, to name a few, and GCP IAM does not support identity and access management on these resources. Its lack of capability to connect with on-prem identity providers such as Microsoft Active Directory and OpenLDAP is another major roadblock.

Looking for one IAM to manage them all? Try Akku, one of the best identity and access management solutions from CloudNow, that can help you manage identities across your on-premise and cloud-based applications seamlessly!

Secure and Efficient Certificate-Based Authentication

Security and privacy of user data are crucial for any organization and is also a major area of risk. So a Secure and Efficient Authentication (SEA) is very important.

How do you make authentication secure and efficient? Let me share some insights on how this can be achieved through certificate-based authentication…

In general, a certificate is a means of creating evidence. In the domain of identity and access management, a certificate creates evidence in the form of a digital signature to verify the identity of an individual, a company, or other entity, and associates that identity with a public key.

Like a driver’s license or passport, a certificate provides a generally recognized proof of a person’s identity. Certificates have one main purpose: to establish trust.

Authentication is the process that verifies that a user is who they say they are. So a certificate makes authentication more efficient because the identity cannot be changed.

By enabling the certificate-based authentication, it is possible to reliably evaluate the user’s right to access the requested resource.

How does it work?

First, the user enters their private password.
The client receives the private key, and creates an evidence – in this case, in the form of a certificate or digital signature.
Now, the client sends the evidence through a secured connection across the network.
The server uses the evidence to authenticate the user identity.
Finally, the server authorizes the evidence and allows access.

This brings us to the question of how to implement a certificate-based authentication in your organization.

Akku by CloudNow is a powerful and secure identity and access management solution that uses certificate-based authentication to control user identity and secure access to your environment. Learn more at www.akku.work

Tag: identity and access management

Why data breaches happen & what you can do to stop them

Control your Cloud!

You have Successfully Subscribed!