Multi-factor authentication (MFA) is one of the most highly recommended security measures in this age of brute-force attacks, data breaches and other such cyber attacks. And while some off-the-shelf SaaS applications may already come with a built-in MFA feature, when it comes to a custom-built application or website, businesses have to make the tough decision between reinforced security and the high cost at which it comes.
Identity management encompasses several operational mechanisms for managing users across a large system or network of applications. Two of the most prominent of those are Single Sign-on (SSO) and Federated Identity Management. Due to its evolving nature, identity and access management has several terms thrown around ambiguously. Even among developers, major differences are often missed while talking about federated identity and SSO. In this article, we aim to break down the difference between the two.
Identity theft is as real as your identity and as dangerous as the one who steals it. It occurs when an unauthorized person or entity uses your personal information to assume your identity and commit fraud and other criminal activities including stealing from you, or from others in your name.
Your name, address, credit card or bank account information, and even information that might otherwise seem harmless, such as photographs, information about your family members or your date of birth could be used in harmful ways in the wrong hands.
An Identity and Access Management (IAM) solution allows organizations to manage user access to critical data. It is an intermediate layer between your users and your applications/data.
Deploying an IAM solution a proven way to improve network security in an organization. A good IAM solution should also reduce the time spent by your IT team to grant access for individual applications, thereby improving architectural simplicity and reducing the load on your servers. This also means that your users have to remember only one set of credentials to access several applications in your on-premise or cloud network.
Google Cloud Platform (GCP) IAM comes as a free service that is available by default to all users of the Google Cloud Platform. GCP IAM is Google’s identity management console, enabling administrators of organizations to manage access and permissions provided to employees across the range of applications and resources that come as part of the Google Cloud Platform. The main function of the IAM is to grant specific users/roles with access to specific GCP resources and prevent unwanted access to other resources.
The fundamental building block of GCP IAM is an IAM Policy which answers the question of who (identity) has what access (role) to which data or applications (resource). This IAM Policy is made up of permissions, bundled into roles and matched by identities.
Let’s take a closer look at the concepts of identity, role, and resource as defined by GCP IAM, which make it a useful IAM solution.
Most IAM tools utilize browser extensions or applications installed on the end-user’s machine, or on an Active Directory, for access to identity. But why?! A user can be identified even without an agent – so having an so-called ‘lightweight agent’ sitting in your Active Directory itself is not the most secure way to manage user identity.
Whenever you create a dependency to achieve a particular solution, it is important to ensure the solution is 100% secure and that applies for the dependencies (Agents) too. This could make the architecture slightly complicated, depending on how it works.
Whether or not you know what it is called, you have likely used 2FA at least once in your life online.
Remember the time you tried logging into your email account from a new device and your email service provider sent you an SMS with a PIN (OTP), to re-validate that it was actually you attempting to login? You would have been allowed access to your inbox only after you entered the correct OTP.
Or the time you tried to transfer money to someone through internet banking. Even though you already entered your customer ID and password, your bank’s application would want to make sure that someone else hadn’t stolen your credentials. They do this by sending you an email with a PIN or a link to click on, for additional validation.
Akku is a great way to control and authenticate communication channels for any enterprise.
One of the biggest threats to any organization is the possibility of a data breach, which can result in loss of data, loss of trust, and ultimately, loss of growth of the business. This makes data security a critical aspect to consider in any enterprise.
As per a survey by Forrester Research (Forrester Consulting Thought Leadership Paper, February 2017), in the last 4 years, out of every three organizations, two have had an average of at least 5 breaches. There are nearly 6 billion data records that were stolen and lost in the past 10 years. According to www.breachlevelindex.com, an average of 165,000 records are compromised every hour. According to this article published on www.csoonline.com, global cybercrime related damage is expected to exceed US$ 6 trillion annually by the year 2021.
Most people use a Password Manager to save their account passwords. A password manager is an app or device which serves as a single collection point for all of a user’s account credentials. LastPass and Dashlane are two well-known password managers in the market. The usage of a password manager presents a security risk in case of a data breach. In fact, as per the Independent, the password manager LastPass was hacked and a data breach did occur, compromising user credentials.
