identity management Archives

Working Online? Watch out for Identity Theft!

Identity theft is as real as your identity and as dangerous as the one who steals it. It occurs when an unauthorized person or entity uses your personal information to assume your identity and commit fraud and other criminal activities including stealing from you, or from others in your name.

What does an identity thief steal?

Your name, address, credit card or bank account information, and even information that might otherwise seem harmless, such as photographs, information about your family members or your date of birth could be used in harmful ways in the wrong hands.

How does identity theft happen?

Identity thieves are well-organized, tech-savvy, creative and have seemingly innocent online personalities. They can steal information, simply by requesting it from an unassuming person or by using technological attacks to capture millions of records from enterprises. Sometimes, a stolen wallet or a carelessly-thrown receipt or letter can also lead to identity theft.

Here are some of the ways in which an identity theft may take place in your organization:

Data Breaches

A data breach, accidental or malicious, can have a heavy cost on both the organization involved and the individuals whose data is compromised.

Improper security on company-owned devices or devices that have access to your organization’s data is one of the leading causes of data breaches that lead to identity theft.

Phishing

Phishing involves sending deceptive emails with links to malicious websites that may either request or steal your information. If one of your employees is manipulated by such an email and clicks on a link it provides, it can be dangerous to the organization itself.

Even if your organization’s email can manage to keep out such mails from employee inboxes, if your employee has access to their personal email at the workplace, they are at the risk of being compromised.

Public Wi-Fi Connections

One of the problems with allowing your employees to work remotely is the possibility that they may be working from places that offer open or free public wireless internet connectivity. A criminal who also has access to the same network could also be able to observe all of your employee’s activities.

Mishandled Passwords

Carelessness with passwords, whether in terms of the creation of weak passwords or the way they are stored, can make your employees and your organization susceptible to identity theft.

Read our blog on Everything You Need to Know about Secure Passwords to know more about keeping passwords safe.

How can you prevent identity theft?

When it comes to preventing identity theft, the first step to take is to sensitize your employees on the different ways in which it can happen. Studies have proven that employees are the preferred channels that identity thieves use when they target organizations.

From your end, you also need to:

Set a strong password policy across your enterprise applications, to ensure that your organization is not compromised through your employees’ use of weak passwords
Use two-factor authentication or multi-factor authentication to enhance the security of applications carrying sensitive data
Ensure that your DNS filter works effectively to block out malicious websites that your employees may try to access
Block access to employees’ personal emails at work, so that there a lesser chance of data compromise and data breaches through phishing
Set up IP-based or device-based restrictions so that unauthorized persons are kept out of your applications when they try to access them from unsafe locations or unrecognized devices

An identity and access management solution (IAM) like Akku can help you take control of all the preventive methods listed above, all in one go.

Get in touch with us through sales@akku.work if you wish to know more about how Akku can help protect your organization from identity theft through identity/access management.

Cloud Security 101: Identity and Access Management

An Identity and Access Management (IAM) solution allows organizations to manage user access to critical data. It is an intermediate layer between your users and your applications/data.

Deploying an IAM solution a proven way to improve network security in an organization. A good IAM solution should also reduce the time spent by your IT team to grant access for individual applications, thereby improving architectural simplicity and reducing the load on your servers. This also means that your users have to remember only one set of credentials to access several applications in your on-premise or cloud network.

What should you expect from a good IAM solution?

Streamlined User Access

An effective IAM solution should greatly reduce hassle by providing a slick and time efficient method to validate users. It should be able to do this without compromising on security, allowing only legitimate users to access your network from on-premise or remote systems.

Conventionally, at organizations that have numerous applications on their network, users need to remember multiple sets of credentials, which is inconvenient, but more secure. An effective IAM solution should be able to strike the right balance between the two extremes of convenience and security.

With a single set of user credentials to access all permitted applications and data, memorizing multiple credentials is avoided, improving productivity and ease of use.

Improved Security

Another important feature you should look out for is the ability to control user access to your network. This is typically delivered through device- and IP-based restrictions, which give you the ability to provide access only from specific devices or IP addresses to your network. In addition to simply whitelisting specific requests, an IAM solution should also be able to permanently block illegal access from blacklisted devices and IPs.

