Part 2: Mitigating the risk of internal breach

In part one of this blog series, we showed how access governance, in conjunction with automated provisioning and de-provisioning of user accounts are essential in preventing internal data breach on an organization's network. Today we are going to discuss how to take it a step further, and protect against these internal threats in a hybrid IT environment.

There are many solutions on the market focused solely on cloud data protection or network data protection. We have found the reality of most IT environments to be a combination of both. To best offer guidance in protecting against internal threats, let's look to a hybrid solution for a hybrid problem; namely, HelloID.

Current Situation

Password protection is currently a high priority for corporations, with scandals such as the Hawaii Emergency Management Agency accidentally divulging a password written on a Post-It note on television capturing increased attention. This was one of the higher profile cases however—with 18 years in the Identity Governance and Administration (IGA) industry, we see this kind of data breach day after day in organizations of all sizes.

Today's corporate environment relies on so many systems and applications, that users can become overwhelmed with the numerous sets of credentials required to individually gain access to each. Different logins have different complexity requirements and/or different password expiration schedules. It's no wonder that Post-It notes are a popular option for keeping track of passwords.

Ease of Access

Recently, it has become more popular for employers to allow their employees to work outside the traditional office space. With the use of laptops, tablets and mobile devices, there is little reason for an employee to be at their desk in order to get their work completed. However, while this expansion of work outside the office benefits employees; it has brought with it numerous security issues. Employers need to ensure that employees have access to all applications they need to fulfill their work, while also safeguarding that the organization's data is being securely accessed and by the intended user. With the ever-increasing threat of data breaches, the security of company information is of the utmost importance. The question becomes, is it possible for employees to access company applications securely from anywhere and on any device? The answer is yes, with Tools4ever's Cloud Based Single Sign-On Solution, HelloID.

HelloID is a web based Single Sign-On solution that allows employees login to a portal with ONE single login to gain access to all of their applications. The user's view of the portal will only show them applications that they are permitted to access. Users can login to this portal from anywhere at any time, on any device - all they need is an internet connection.

Efficiency

Now that we have ensured access is simple with just one login (reducing passwords written on Post-Its and downtime for users), how can we ensure granting and revoking access is efficient?

When an employee begins their position, the first thing they will need is access to the applications and file shares relevant to their job. To avoid the labor intensive and error prone manual process of provisioning, HelloID offers provisioning and self-service features that bypass IT and the helpdesk.

With HelloID's Self-Service and Workflow Management feature, you can easily publish and manage your internal IT product catalog. Via the portal, users can request access to applications or data from the catalog. The data owner (typically the manager) can approve these requests with a single click. Then, the approved changes are processed automatically within the IT infrastructure. For example, an employee can request access to a project folder via the HelloID portal and the data owner can click approve to grant instant access to that employee.

Changes are handled and registered uniformly without ever passing the helpdesk. This dramatically reduces their workload and human error that can lead to internal breach. Instead, changes are handled and registered uniformly, contributing to more secure and efficient IT infrastructure.

A major benefit of SSO is the scalability it provides. Automated credential management means that the Systems Administrator is no longer required to manually take care of all users access to files and applications they want. This in turn reduces the human error factor and frees up IT time to focus on more important tasks. HelloID also offers companies insights such as which employees are active on specific applications they are licensed for. This allows managers revoke excess licenses and save money.

Secure Access

HelloID allows IT administrators to enforce company access policies via the configuration of the portal's settings. The customizable and transparent nature of HelloID's portal enhances security measures and aids the creation of audit trails to meet compliance such as HIPAA, SOX, PCI and FERPA. For example, an administrator can decide how the end-user authenticates to the portal and apply the method on an individual or group level. The authentication method can also be modified to allow a PIN code to be delivered via email or SMS for a second factor of authentication (aka Two Factor Authentication). This PIN code adds an extra layer of security, further ensuring the users identity. IT administrators can limit the time of day the portal is accessed and put a boundary on the location of the login to safeguard against any unauthorized access. Most importantly, when a user leaves the organization, they can be deactivated in the portal without ever having known individual credentials for each application. Access is easily and safely revoked for all apps with one click, preventing a potential internal data breach.

HelloID's RADIUS support extends the existing Two-Factor Authentication functionality to connect to any One-Time Password (OTP) client. When accessing the HelloID portal with RADIUS enabled, a user will be authenticated according to the configured Access Policies (time of day, acceptable IP address, acceptable geographic location, etc.), the prompted input and verification of AD credentials via the HelloID agent, and then prompted input and verification of an OTP via the RADIUS client. Any desired OTP client is configured within HelloID's management dashboard and will display the user's given OTP – commonly valid for 30 seconds and typically via a smartphone app.

The main cause of internal breaches is compromised credentials and the more usernames and passwords we have, the worse our password management becomes. HelloID combines SSO with two-factor authentication to keep both the user and system administrator happy, as secure and simple access is available to users 24/7.

Battle of the email solutions: exchange vs. google apps

In the industry I am in, with the job functions I perform daily, I see more and more organizations moving from an in-house email solution such as Exchange to cloud-based email solutions like Office 365 and Google Apps. This is due to many reasons and an easy way to see why is to compare Exchange and Google Apps.

Read more

Category

Single Sign On

automated account management, cloud based email solutions, Compage Exchange and Google Apps, compare cloud based email solution, compare email solutions, Exchange, Google Apps

How to manage credentials the easy way

A seemingly simple, yet tedious task for anyone in the information technology field is credential management. End users are given usernames and passwords for various systems in an organizations environment, and the hope is that the end users can manage these credentials with very little issue or assistance.

Read more

Category

Single Sign On

Easy Password Management, Manage Passwords, Password Management Easily

Account Management in Education: How Can It Be Improved?

Many school districts and even some higher-learning institutions have their technological infrastructure run by a skeleton crew due to things such as politics and budgetary constraints. Situations such as this can often lead to many issues within the organization: Lack of network resources for end users Inability to properly support end users and systems No time to research and implement newer technology This causes frustrated overworked admins to think outside the box and turn to other solutions, such as software-based, automated or semi-automated identity management.

Read more

Category

Single Sign On

Account Management in Education, Automated Provisioning in Education, WFM in Education

Group Policy Object; What is it and how can it allow for seamless deployment of software

In any organization from a small business to a large enterprise, control over user’s access to various resources on the network is a key component of managing the corporate environment. Access to resources such as network shares and printers to things such as settings on local stations, are just some of the items an administrator wants to manage centrally and cohesively. A common method to manage domain resources like this is via Group Policy in Active Directory.

Read more

What is the Next Step in the Evolution of the Password?

Passwords are the most common form of authentication and the current de-facto standard. In fact, passwords have existed in tech since the early 1960’s when they were implemented at MIT for the time sharing system on their computer systems for researchers. In order to allow multiple researchers to have their own personal “profile” when logging in each user was given a login name and password. This allowed each registered user to access the system for their weekly time allotment.

Read more

Category

Single Sign On

Password management, security management, two factor authentication