Complex passwords: Their intention is to ensure organizational security, but they often cause more of a headache than they are worth, and the issues that usually arise from having to manage them can prove more problematic than beneficial. Security, of course, is the name of the game here, and organizations that put such a strategy in place are usually better off for doing so. However, given the complexities of such protocols – the rules associated with complex passwords, such as changing them monthly, for example -- often cause many headaches for end users, the helpdesk, IT departments and the organization overall.
The issues involved in employing a complex password strategy are many. The following are just some of the issues enterprise IT leaders often experience because of them:
Extended Log In Times
When employees need to log in to each system or application separately, and enter a different set of usernames and passwords, the process becomes time consuming and cumbersome. This can be especially annoying for those who utilize multiple computers and workstations. Each time they need access their systems, they are likely required to log in into a different computer and each application again, separately. This can be a major drag on efficiency and productivity.
Community Bank and Trust of Florida is an example of an organization facing these issues. The bank uses hundreds of different systems and applications to assist its customers, and because of this, employees frequently had to remember credentials for many of them. This proved difficult since most of the organization’s passwords were complex and expired often, which led employees to frequently forget their passwords. With a focus on quality customer service, the password issues caused a major issue with efficiently assisting customers.
Customer Service Issues
Not only is logging into each system and application separately an annoyance for the employee, it also can be a huge service obstacle for customers when an employee must load and re-load their access rights for the various systems they need to access when addressing client-facing service requests. Add to this any problems, such as getting locked out, and the issue is only exacerbated. If customers are affected by such issues, it’s a negative. If customers must wait longer than they need to because of poor IT protocols, they may leave and never return.
Needham Bank in Massachusetts faced this challenge. Employees at the bank were frustrated by the number of credentials they were required to remember and by the amount of time it took to reset their passwords. It also frustrated employees when they had to halt what they were doing and contact the help desk to reset their password when locked out.
Decreased Security
People tend to take the easiest action to complete tasks in the timeliest manner. With passwords, this means they usually write them down. Obviously, this is a self-defeating action when security is the ultimate goal. Simply put, doing so leaves the organization’s network at risk for hack or attack.
Waiting in Queue for a Password Reset
Help desk, help desk, help desk: Calls to the help desk because of users forgetting their complex passwords is an issue no one should face and yet currently takes most of the help desk’s time to manage. In fact, it’s estimated that password resets are one of the most common reasons for calls to the help desk, and that 40 to 50 percent of all calls to the department are because they need passwords reset.
When users need to reset their passwords because of forgetting one of the many they need to remember, they’ll likely need to go through the process of contacting the help desk. While this process isn’t very difficult, it is non-productive for employees to sit on the phone waiting in the queue when they have a list of things needing to be completed for the day. This leads to the next issue.
Large Number of Calls to the Help Desk
For even the smallest organizations, voluminous calls to the help desk is a major problem since the department has to then deal with the issue.
Certain password solutions can be helpful with these issues. More organizations are beginning to realize the benefits of single sign-on and self-service password reset solutions, allowing them to solve these issues while still ensuring security.
SSO allows users to log in with one set of credentials and thereafter automatically gain access to all other applications and systems for which they are authorized. This helps improve log in times since users only need to enter credentials one time, instead of for each application. The solutions also drastically reduce the chances that users will write down their credentials since they do not have several to remember.
Also, two-factor authentication can be added ensure additional security of information and systems. Instead of entering a username and password, two-factor authentication requires users to log in by presenting a smart card to a reader and entering a PIN code. Combining a smart card and a PIN ensures strong authentication since it is based on two forms of identification.
Finally, self-service password reset solutions allow users the ability to reset their passwords themselves after correctly answering security questions that they previously provided answers to. This allows users to proactively solve their own password issues without having to contact the help desk. In turn, this drastically reduces password reset calls, and allows employees to be more productive.
Password solutions such as these allow organizations to ensure security while also allowing their employees to be more productive, can improve customer service and can drastically reduce the calls to often overwhelmed help desks.
