single login for business applications Archives

Dedicated servers for unmatched transparency in data privacy

Apart from data security, data privacy represents a major area of concern in IT security today. When it comes to data privacy, all organizations are very particular about where and how their company data is being saved, and who has access to it.

This is also related to one of the major reasons why organizations still hesitate to move their data to the cloud – “who else has access to my data if I move to cloud?” Even though almost every IaaS and PaaS provider tries to build confidence in their clients through certifications by authorized agencies, many enterprises are still not convinced. The reason is that there are still areas that lack transparency, where details on their data privacy are not clearly explained and conveyed to them.

To make things more complicated, in many cases, “backdoors” are being legalized by governments!

An effective identity and access management (IAM) solution plays a major role in data privacy and security and could go a long way in addressing the concerns that many businesses have. However, when it comes to IAM, most of the tools do not provide a dedicated server for each of their clients. While it is a fact that a dedicated server tends to cost more when it comes to pricing to the service provider, it is definitely the best way to provide 100% visibility to the client on their company data.

When a dedicated server is assigned to a client, it is possible to share server access between the client and service provider – the service provider cannot login without the client’s knowledge, and the client cannot login without the service provider’s knowledge. This may present some practical difficulties, but it is the only way to give a client 100% confidence that their data is truly under their control.

While it is true that all models have their own advantages and disadvantages, the use of a dedicated server for each client is clearly the best solution in terms of visibility and transparency, with minimal practical difficulty.

Meet GCP IAM: The Identity and Access Management Solution from Google

Google Cloud Platform (GCP) IAM comes as a free service that is available by default to all users of the Google Cloud Platform. GCP IAM is Google’s identity management console, enabling administrators of organizations to manage access and permissions provided to employees across the range of applications and resources that come as part of the Google Cloud Platform. The main function of the IAM is to grant specific users/roles with access to specific GCP resources and prevent unwanted access to other resources.

The fundamental building block of GCP IAM is an IAM Policy which answers the question of who (identity) has what access (role) to which data or applications (resource). This IAM Policy is made up of permissions, bundled into roles and matched by identities.

Let’s take a closer look at the concepts of identity, role, and resource as defined by GCP IAM, which make it a useful IAM solution.

Identity

A user’s identity can be accounted for through their Google account (assigned to an individual), Service account (assigned to a service related to the user’s role), a Google group (which can contain more than one Google/Service account), or a G Suite domain name (consisting of all G Suite accounts under a particular domain) or Cloud Identity domain (consisting of all G suite accounts under a particular organization) name.

Role

A role is a combination of permissions assigned to an identity. Traditionally, Google had what are now known as Primitive Roles – which were a standard set of 3 – namely, ‘Owner’, ‘Editor’ and or ‘Viewer’.

However, in GCP IAM, Google has gone not one but two steps further – with Predefined Roles and Custom Roles – in allowing administrators a wider range of options when it comes to assigning roles (and therefore, access to do less or more) to the organization’s resources.

With what are known as Predefined Roles, granular separation of duties, such as Instance Admin and Network Admin to name a few, is made possible. Custom Roles, as the name suggests, are roles which administrators can customize based on the organization’s needs.

Resource

As defined by Google, “resources are the fundamental components that make up all GCP services”, and include Cloud Pub/Sub topics, Compute Engine Virtual Machines, Cloud Storage Buckets, and App Engine Instances.

These resources can then be grouped into projects. Administrators can assign permissions based on different roles to identities in their organization in order to provide them with access to specific resources. On the other hand, they can also provide access to projects, which will then provide users with access to all resources under the project.

In the GCP hierarchy, a group of projects can also be placed under a team, teams can be placed under a department and departments can be placed under the organization. Administrators can decide the level of access they wish to give each user based on this hierarchy.

GCP IAM is great, but….

Despite the extensive control it provides to administrators, and the numerous possibilities in authorizing user access, GCP IAM has one downside.

Organizations today utilize a wide range of applications, not all of them being GCP resources. They may use a combination of resources from Amazon Web Services, IBM or Azure, to name a few, and GCP IAM does not support identity and access management on these resources. Its lack of capability to connect with on-prem identity providers such as Microsoft Active Directory and OpenLDAP is another major roadblock.

Looking for one IAM to manage them all? Try Akku, one of the best identity and access management solutions from CloudNow, that can help you manage identities across your on-premise and cloud-based applications seamlessly!

A Single Login To Access All Your Applications

Logging on to different applications using different user credentials every single time is frustrating, isn’t it? The use of a Single Sign On (SSO) application makes it easy to access all your applications with just a single set of login credentials. The SSO acts as the identity provider – a common platform to handle user identity and access across all your applications – and also provides authentication, authorization and access control.

Single Sign On solution offers a secure and convenient way to manage access credentials and user provisioning.

Advantages of Single Sign On (SSO)

Reduce Your Help Desk Costs

Gartner’s research says that about 50% of all calls made to help desks are requests for resetting passwords. In this scenario, deploying a Single Sign On application reduces the time, effort and cost spent by your help desk, resulting in savings for your organization.

User Experience

Through automated login using Single Sign On, users can switch between applications without having to login to each applications each time. This saves employee time and increases productivity.

Reduce Password Fatigue

Users don’t need to remember and manage multiple passwords – SSO reduces the number of passwords to one and makes it much simpler to remember and manage.

Easier Accounts Management

SSO gives clear visibility on what access is permitted for whom. It also helps in improving the speed of adding and disabling the accounts of outgoing employees.

Right Access To The Right People

Admin users can provide or deny access to specific users. For instance, if a particular user in a department wants an application to work on the admin can give access only to that person instead of giving it to the team which could result in confusion.

How does it work?

An SSO acts as an identity provider, acting as a common platform to manage identity and access rules across all of an organization’s cloud apps. When a user connects to the service provider to authenticate their identity, it transfers authentication to the identity provider. The identity provider validates the user’s credentials, and then sends a SAML token to the service provider for accessing the application.

Akku packs a powerful Single Sign On function whose customized SAML enables you to integrate a highly secure Single Sign On (SSO) with any cloud or in-house application, developed on any platform, including support for your intranet.

So, why continue to be frustrated with multiple passwords and multiple user accounts to access multiple applications? Make access easier for users and control easier for administrators with Akku.