Seamless Admin Control

An identity and access management solution should give the administrators of your network a simple and intuitive dashboard with all the controls needed to secure your network and manage access across it. This can go a long way in reducing the cost and time for your IT team.

This includes managing creating and removing user accounts, as well as controlling the level of access provided to each individual user.

Identity and Access Management by Akku

Akku by CloudNow is a state-of-the-art Identity and Access Management solution for all your user management needs. Its powerful SSO function simplifies user identity and access management, IP- and device-based restrictions prevent unwarranted access, multi-factor authentication reinforces security, and a range of other versatile features put you in complete control of your network. Get in touch with us now to know more!

Secure and Efficient Certificate-Based Authentication

Security and privacy of user data are crucial for any organization and is also a major area of risk. So a Secure and Efficient Authentication (SEA) is very important.

How do you make authentication secure and efficient? Let me share some insights on how this can be achieved through certificate-based authentication…

In general, a certificate is a means of creating evidence. In the domain of identity and access management, a certificate creates evidence in the form of a digital signature to verify the identity of an individual, a company, or other entity, and associates that identity with a public key.

Like a driver’s license or passport, a certificate provides a generally recognized proof of a person’s identity. Certificates have one main purpose: to establish trust.

Authentication is the process that verifies that a user is who they say they are. So a certificate makes authentication more efficient because the identity cannot be changed.

By enabling the certificate-based authentication, it is possible to reliably evaluate the user’s right to access the requested resource.

How does it work?

First, the user enters their private password.
The client receives the private key, and creates an evidence – in this case, in the form of a certificate or digital signature.
Now, the client sends the evidence through a secured connection across the network.
The server uses the evidence to authenticate the user identity.
Finally, the server authorizes the evidence and allows access.

This brings us to the question of how to implement a certificate-based authentication in your organization.

Akku by CloudNow is a powerful and secure identity and access management solution that uses certificate-based authentication to control user identity and secure access to your environment. Learn more at www.akku.work

Is Your Data Secure? No…

As per a survey by Forrester Research (Forrester Consulting Thought Leadership Paper, February 2017), in the last 4 years, out of every three organizations, two have had an average of at least 5 breaches. There are nearly 6 billion data records that were stolen and lost in the past 10 years. According to www.breachlevelindex.com, an average of 165,000 records are compromised every hour. According to this article published on www.csoonline.com, global cybercrime related damage is expected to exceed US$ 6 trillion annually by the year 2021.

How can IAM help protect data?

Identification: Users make their claim on their identity by entering a username and verify through an authentication process
Authentication: Authentication may be a password or may rely on advanced technologies, such as biometric and token-based authentication
Authorization: The IAM system must then verify the user’s authorization to perform the requested activity and also ensure that users perform actions only within their scope of authority

Together, these three processes combine to ensure that specified users have the access they need to do their jobs, while unauthorized users are kept away from sensitive resources and information. Effective IAM solutions help enterprises facilitate secure, efficient access to technology resources across these diverse systems.

Identity and Access Management (IAM) is the information security discipline that allows users access to appropriate technology resources, at the right time. It incorporates three major concepts:

According to this article on BizTech magazine, improved data security is one of the three main reasons to deploy an IAM solution.

The article highlights the fact that consolidating authentication and authorization functionality on a single platform provides IT professionals with a consistent method for managing user access. And when a user leaves an organization, IT administrators may revoke their access in the centralized IAM solution with the confidence that this revocation will immediately take effect across all of the technology platforms integrated with that IAM platform.

So implement an identity and access management solution at your organization to take a major step towards improved data security.

Password Security Threats

Most people use a Password Manager to save their account passwords. A password manager is an app or device which serves as a single collection point for all of a user’s account credentials. LastPass and Dashlane are two well-known password managers in the market. The usage of a password manager presents a security risk in case of a data breach. In fact, as per the Independent, the password manager LastPass was hacked and a data breach did occur, compromising user credentials.

Another high-risk method that many users follow is to save their passwords in their browsers, and use auto-fill for convenience.

In today’s world, data breaches are the highest level of threat – don’t forget, all your data is being protected by your passwords! No security initiative can come with 100% convenience – but it is important to understand and prioritize security.