For more information, please visit our website: www.tools4ever.com
Thursday, October 2, 2014
Friday, September 12, 2014
Core Registration: The Umbrella Over All Health Systems and Data
Healthcare organizations use a variety of systems containing personal data and collected information. As the quantity of this data continues to increase over time, and as the organizations continue to expand and develop, merge and downsize, not to mention constant employee turnover, there are a great many changes and countless systems managing this information, making it difficult to implement changes across the network in a convenient way. Moreover, if the wrong authorizations are assigned, it is not possible to ensure proper information security.
The ability to quickly anticipate the inflow, transfer and outflow of staff requires a transparent and uniform overview of all the personal data in a single source system. This is called core registration. In many organizations, core registration is absent or incomplete. In such a case, the security officer must ask the various systems administrators for information to find out exactly who an employee is, what they are authorized to do and to which resources they are able to access. After all, the required information is fragmented across various systems, such as the facility management system, Active Directory, the electronic health record and other systems involving complex authorizations, such as planning and scheduling applications.
Active Directory as a source system
Active Directory is often used as a source system for assigning authorizations, as well as keeping track of additional personal or organizational information. Authorizations may find expression, for instance, in Active Directory groups, with information such as the room number, title and department being added to user accounts. However, organizations that do so run into a number of limitations. First of all, Active Directory does not offer a location for arranging physical access. Neither is it very suitable for mapping out persons with multiple employment contracts that are active in various different departments.
In addition, probably the most important limitation for using Active Directory as a source system is authorizations, as a too limited overview of a person is obtained. Active Directory groups are often used to manage access to applications. However, with certain healthcare applications, authorizations are often not handled via Active Directory as it does not “dig deep enough” for this purpose. Users can only see whether someone has access to the application and not what somebody is allowed to do inside the application.
Human resources management system as a source
Some organizations use their human resources management (HRM) system as the source for implementing changes across the network. When an employee is added to the HRM system, a user account is created immediately. However, the HRM system is not exhaustive; freelancers, medical specialists from partnerships and other third parties are often not or only partially included in the system. Furthermore, although the HRM system contains a host of data, it does not contain all the information that is important for IT.
A HRM system only answers the question of “Who is this person and which role does he or she fulfil in the organization?” However, it does not contain information on the permissions people have (which user rights does an employee have in a certain system, for example) or the resources (phone, access pass, laptop) they have at their disposal.
This type of information must be derived from other systems. When somebody leaves the organization, the corresponding Active Directory account will be disabled automatically. Unfortunately, it is not easy to perform other required measures, such as blocking the access pass, collecting the mobile phone and removing the phone number from the phone systems. Disabling user accounts in cloud-based systems usually is an even more complex affair.
There are organizations that use role-based access control (RBAC) alongside the HRM system to set up authorization management. In this approach, authorizations are not assigned on an individual basis, but are based on pre-determined roles. These roles in turn comprise information on the department, title, location and cost center of an employee.
However, RBAC is not all encompassing when it comes to staff transfers. RBAC provides an overview of the authorizations an employee should receive for their new role and what their authorizations are in their current role. The current situation may indicate that an employee has received manual authorizations since they were initially provisioned, and they should be re-validated during their transfer to determine if these rights need to persist.
Identity Vault
Rather than using Active Directory or the HRM system as a source, a better solution would be to deliver these and other data in a single, uniform pane of glass: the core registration.
The objective of core registration is to have a single, leading registration for all identities across the organization. With core registration, personal data are retrieved from all sorts of sources (e.g. the HRM, scheduling, flex pool management, Active Directory and facility management system). These may include name, address and town details, information on the employment contract, the room number, title, manager of the employee, as well as used resources, such as the phone and access pass. All data are compiled in the core registration. This set of data is also known as an identity vault.
The core registration is leading for the assignment of physical and logical access. All authorizations across the network are loaded and stored in the core registration and made searchable. The core registration provides a 360-degree overview of people’s identity, what they are allowed to do and which resources they have at their disposal. If employees are not listed in the core registration, they will not have access to the network and no physical access to (parts of) the building.
