Identity and Access Management


Identity and Access Management

Identity and Access Management

Policy-based, identity access management provides secure network access to internal, external, remote & mobile users.


> Scalable AAA (authentication, authorisation and accounting) with RADIUS and TACACS+, incorporating a policy engine that leverages contextual data based on user roles, device types, app usage and location.
 




Introduction

The new enterprise perimeter
There is already a shift in today’s enterprise networks. They’ve moved away from fixed, static wired networks to an open, dynamic environment where mobility is key, users enjoy anywhere, anytime access to enterprise resources.

Modern network and workspace activity is rapidly transitioning to web-based / cloud protocols such as Web 2.0 http/https traffic (which includes legitimate business applications, non-business applications, and attacks); this, in turn, accelerates the demand for solutions that can deliver and protect corporate asset and data access security needs.

Authentication and authorisation are critical requirements for online communications. It is imperative that both clients and their target recipients verify their respective identities and access is authorised. With more and more remote transactions from e-commerce based electronic funds transfers to remote healthcare diagnostics to inter-governmental diplomatic communiqués taking place over the public Internet, the parties involved must be validated. In turn, the deluge of so many sessions can overwhelm network and security infrastructures. Systems must be established that guarantee authenticity, ensure an excellent end user experience and scale to meet the accelerating demands of heightened data centre security.

Organisations need to overcome the complexities of ensuring data centre resources protection while eliminating data leakage. The on-going shift towards cloud services, BYOD devices and social networks from internal and external web-based access have substantially increased the difficulties in how administrators oversee their IT security. Yet employees, partners, customers and vendors alike now demand secure access to a growing range of applications – from anywhere and on any device. Oftentimes these are mission critical business applications such as Oracle, SAP, SharePoint and Exchange.

Rigorous network design and enhanced security policies are needed to provide secure remote access to these assets.



To protect application servers and other resources from unauthorised access, organisations turn to strong authentication and authorisation. This requires the implementation of identity-based access controls. Identity and Access Management (IAM) solutions help ensure this necessary asset protection while certifying regulatory compliance. This key technique is used to determine whether access should be granted to each individual client. These solutions must also support custom and standardised internal applications as well as Software-as-a-Service (SaaS) applications. Implementing such solutions is not straightforward and requires multiple elements to interoperate.

Constant up time must be ensured and IAM resources must be easily scaled to meet future needs. It is imperative that Single Sign-On (SSO) is supported to provide a superior user experience.


Access Control Challenges

Network access control helps to optimise network accessibility without compromising your enterprise security.

Modern security exposures include:
  • Visitors - When guests and contractors come to your location, they bring their computers with them. To remain productive, guests need to access the Internet, and contractors may need additional resources. If you give these visitors unlimited access, you risk attack by malware or compromise of your sensitive data.
  • Wireless and mobile users - Your employees want to use their smartphones and tablets on your network. If you don’t have adequate control, these devices can infect your network or be a source of data loss.
  • Rogue devices - Well-meaning employees can extend your network with inexpensive wiring hubs and wireless access points. These devices can cause your network to become unstable, and they can be a source of infection and data loss.
  • Malware and botnets - Studies show that even well-managed enterprises have infected computers because of zero-day attacks and/or out-of-date anti-virus. Once your PCs are compromised, they can be used in “pivot attacks” whereby outsiders can scan your network and steal your data.
  • Compliance - Endpoints can be misconfigured or can be running unauthorised applications. Virtual machines can appear on your network without your knowledge, sometimes without proper security controls. Non-compliant systems are security risks.
  • User Habits and Behaviour - Organisations must allow external clients access to web portals, sensitive internal resources and mobile / BYOD applications. At the same time, security must be maintained with authentication and be transparent to the user. Mobile users have a habit of bypassing IT controls to bring their own technology into the workplace. They use unauthorised apps and cloud storage – sometimes unwittingly (consumer apps demand data level access to your mobile devices, in order to use the app) – and access sensitive enterprise data outside of corporate controls in the name of improved productivity. Sensitive data is now more easily exposed to untrusted, open, rogue and adhoc networks as well as ‘man-in-the-middle’ attacks as mobile device seek out any available wi-fi network.

  • Managing Multiple User Directories for Each Application – IT administrators need to manage multiple user identities across different applications and control who is granted access to which application. For this, IT admins need to create user identities on each cloud service which could mean creating a separate credential directory for every applications. It is a burden for IT admins and users to manage multiple logon identities and passwords. 

  • Security Risks – Users are often expected to create their own logon credentials to these business-related cloud applications. Multiple logon credentials exposes businesses to various risks, including the potential use of easy-to-crack passwords by users and the difficulty of cutting off access when users leave the company.

  • Decrease in Productivity – Businesses can experience productivity decreases if users constantly have to deal with multiple application logins, password resets, and helpdesk calls. This potential increase in administrative overhead can largely offset the benefits of switching to cloud based applications.

Identity and Access Management Solutions


Do you know who is accessing your sensitive information and network resources?
 
With the spread of remote access and an increasingly mobile workforce, user authentication and policy based user identity management for access control has become a key security concern.

Today's road warriors and remote workers require a quick, flexible, reliable, and completely secure way to connect to internal business applications, information, and network resources. They want to do this from anywhere in the world, at any time, from any suitable device. SSL VPN provides the security and connectivity to deliver this access, via a web browser or mobile device.

Traditional security measures that protect fixed endpoints and well defined data paths are woefully inadequate for securing today’s mobile enterprise. Security controls should adapt to dynamic nature of users connecting and threats originating from anywhere.

Trust models for employees who use corporate issued devices no longer applies in a BYOD world. Trust is not something that can be afforded, and must be tracked, with appropriate access rights and privileges.

A user who provides the appropriate credentials should not necessarily have full access. Usernames and passwords are insufficient in granting access right to resources, especially if a users location and device are not under enterprise domain control.

Relevant contextual information – user role, device type, ownership and location – is missing from the traditional model. It allows IT and the business to adopt policies that allow or deny access to data on a case by case basis without leaving enterprises exposed and exploitable to new threats.


> Control access based on granular attributes, such as user-type and role.
 
> Unify access to all applications (mobile, VDI, web, client-server, SaaS).
 
> Provide fast authentication and Single Sign On.
 
> Audit and report access and application metrics.

 > Determine and manage privileged access based on identity

Employees

Partners

Customers

Administrators




> Access Control to Cloud-Based Systems

 
  • Access control to any SaaS application so you can easily deliver one-click access to your SaaS applications.
     
  • Microsoft Office 365 and more


> IAM Cloud Managed Service
Secure access and protect critical data, services, networks and applications. 

Click here to see more on ‘managed network access control' solutions.

 

> IAM Solution Platform Options 

  • Cloud Managed Service 
  • On-premise Security Appliance 
  • Virtual Appliance (software to run within virtual server environment)





Contact SecureNet Consulting today for solutions advise, professional services, engineering and proof of concept resources for identity and access management solutions.


SecureNet Consulting Professional Services
SecureNet Consulting Technical Engineering
http://www.securenetconsulting.co.uk/p/contact-us.html
SecureNet Consulting Managed Services
SecureNet Consulting IT Support Services
http://www.securenetconsulting.co.uk/p/training_7.html

















+44(0)7714 209927

info@securenetconsulting.co.uk
info@securenetconsulting.co.uk

http://eepurl.com/GKx25https://www.linkedin.com/in/paul-rummery-0b89535http://www.fhttps/www.facebook.com/pages/SecureNet-Consulting/188102854572105https://plus.google.com/116898209106255177774