This is even more important for enterprises, where the tools they are providing their users to manage their passwords are eventually protecting the company’s data.

There are enterprise IAM tools available in the market which help enterprises to provide a secure single sign-on (SSO) and other access control lists such as IP- and device restrictions, time and location restrictions, and multi-factor authentication. These functionalities help end users as well as administrators to protect company data with additional layers of protection.

Delving deeper into MFA as a means to improve password security, the trend today is that many leading SaaS providers have started deprecating SMS as the medium to send the OTP, since this is an old-school method and comes with dependencies in order to serve its purpose. The modern and more convenient way to run an MFA is using TOTP and push notification.

Implementing a single sign-on (SSO) with an MFA is a powerful way to boost the security of your passwords while ensuring a minimal compromise on the convenience front. And of course, type your password each time instead of saving it in your browser or a password manager to minimize the security risk.

Everything You Need to Know About Secure Passwords

Your password – your secret passphrase or PIN that you use for your email, social media profile, or applications at work – is necessary for you to gain access to your accounts. But more importantly, your password plays a critical role in ensuring that no one else has access to your accounts, ensuring the security and privacy of your own as well as your organization’s data and applications.

With advancements in technology, it is important to be aware that there are equally advanced ways in which people steal information belonging to others, and even more ways through which they can misuse that information. Therefore, it goes without saying that secure passwords are of prime importance.

Common Password-Related Mistakes

You can’t blame yourself for being naturally inclined to choose a simple password that will be easy to remember. Unfortunately, these are the very same passwords that are also easy to guess or crack with a hacking software. Remember that, if information about you that can be found online – your date of birth, favourite colour, pet’s name, and so on – is incorporated into your password, it becomes even more vulnerable.

Another mistake made by most people is that a common password is used across multiple online accounts. The problem with doing this is, if someone manages to crack your password to one account, you are giving them free access to the rest!

Writing down your password or saving it somewhere online? This is a very naive act that can put your entire online data at risk of being accessed and stolen easily. Some of the other mistakes you might be making when it comes to passwords is that you don’t change the factory-set or default password, you use the same password for too long, and so on.

Tips to Set Up a Secure Password

- Create a long password with a minimum length of 10-12 characters
- Use a combination of uppercase letters, lowercase letters, numbers, and special characters
- Special characters need to spread out across the password and not be limited to the first or last place
- Do not use the same password for multiple security points
- Change your passwords every 1-3 months
- Avoid using words with obvious references to your personal life
- Avoid using dictionary words as a whole

Passwords in the Workplace

In the workplace, the importance of a secure password is further amplified because the breach of a corporate network can have consequences that will affect the entire business.

Employees, who are otherwise the biggest assets to a company or business, also become the weakest link in the security chain protecting its data. The reason? Poor password selection and the subsequent compromise to data security. A single password, if compromised, can open the security gates and let intruders in.

Combating Weak Passwords in the Workplace

A good password policy is the weapon of choice when it comes to combating the threat of weak passwords.

A password policy is a set of guidelines that help users set up strong and secure passwords. When a password policy is enforced, a user is not allowed to create a password that does not abide by these guidelines.

Some essential features of a password policy are:

1) Password Length & Complexity Requirement

The password policy ensures that every password created is of a minimum length (for example, at least 6 characters long) and needs to use a variety of character types (uppercase letters, lowercase letters, numbers, special characters).

2) Minimum & Maximum Password Age

This part of the password policy decides how often a password is to be changed. Ideally, a good password policy ensures the expiry of a password once in 3 months, so the user is forced to create a new password. However, if a policy prompts the user to change their password too often, they may be tempted to write it down or store it elsewhere. This, again, will compromise security.

3) Password History

When a user is prompted to change a password, he/she may tend to reuse a password they had earlier used for the same application. By enforcing a good password policy, users will not be allowed to reuse an old password at least for another 5 times.

4) Number of Failed Attempts

A password policy also establishes the maximum number of invalid attempts allowed before an account will be locked out temporarily. Once locked, the account may need administrator support to be unlocked and made accessible again.

