Pen

Increase Enterprise Cyber Security. What Are the Available Identity and Access Management Solutions?

22 April 2020 | Weronika Masternak | development cybersecurity

Organization security is essential, especially if many processes take place online. Find out what are the mechanisms of Identity and Access Management. Check how to give employees access to resources and give them insight into tools without violating cyber security standards.

From the article you will learn:

  • what are the challenges related to security in the organization,
  • what are the current measures for authenticating people,
  • what Gluu is and why you should include their support in your cyber security strategy,
  • what being a Technology Partner in cyber security means.

As you know, people with many competencies and responsibilities are often employed in the organization. To enable employees to carry out operations or comfortably carry out everyday tasks, you must give them access to mandatory programs or applications.

The most popular tools (whether they are used to handle B2B or B2C processes) are largely available via the Internet. Therefore, their effective use is based on constant admission to the network.

Now imagine that an employee logs on to many devices at different times and often from different locations (e.g. in the case of remote work). The user must authenticate and perform the necessary authorization during each work session. What's more, the tools s/he uses are not integrated in any way and are not based on the same architecture. It is not surprising that, therefore, the tools provide different levels of security, and this creates a potential threat to users and the entire organization. Access to your information and resources is scattered, you gradually lose control…

How to enable employees to access resources and provide them with the necessary tools without violating cyber security standards, reducing the risk of information breach?

All of these actions can be performed with a high level of protection thanks to the following Identity and Access Management solutions: Single Sign-on, Strong Authentication, Access Management, Identity Management, Directory Integration and Multi-factor authentication. Find out what they are and how quickly you can implement them.

Ways to authenticate users and secure resources in the company

Awareness of cyber threats is increasing every year. A CIO study for directors and managers showed that companies spend an average of 15% of their budget on cyber security. What's more, 40% of respondents indicated the need to increase protection measures! The cyber security specialist at Lemlock, Mateusz Kierdyk, always says that "you can spend huge sums on cyber security measures, and you still can't talk about total security if your IT architecture is particularly complex and protected resources are the foundation of your organization's operation."

As you can see, companies are constantly investing in maintaining a high level of security. And one of the areas of cyber security is authentication. This should be taken seriously because good implementation allows effective security of the organization's network, and the transfer of access to resources (including computer systems, network services, databases, websites, applications) only to authenticated users.

When you implement any security measures, it's a good idea to get information from a trusted source. As a Gluu Technology Partner, we encourage you to check their IAM solutions, tried and tested by numerous organizations around the world, e.g. CenturyLink, BlueWave, American Water, Red Hat and many others. Learn about the most important Identity and Access Management concepts for your users from Gluu:

1. Single Sign-on

Single Sign-on gives you the ability to log in to a given network service only once, and thus gain access to all authorized resources under this service.

Single Sign-on mechanism - how it works

SSO combines two processes: Identity Management (authentication) and Access Management (authorization). The Single Sign-on mechanism eliminates the need to log in separately to each application used.

Each application supports different passwords, which means that if one of them leaks, the rest of the passwords can be considered safe. After such a data breach, a post-breach analysis and security audit should always be performed.

SSO supports logging in to local applications and applications belonging to external suppliers. There is a chance for additional security enhancement through multi-level authentication, tokens or biometric readers (collecting information such as fingerprint reading, handprint, facial features scan, retina reading, etc.).

2. Strong Authentication

Both users and devices are subject to strong authentication, and these must be rigorous enough to prevent a possible hacker attack. It is for this reason that multi-level authentication is introduced. It reduces the obtaining of the user ID and the authentication password by unauthorized persons.

Multi-factor authentication scheme

Two-factor or multi-level authentication is available. They differ in the number of stages and the security features used to verify identity. They are based on combinations of selected elements: biometric scan (i.e. something that we are), password (i.e. something that we know about), location (i.e. somewehere where we are) or token (i.e. something that we have).

There are currently many verification methods in the field of Multi-factor authentication, that can be applied to your systems. If you choose any method, you need to consider the level of security that needs to be ensured and the technology used by users (who want to have access to specific resources).

We can distinguish, among others, such forms of authentication:

  • e-mail token,
  • SMS token (usually as an SMS message containing the appropriate code or PIN),
  • automatic telephone conversation during which a one-time password (OTP) is provided,
  • biometric verification carried out via fingerprint identifier or face recognition mechanism in a smart device,
  • virtual token, otherwise known as software token, in the form of an authentication application installed on the device,
  • hardware token (e.g. USB key, credit card with built-in display).

However, it should be remembered that the implementation of too many of them contributes to the deterioration of the User Experience and to an increase in costs. Multi-level authentication increases user security, reduces operating costs due to architecture violations, improves conversion thanks to a smooth login process, and increases trust due to the presence of security controls.

3. Access Management

It is a process centered around users and involves identifying, tracking, controlling and managing access to IT systems. There is also a transparent division of user roles in the system, and the risk of Segregation of Duties (SoD) is checked.

Often, Access Management mechanisms are associated with solutions in the field of Identity Management. This connection is very logical, because Identity Management creates, provides and controls users, permissions, roles and policies, while Access Management guards compliance with assigned roles and functioning policies.

4. Identity Management

Identity Management is focused on managing attributes that are created, updated, deleted by users (with whom these attributes are associated). Some identity attributes allow you to carry out activities that are significant to your business.

