Blogs

Our ideas, experiences, and opinions… in words.

Identity and Access – Part 1 – Single Sign-On (SSO)

By Blogs, Identity & Access Management

Introducing Single Sign-On (SSO) Solution in any Organization can offer greater security and improved usability.

Most Organizations have multiple applications running across cloud, SaaS, and On-Premise environments, These heterogeneous environments bring complexity, cost, and user identity Management security challenges, especially when they are not integrated into a central authentication. On the other hand, Users find it difficult to manage their multiple application passwords. No one likes remembering all these credentials. What’s worse is many use the same username and password, irrespective of the application they are using – resulting in passwords more prone to the dictionary and brute force attacks to visible passwords on sticky notes around desks. This is where the Single Sign-On technology comes into focus and works like a champ and with cloud being prevalent, it is effective for organizations to consolidate the existing identity and authentication across applications and systems.

What is Single Sign-On?

Single Sign-On (SSO) is a method of authentication that allows applications, web portals to use other trustworthy systems, applications to verify users. OR Single sign-on enables users to securely authenticate with multiple applications and web portals by logging in only once—with just one set of credentials (normally domain username and password). SSO is an essential feature of an Identity and Access Management (IAM) platform for controlling access and identity. Verification of user identity is important when it comes to knowing which all accesses and permissions a user could have.

How It Works

Single Sign-On works by having a central server(s) or as a service (SaaS options), that all the organization applications are configured to trust and integrate to. When you log in for the first time a cookie/token gets created on this central server. Then, whenever you try to access a second application at its login, you get redirected to the central server, if you already have a cookie there, you will get redirected directly to the app with a token, without login prompts, which means you’re already logged in.

Authentication with SSO depends on trust between domains (websites/ applications). With single sign-on, this is what happens when you try to log in to an application or website connected to SSO:

  1. The website first checks to see whether you’ve already logged in to the SSO solution, in which case it gives you access to the required website.
  2. If you not logged in, it redirects you to the SSO login screen.
  3. You enter the single username/password that you use for corporate access normally a domain username and password.
  4. The SSO solution requests authentication from the identity provider or authentication system that your company uses like Active Directory. It verifies your identity and notifies the SSO solution.
  5. The SSO solution passes authentication data to the website and returns you to that site.
  6. After login, the site passes authentication verification data with you as you move through the site to verify that you are authenticated each time you go to a new page.

For example, Google implemented a Single Sign-On (SSO) Solution in its various services. Google’s central server is https://accounts.google.com. Here, once we login to this server, we will be able to access Gmail, Youtube, and Google Docs without entering your credentials again.

What Are the Benefits of Single Sign-On

Single Sign-On clearly minimizes the risk of poor password habits and the increased productivity of users.

  1. Seamless user experience: Customers can use a single identity to navigate multiple web and mobile domains or service applications. As customers no longer need to do repeated logins they can enjoy a modern digital experience.
  2. Stronger password protection: Since users only need to remember one password for multiple applications, they are more likely to create a stronger (harder to guess) passphrase beyond policies, and less likely to write it down. These best practices reduce the risk of password theft. We can integrate this with MFA for additional security
  3. It increases employee and IT productivity: Reduce support calls, improve user experience and Mitigate security risks
  4. It combines with Risk-Based Authentication (RBA): You can combine SSO with risk-based authentication (RBA). With RBA, you and your security team can monitor user habits. This powerful combination can prevent cybercriminals from stealing data, damaging your site, or draining IT resources
  5. It reduces password fatigue: To prevent cybercrime, security professionals insist on unique passwords for every single application. This means that the average user must remember dozens of passwords for personal and office use. Unfortunately, this often leads to “password fatigue.”
  6. It prevents Shadow IT.
  7. Reduces User time: Users will spend less time logging into various apps to do their work. Ultimately it enhances the productivity of businesses.

With more applications moving to the cloud, security and data are a prime concern, CASB Cloud Access Service Broker solution with SSO single sign-on as a framework greatly improves system and application security.

 

We would be covering the CASB Part in our next blog post in this series.

Preventive Security Essentials – Monitoring and Analytics ( Part 1)

By Blogs No Comments

As part of bringing awareness and what matters the most when it comes to cybersecurity proactive prevention, we are here with yet another blog post and the required essentials.

If we could put it this way – With the ongoing pandemic (COVID-19) many of us have new realizations!. Cybersecurity and COVID-19 are two different challenges, but they do have key common things. Both are global – we all are vulnerable to them, they do not respect boundaries, they don’t discriminate any, and impacts everyone., Again both require basic measures in place to first prevent. That basic Hygiene is the best measure! so far.