Beyond Password Security

For companies and businesses that use highly-sensitive data, it may be required to go one step beyond just a good password policy that enforces strong passwords. In such cases, a two-factor or multi-factor authentication functionality may be enforced, where additional layers of security are integrated into the sign-in process.

With such a functionality, users will be required to re-validate their identity using one or more of the following:

- A one-time password or PIN
- A thumbprint or retina scan
- A Yubikey, smart card, USB token, or magnetic strip card

Usually, a good Identity and Access Management (IAM) like Akku by CloudNow Technologies will provide companies and businesses with the security features they require by enforcing strong password policies, multi-factor authentication functionalities, and other advanced security features like IP and device-based restrictions.

Are your users’ weak passwords keeping you up at night? Speak to us to see how Akku can help with Password Policy Enforcement and Multi-factor Authentication.

Secure and Easy User Management: SCIM through the Fundamentals

What is SCIM?

The System for Cross-domain Identity Management (SCIM) is an open standard specification, designed to make user management easy. It essentially allows admins of cloud and on-premise networks to move users in and out of their systems quickly and easily. The system builds on inputs from existing user management schemas and allows the integration of powerful authentication models. It uses a common user schema in coordination with an extension model which allows for seamless migration of user data between different nodes of the system.

SCIM transmits user data between identity providers (like Akku by CloudNow) and service providers (SaaS applications) using a secure protocol. When this is used in conjunction with a robust authorization system, it gives rise to a powerful identity and access management solution. If not for SCIM, the IT departments of every organization would have to dedicate time and resource to managing access control, instead of simply automating the process.

How does SCIM help in Creating a Powerful Identity and Access Management Solution?

Like we mentioned earlier, SCIM enables the communication between the identity provider and an enterprise SaaS application which needs user information to process, create, modify or remove users from accessing a network. SCIM is built using REST and JSON to define and establish the roles of the client and server – in this case, the identity provider acts as the client and the SaaS application acts as the server.

Identity providers like Akku contain a directory of user identities which is normally extracted by the server. In most cases, the server can extract information from directories other than the identity providers as well. But migrating the data to an identity provider can significantly improve the security of the user management system. When the client or identity provider makes changes to any user information, it immediately reflects in the server or SaaS application by using the SCIM protocol. With SCIM, you can create, replace, delete, search and update user information.

The client or identity provider can also view the data present on the server and record any mismatches. If irregularities between the client and server are not immediately noticed and rectified, it could lead to a potential security breach.

How can Akku help you?

With organizations moving their operations to the cloud at breakneck speeds, the need to streamline and implement a Single Sign-on solution is constantly rising. Akku is one of the best Identity and Access Management Solutions available in the market, allowing you to integrate with third party applications as well as our own suite, to take your identity and user management efforts to the next level. This simplifies the work of your organization’s cloud or on-premise network administrators to grant access to several users and applications. For your users, this means remembering only one set of credentials for several applications.

Speak to us to see how Akku’s Single Sign-on can help you manage your users more efficiently.

Permit Access only from Approved Devices and Whitelisted IPs!

Allowing your users to access your official data from anywhere and at any time sounds like a great idea! They can complete their work even when they are on the move by accessing your company’s cloud-based applications. So, why should we restrict access when it has all these pros?

When you permit unshackled access to your company’s applications from any location and device then you also expose your company’s sensitive data and apps to the risk of security or privacy breaches. The possibility of unauthorized access to your sensitive data is a major concern for any company using cloud-based applications.

Why do you need IP restriction?

IP-based access restriction is a great way to secure and protect your mission-critical business data outside your LAN by preventing access to your apps from any IP addresses other than your trusted whitelisted IP ranges.

How does IP-based restriction work?

An IAM solution offering IP-based restriction uses a customized SAML API and integrates with your cloud-based applications. That way, identity management is brought into a common platform across all service providers, with the IAM solution acting as the identity provider. With the identity provider enabling one point control, it is possible to restrict access to your applications only from permitted locations, regulations and IP addresses.

Why restrict based on device?

Device-based access restriction allows you to allow access for specific users only from authorized devices, to prevent misuse or loss of data – that way, users cannot access applications from devices that have not been approved for their use, and unauthorized people cannot access data from devices that may have been approved for other users.