For example, the role attribute is most often associated with the position held in the company and the scope of duties. Other options will have a manager, network or database administrator, tester, HR or marketing employee. That is why it is so crucial that attributes are managed and maintained in a careful manner.

5. Directory Integration

This is a directory service that uses the existing Microsoft Active Directory infrastructure to provide a modern, standards-based Identity and Access Management service.

The entire service stores data in the form of objects. Each object is a single element and it can be presented in the form of, e.g. devices (e.g. computer, printer, tablet), user or application. Objects are classified as resources or entities that are subject to security. Importantly, Active Directory categorizes objects according to their name and attributes.Thanks to Active Directory, the administrator gains a valuable tool that allows him or her to bring order, as well as a specific, hierarchical structure in the network.

What is the security mechanism from Gluu?

Gluu is a proven provider of services in the field of Single-Sign On, Two Factor Authentication and Access Management for web and mobile solutions, as well as the creator of products such as:

  • Gluu Server,
  • Gluu Gateway,
  • Gluu Casa,
  • Super Gluu,
  • Cluster Manager,
  • oxd.

See the full description of these products that is used to create your IAM infrastructure.

Gluu was founded in 2009 by Mike Schwartz. The main goal of Gluu is to provide organizations around the world with an open source platform that allows you to control access to valuable online resources. The creators want the Internet to be a friendly place for its users, who have various knowledge about the threats lurking there.

The mechanisms provided by Gluu are used by industries, including telephony and wireless communications, retail, advertising, marketing and public relations, pharmacy, logistics and transport.

What does being a Gluu partner mean to Sagiton?

Sagiton was choosen Gluu Technology Partner. We have the great honor of supporting Gluu in the mission of promoting online security.

Gluu recommends Sagiton as a Technology Partner

Sagiton specialists have practical experience in the field of Gluu architecture and functionalities offered. It allows for individual approach to each client and adjustment of functions to business. Within 48 hours we start the project and plan to implement selected security mechanisms.

After implementing selected Gluu functions, you can rely on us - thanks to SLA we are able to look after your project and immediately take over all disturbing events.

We believe in our skills, which is why the Sagiton team gives a 6-month warranty period for every implementation of functionality from Gluu in the Fixed-Price model. This means that if any inaccuracies are found within six months of providing the service, we will restore good condition free of charge. See details on implementing Gluu features from Sagiton.

In summary, companies use authentication mechanisms to validate users who are dealing with the resources of the organization or the network and to control the actions taken.

Without proper security measures and the support of IT security companies, all data (users, organizations) is exposed and can become the target of a hacker attack. Cyber security is not a one-time action, but a long-distance strategy, including constant observation and always being one step ahead of cybercriminals.

Lemlock ebook. Expert Guidebook: Three vievs on cybersecurity
We would be happy to talk about your project!
Consent to  data processing for contact purposes
I confirm that I have read the  information clause of Sagiton Sp. z o.o.

I hereby give consent to the processing of my personal data by the Personal Data Controller (hereinafter: "PDC") – Sagiton Sp. z o.o. ul. Fabryczna 19, 53-609 Wrocław, within the scope of: full name, e-mail address or telephone number, for the purpose of sale of products and services of Sagiton Sp. z o.o. and for the purpose of sending me feedback and making contact with me by Sagiton Sp. z o.o.

At the same time, I acknowledge that: at any time I can request the removal of my personal data from the PDC Sagiton Sp. z o.o. database, by sending an e-mail to hello@sagiton.pl, or a letter to Sagiton Sp. z o.o., ul. Fabryczna 19, 53-609 Wrocław, with a statement containing the relevant request, which shall result in the deletion of my personal data from the PDC Sagiton Sp. z o.o. database; I have the right to access my data; providing my data is voluntary, however refusal to provide it is tantamount to not receiving information regarding sale of products and services of Sagiton Sp. z o.o., as well as not receiving feedback and making contact with me by Sagiton Sp. z o.o.

In accordance with Art. 13 section 1 of the General Data Protection Regulation of 27 April 2016, (GDPR), we would like to inform you that the controller of your personal data is Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław, e-mail: hello@sagiton.pl.

Your personal data shall be processed within the scope of: full name, e-mail address and/or telephone number in order to answer your question/request for contact and send feedback – pursuant to Art. 6 section 1 (a) of the GDPR, i.e. consent to the processing of personal data.

The data controller would like to inform you that your personal data shall not be disclosed to third parties.

Your data shall not be transferred outside of the European Economic Area or to international organizations.

Your personal data shall be processed until you withdraw your consent to the processing of data, as well as if the purpose for processing this data shall no longer be applicable.

You have the right to access your personal data, rectify it, delete it, restrict its processing, the right to transfer it, as well as the right to object.

In the case of giving your consent, you have the right to withdraw it at any time. Exercising the right to withdraw the consent does not affect the processing carried out before the consent was withdrawn.

You have the right to lodge a complaint with the supervisory body, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

Providing your personal data is a prerequisite for making contact with you by Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław. In the case of not providing your personal data, Sagiton Sp. z o.o., shall not be able to contact you.

The Data Controller, Sagiton Sp. z o.o., would like to inform you that they shall not use your personal data for automated decision-making, which is based solely on automated processing, including profiling, and has legal effects for you or affects you significantly in a similar way.