Taking up with cybersecurity – Organizations across wants to ensure that their data and services are secure, up & running for delivering business operations with customer confidence. Hence – Proactive prevention.

In order to conduct business securely, as a first step organizations need to understand their exposure, where the threats can emerge and need to know how users are accessing business-critical services. To do this IT teams must adopt a platform that continuously monitors and recognizes the users, devices, networks, and services being used. Simply you cannot protect what you can’t see.

Most organizations implement different security solutions like firewalls as silos that could help them protect, but hackers use modern techniques to penetrate systems which means IT also needs to adopt technologies that help them gather, correlate, alert by analyzing event data from integrating security solutions. Thus, the need for an effective cybersecurity monitoring system is seen as basic and essential. Because on a regular basis no one would have enough time to go through the number of data sets that systems present,. We need meaningful analytics and actionable information out of monitoring systems.

Security Information and Event Management (SIEM) is a proven approach to Identify events that matter most by consolidating, analyzing, correlating raw data and event logs that are collected across from users, devices, applications, and networks. It helps organizations detect threats and prioritize remidative actions before an actual threat occurs. These are purpose-built software systems that store logs, normalizes, aggregates and correlates that data to discover trends, detect threats, and generate alerts. The main capabilities of SIEM are log collection, security monitoring, threat detection, investigation, and response. Apart from this, some SIEM solutions have the capability of behavioral analysis, forensic & incident response, threat response workflow, etc. Most importantly SIEM System provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents.

With a well-integrated SIEM System in-place organizations can identify potential threats inside and outside networks proactively.

A few notable SIEM Solutions – for your reference-
IBM QRadar
ArcSight
Splunk
AT&T Cyber Security ( Alien Vault )
Elastic SIEM
Azure Sentinel ( Cloud Native )

Know more about our security offerings https://teksalah.com/security/

The New Normal ‘Work from home’: Security risks, challenges, and recommendations

By Blogs
Work From Home and Cyber Security Risks

As workforces are mandated to telework in an effort to contain the spread of the COVID19 virus pandemic, At these challenging lock downtimes, almost all the organizations are enabling work-from-home, if not getting ready with the required ICT, Security Cloud infrastructure. Most of the workforce working remotely, and for these types of remote workloads, many of the organizations are not ready and finding it difficult to cope.

VPN Servers to App Delivery to VDI Infra, collaboration tools for all of them their security and availability, performance has now become a critical backbone for organizations. Employees who have never worked remotely are told to work from home or WFH. For many organizations and individuals, this is unchartered territory.

With this blog post, we would like to bring to your notice – a few important cybersecurity risks that a remote workforce may present and some best practices for mitigating those risks.

Whether as part of standard work program or as a component of business continuity plans, for Organizations engaging in telework we would recommend to start with a defined policy – ex ‘Work from home Policy, BYOD policies’- addressing the scope, roles and responsibilities, and mandatory infosec and organizational specific guidelines.

Our recommendations are :

  • VPN Server security and their up-to-date patching
  • Enabling Multi-Factor-Authentication for VPN Accounts and user logins
  • Application Delivery Controllers and enforcing end-point mandatory compliance checks
  • SaaS applications and data, service access protecting with conditional access and logging.
  • Ensuring Mobile Device and Endpoint Management security practice in place for corporate and personal (BYOD) devices.
  • PKI And TLS Security for Document Signing, and Secure email SMIME protection.
  • Tightened email phishing and spam protection measures.
  • Must MDR/ End-point-security software for all the devices.
  • Configuring and limiting maximum load provision, auto-provision setting with your cloud infrastructure/ to protect against misuse.
  • Engaged threat detection, monitoring, protection systems in place for data and Services protection.
  • Ensuring compliance and regulatory standards.
  • Recoverable Backups and working HA systems.
  • And more importantly, given the social-engineering aspect of most attacks, end-user education is more critical than ever.

Need of the hour for many is to enable work-from-home to their employees and to ensure business continuity during these pressing times, it is important to ensure cybersecurity recommendations are taken into consideration to avoid any superimposed security incidents that are very much prevalent these times.

Amid the COVID-19 crisis, In order to help organizations setup required infra and protect remote employees faster, In coordination with our product vendors we are stepping it up and offering some of our products and services free of charge for a limited time. Including support services to help companies through the set-up and deployment processes.

× Hello, How can I help you?