Protecting staff from themselves? Access management explored
When the internet was conceived, and certainly in its first use-cases, there were no concerns with regards to cybersecurity. The interchange of information was free and usually concerned research or intelligence sharing, between branches of government organizations, academics, and educational institutions.
Fast forward to the present day, and cybersecurity concerns have utterly transformed the way every individual and business operates online.
On average, a single individual will sign onto, or in some way validate themselves for, around 16 applications or services. Clearly, without technologies like cookies and local, secure credential storage, most would find recalling and entering their details tiresome and a barrier to getting daily work completed.
While BYOD and the consumerization of technology have brought the employer a workforce of technically-savvy individuals (to a point), the same trends also bring problems.
That’s because despite the nuggets of data that store logon name, password, memorable word and so forth in so-called “secure” apps, many users deploy the same password, or one of three or four, for every service and app. That has led to a situation in which many staff are compromising both themselves, but also their employers. Once their membership details to their local gym’s app get sold on the internet, then, potentially, all their sensitive work credentials are also compromised.
In recent years, cybersecurity companies are specifically looking to change their clients’ security posture as a result of concern that has at its base, the human element. Whereas for the last twenty years, network security has been all about protecting the perimeter, now the focus is on protecting the people. Human habits are difficult to break: people have the tendency, with without a thought of malice, to share login credentials, to use the same password wherever they go online, and click links in messages and emails that seem to have come from recognized sources.
Enterprise IT departments are therefore presented with technically competent users who are happy to spin up and use a new SaaS for a specific project, but who will also cut security corners to get the job done. Clamping down in terms of IT access policies, restricting internet access and physically blocking USB ports are no longer particularly acceptable: IT’s role & remit is now to empower and educate, not restrict and place barriers in the way of business.
New platforms are solving this dilemma. Maintaining the balance between safety, and free access to IT resources is a very delicate one, and achieving the required finely-tuned stance, services offering complete user management and authorization are providing answers. Solutions like integrated access management, single sign-on, and multifactor authentication let users get on with their daily tasks (and use new resources as necessary), but help keep them, and their employer’s infrastructure safe.
Once systems like the three featured below are in place, IT departments will also discover many of the add-on benefits that these platforms can bring. Simple yet resource-consuming password resets can be achieved through user self-service, new employee setups (and ex-employee lock-outs) can be automated, and granular privileges and access levels established, for individuals and groups.
The specific advantages of the MFA, SSO, and WAM allow each company to design their own policies, according to their tastes and specific industry-set standards. Physical access control to buildings can be combined with IT access systems, so users can get into their workplace with a smart card (or similar token), and also use the same ID to gain access to the IT systems they need – and no more.
Password policies can become highly stringent, yet automated (“click here to generate unique password”), with users therefore unable to deploy their preferred choice of “p4ssw0rd” or “qwerty” for every online service. That protects the organization’s assets and IP (intellectual property) and has the additional effect of (hopefully) teaching a little online hygiene.
We recommend you examine in depth the offerings from the three companies featured below. The short descriptions we give here can’t possibly cover every significant aspect of the platforms on offer, but we hope it will be a starting place for your organization’s journey to better managing your users, and therefore, your IT systems and their security.
Evidian by Atos (a global company headquartered in France with local offices across Asia, Europe and the US, among others) is a platform that creates an access and user management framework that lowers support costs and massively increases cybersecurity. The Evidian solution is capable of providing highly scalable and granular access policies to apps and services in-house, locally run, or in public and private clouds– all from the same control mechanism.
You can replace user passwords with a single sign-on that both identifies them uniquely, but also that will grant the exact level of access that’s designed for them. Single sign-on capabilities can be enhanced by the use of biometrics or physical authentication (MFA or 2FA) according to use case. The company also offers a QR code-based authentication portal that’s user smartphone based– ideal for remote or casual workers.
There’s a forensic level of detail available from the administrative console, but users will benefit not only from the platform’s features (like SSO) but also from self-service password reset requests. User access to the ever-changing range of applications and services deployed in the modern business setting can be made as safe and secure for cloud-based services as it is for internal messaging, email, and desktop logons.
You can read in more detail about Evidian from Atos here on Tech Wire Asia by clicking here.
As you might expect from a tech giant that’s steered successfully from a hardware-focused business model to one that is based on services, there are several strings to IBM’s bow in this space. For mobile users, for example, IBM offers Verify, which extends the control provided by its Security Access Manager out for remote users’ daily toolset, enabling multifactor authentication wherever work is taking place.
IBM’s SSO and user access management portfolio encompasses bare-metal apps and services, private clouds, and any apps or platforms in use in public clouds– or, in a hybrid IT setting, as the current terminology would describe it.
The UAM platform will run similarly: as a cloud service, in-house on a physical machine, or even as a series of containers operating in a virtualized configuration. The advantage to the enterprise of the latter is that the UAM’s installation and full setup can be picked up from a trial, development setting and then dropped into a production system as soon as it’s been thoroughly tested in its sandbox. The might of Big Blue and its extensive solution set are available, as is enterprise-grade consultation and guidance for even small companies that are considering a digital transformation journey.
This services behemoth deploys an entirely different approach from the two other companies featured above. Rather than providing its own applications and platform, the company will source from a range of industry partners the right solution for each of its clients.
Among its portfolio of partnerships which it deploys are Microsoft (for local and cloud services), SAP (as an ERP and adjunct solution provider), and a host of other security-focused names like Symantec.
With a full menu of choices that is only really at the disposal of a large, multi-billion dollar company, Accenture can pick and choose the exact UAM solution that fit your use case.
The company helps its clients enable multi-channel customer interactions and improve access to self-service and issue resolution capabilities, and decrease the cost to service each customer. Its UAM solutions (including SSO and MFA) effort might leverage Google Cloud’s data and AI capabilities (for example) to enables end-to-end customer interactions across digital channels to services in-house or remotely.
In addition to improving the end-users’ experiences, UAM might break down data silos across staff, channels, and products. Its solutions can provide Accenture’s customers with a real-time, 360-degree view of security, generating new insights, powering new strategies for growth, and improving satisfaction.
*Some of the companies featured are commercial partners of Tech Wire Asia