Why do you need Access Security?
Data worth protecting
"Data is the new oil" – this very striking statement has a serious background. Data has become a real asset for companies. Data contains intellectual property and information that can determine the success of a company. Data and digital information must therefore be protected and secured in the best possible way so that they are not compromised or lost.
Different user groups
This sensitive and critical data is accessed by different user groups (e.g., employees, external partners, customers, IT systems) using different end devices, from different locations at different times on hybrid IT infrastructures (data center, SaaS, cloud data center). Users have left the traditional secure perimeter (e.g., the office building, factory premises) and move freely in the digitized world. Because of this complex situation, no user, end device, or partner system should be trusted until successful identification, authentication, and authorization have taken place, in accordance with the Zero Trust model.
Requirements by regulation
Companies are required to provide secure logon methods. This requirement is based either on regulatory requirements (e.g. DSGVO, MaRisk, VAIT, BAIT) or on their own interest to protect their digital assets. Simple logins with user name and password are no longer sufficient, transactions must be authorized in a dedicated manner (PSD2), and data traffic must be analyzed and regulated.
Requirements by users
Establishing security is a technological challenge that sometimes conflicts with user-friendliness. Nevertheless, users demand more user-friendly logon procedures, the definition of which is not shaped by pure security thinking, so user acceptance is also given great influence. VPN is certainly still a necessary technology for certain situations, but the ongoing shift toward "access from anywhere", increasingly to web applications operating in hybrid infrastructures, requires new ways of thinking and technologies.
How can Access Security help?
Many companies are faced with these challenges:
The username and password are not sufficient for home office or other remote situations to protect access to IT resources. Usernames and passwords can be easily compromised by spoofing and phishing.
Reports about stolen access data dominate the media almost every week. With multi-factor authentication (MFA), these access data can be made useless when on their own. MFA adds another factor to these information, which can be received or generated on demand (push token, SMS verification code, soft token generator, etc.) We support our customers in implementing MFA solutions of different vendors very easily without a big investment.
Users can quickly get annoyed by security-related hurdles and look for solutions that do not meet the company's security requirements. Too many login requests are a prime example of this problem. Users have to log in for every access to applications, possibly with different user names and passwords.
Single Sign-on (SSO) allows a single login to a central system. This login can be used for other applications to perform user identification and authentication in the background, invisible to the user. This technology is based on proven and standardized methods (like SAML or OpenID Connect). We have designed and implemented secure and robust SSO infrastructures in the past and are happy to share this experience with other customers.
Selected users or even systems of different companies and organizations require mutual access to IT resources. Until now, the providing company had to carry out and be responsible for the administration of external users. Customers also want to be integrated more easily so that a connection to social media may be required.
By means of Federation, trust can be established across company borders so that the administrative effort for companies is reduced. Users of external organizations are thus given dedicated and controlled access to data. For example, customers can be integrated with little effort, since most social media platforms provide third-party authentication. If access is no longer required, the federation can simply be capped for individual users. Proven and standardized protocols such as SAML, OAuth/OIDC support standardization. We at TIMETOACT have been working with Federation for years and help our customers to take advantage of its benefits.
Hybrid infrastructures and the necessary integration of IT services from Cloud Data Centers are causing traditional firewall-protected boundaries to dissolve. The simplicity of generalized isolation is counterproductive to new approaches of provision so that new security perimeters must be defined and controlled.
With a Cloud Access Security Broker (CASB) it is possible to control, analyze and react to the data flow between the Cloud and the user. Using policies, situations can be defined that allow or block selective access to data or data components.
How can it be ensured that users are really who they claim to be? Even if they access an application at an unusual time or from an unknown location? How can the legitimacy of an access be checked? How can such anomalies be detected, based on which reference information?
Therefore, it is important to detect the anomalies immediately before data loss can occur. Such adaptive controls can be an essential part of an access security strategy to improve access security and reduce the risk of data loss (Data Loss Prevention - DLP). When sensitive data and resources are accessed from all over the world, it should be possible to evaluate legitimacy by means of anomaly analysis. Detecting an anomaly after it has happened has already resulted in data loss. TIMETOACT, together with its leading technology partner IBM, draws on their joint experience and uses the latest state-of-the-art approaches (AI, Machine Learning) to eliminate such risks for customers.
Sometimes you miss the obvious and are not able to make a reliable statement about the state of your IT security.
Our Security Assessment helps companies to understand when the measures taken are sufficient and when there is room for improvement to establish the needed security. TIMETOACT's experts draw on decades of experience in IT security to advise companies and optimize their IT infrastructure security in the long term. In doing so, they take different perspectives and a holistic view of the customer's IT.
The TIMETOACT Group has established itself as the market leader in DACH in the field of Identity & Access. With our experts and our competence, we have been able to help our customers in challenging situations to consistently optimize the management and control of identities and authorizations as well as Access Security and Data Protection. With our process model, developed over the years, we record the degree of maturity in order to measure the status and success at any time and to define the next steps together with the customer according to their needs. In this way, we support our customers in meeting regulatory requirements and in the technical implementation of compliance and governance requirements.
With our standardized approach, together with the respective products of our technology partners, we define a solution 100% customized for your needs. It is part of our philosophy to support and advise our customers in all facets of a successful introduction and further development of solutions regarding Identity & Access Security. Even after finishing an implementation project, we are still at your disposal: We support you both in maintaining your solution and in the further development, as well as in the professional and technical operation of the solutions. For further information please contact us at +49 221 97343230 or [email protected]
How does Access Security go with Identity Governance & Administration?
Access Security is an integral extension to Identity Governance & Administration (IGA). IGA is the solution-based mapping and execution of IT processes, with the goal of simplifying, automating, controlling and traceably preparing user administration and access control in IT systems. At first glance, two major areas of activity are distinguished: Identity Administration and Identity Governance.
The field of Identity Administration includes the subtasks from the user's point of view with their identity information in the organizational context and the accounts and profiles in the IT system context:
- Identity Lifecycle Management
- Access Lifecycle Management
- System connectivity and automated provisioning
- Password management
- Target system authorizations
The second relevant field is Identity Governance, which deals with the administration and accountability of authorizations and access, as well as their traceability:
- Policy Enforcement
- Separation of duties
- Access certification
- Administration of application authorizations
- Auditing and reports
Access Security complements the tasks of Identity Governance & Administration, with the goal of holistic security of IT resources and data. Necessary decisions regarding authentication and authorization can be shifted to an IGA system, viewed and administrated holistically.
Blog post: Zero Trust – or do you grant access to anyone?
Learn more about Zero Trust in our blog post. We deal with a few basic questions about Zero Trust: What does Zero Trust actually mean? What is the principle behind it? What is the benefit?Learn more