How does device-based restriction work?

With many IAM solutions, device-based restriction is applied through the use of plugins – however more advanced solutions make use of a certificate-based authentication method which has the major advantage of being tamper proof.

A secure certificate-based authentication is completely platform and browser independent and enables cloud administrators to provide or revoke access to SaaS based applications only from specific devices, even when they are outside the office network. Restricting access based on device helps to minimize data breaches and provides the right access to the right people.

Akku offers an IP and device based access restriction feature to help ensure that your data is secure and well protected.

A Single Login To Access All Your Applications

Logging on to different applications using different user credentials every single time is frustrating, isn’t it? The use of a Single Sign On (SSO) application makes it easy to access all your applications with just a single set of login credentials. The SSO acts as the identity provider – a common platform to handle user identity and access across all your applications – and also provides authentication, authorization and access control.

Single Sign On solution offers a secure and convenient way to manage access credentials and user provisioning.

Advantages of Single Sign On (SSO)

Reduce Your Help Desk Costs

Gartner’s research says that about 50% of all calls made to help desks are requests for resetting passwords. In this scenario, deploying a Single Sign On application reduces the time, effort and cost spent by your help desk, resulting in savings for your organization.

User Experience

Through automated login using Single Sign On, users can switch between applications without having to login to each applications each time. This saves employee time and increases productivity.

Reduce Password Fatigue

Users don’t need to remember and manage multiple passwords – SSO reduces the number of passwords to one and makes it much simpler to remember and manage.

Easier Accounts Management

SSO gives clear visibility on what access is permitted for whom. It also helps in improving the speed of adding and disabling the accounts of outgoing employees.

Right Access To The Right People

Admin users can provide or deny access to specific users. For instance, if a particular user in a department wants an application to work on the admin can give access only to that person instead of giving it to the team which could result in confusion.

How does it work?

An SSO acts as an identity provider, acting as a common platform to manage identity and access rules across all of an organization’s cloud apps. When a user connects to the service provider to authenticate their identity, it transfers authentication to the identity provider. The identity provider validates the user’s credentials, and then sends a SAML token to the service provider for accessing the application.

Akku packs a powerful Single Sign On function whose customized SAML enables you to integrate a highly secure Single Sign On (SSO) with any cloud or in-house application, developed on any platform, including support for your intranet.

So, why continue to be frustrated with multiple passwords and multiple user accounts to access multiple applications? Make access easier for users and control easier for administrators with Akku.

What is an IAM ?

Identity and Access Management (or IAM) solutions – also known as Identity Management (IdM) solutions – form a critical component of an enterprise’s IT security. And when used with cloud-based applications, they form part of a powerful cloud security set up too.

In simple terms, an IAM helps to control which users can access what data, as well as from where and when this access is permitted.

So how does an IAM work?

In any Identity and Access Management solution, one of the core concepts at play is that of an Identity Provider (IdP). The IdP brings all of the enterprise’s cloud-based application on to a common platform from where identity information can be managed and authentication services provided through the use of a Security Assertion Markup Language (SAML).

Through this process, it becomes possible to establish a single point of control across all of an organization’s cloud applications, and to provide a single point of access to all users, in the form of a Single Sign-on (SSO) – one of the fundamental functionalities of an IAM.

What features do IAMs offer?

Most IAMs offer some or all of the following features:

Single Sign-on

Enables administrators to provide each user with a single login to access any or all of the local and cloud applications used by the organization.

Multi-factor Authentication

Provides a powerful additional layer of access protection through a TOTP or other methods.

Password Policy Enforcement

Enables enforcement of a custom password policy across the organization, to comply with statutory (or the company’s own) security standards.

Is Akku an Identity and Access Management solution?

Akku is indeed an IAM solution, but it’s also so much more. It brings to the table all the security and access restrictions that a standard Identity and Access Management solution has to offer, along with several additional features to boost security and productivity across your cloud environment:

1) IP- and Device-based Restriction
2) Personal Email Blocking
3) YouTube Filtering
4) Website Filtering

Do visit the main website for more information on Akku’s powerful value proposition, and to see how Akku can help you control your cloud.

Tag: identity management