Every change in the source system will result in a modification in the core registration. Since the data is searchable, the security officer can look up a person and directly see in which systems the person is present, under which identities and what the person in question is allowed to do. The security officer can also see for each department and team which rights are used by whom, so that any anomalies can be quickly identified.
License management and more
In addition to the benefits of setting up more efficient processes for the inflow, transfer and outflow of employees and proactively identifying and responding to security incidents, core registration can be used for audits. Because of the availability of a centralized dashboard for keeping track of who has access to which applications, it will be easier to pass software license audits. In this scenario, the dashboard will work as a business intelligence tool for authorizations.
Core registration can also be used to control the license costs. Using the technique role mining, insight can be provided into which applications are available on average for each organizational role. This matching may result in the conclusion that 90 percent of employees in a particular organizational role (e.g. nurse at the cardiology department) use a particular application, like the scheduling system. When it has been identified which applications are required for a particular organisation role, it will be easy to pinpoint employees in the same role who use different applications. In such cases, an additional check can be performed. After all, it is more than likely that the employee in question is unnecessarily incurring license costs.
Finally, any events triggered by the core registration will result in a network action. By linking the core registration to a provisioning system, these network actions can be implemented automatically. When an employee leaves the organization, the provisioning system will set in motion the procedure for shutting down the user account.
For more information, please visit our website.
The ability to quickly anticipate the inflow, transfer and outflow of staff requires a transparent and uniform overview of all the personal data in a single source system. This is called core registration. In many organizations, core registration is absent or incomplete. In such a case, the security officer must ask the various systems administrators for information to find out exactly who an employee is, what they are authorized to do and to which resources they are able to access. After all, the required information is fragmented across various systems, such as the facility management system, Active Directory, the electronic health record and other systems involving complex authorizations, such as planning and scheduling applications.
Active Directory as a source system
Active Directory is often used as a source system for assigning authorizations, as well as keeping track of additional personal or organizational information. Authorizations may find expression, for instance, in Active Directory groups, with information such as the room number, title and department being added to user accounts. However, organizations that do so run into a number of limitations. First of all, Active Directory does not offer a location for arranging physical access. Neither is it very suitable for mapping out persons with multiple employment contracts that are active in various different departments.
In addition, probably the most important limitation for using Active Directory as a source system is authorizations, as a too limited overview of a person is obtained. Active Directory groups are often used to manage access to applications. However, with certain healthcare applications, authorizations are often not handled via Active Directory as it does not “dig deep enough” for this purpose. Users can only see whether someone has access to the application and not what somebody is allowed to do inside the application.
Human resources management system as a source
Some organizations use their human resources management (HRM) system as the source for implementing changes across the network. When an employee is added to the HRM system, a user account is created immediately. However, the HRM system is not exhaustive; freelancers, medical specialists from partnerships and other third parties are often not or only partially included in the system. Furthermore, although the HRM system contains a host of data, it does not contain all the information that is important for IT.
A HRM system only answers the question of “Who is this person and which role does he or she fulfil in the organization?” However, it does not contain information on the permissions people have (which user rights does an employee have in a certain system, for example) or the resources (phone, access pass, laptop) they have at their disposal.
This type of information must be derived from other systems. When somebody leaves the organization, the corresponding Active Directory account will be disabled automatically. Unfortunately, it is not easy to perform other required measures, such as blocking the access pass, collecting the mobile phone and removing the phone number from the phone systems. Disabling user accounts in cloud-based systems usually is an even more complex affair.
There are organizations that use role-based access control (RBAC) alongside the HRM system to set up authorization management. In this approach, authorizations are not assigned on an individual basis, but are based on pre-determined roles. These roles in turn comprise information on the department, title, location and cost center of an employee.
However, RBAC is not all encompassing when it comes to staff transfers. RBAC provides an overview of the authorizations an employee should receive for their new role and what their authorizations are in their current role. The current situation may indicate that an employee has received manual authorizations since they were initially provisioned, and they should be re-validated during their transfer to determine if these rights need to persist.
Identity Vault
Rather than using Active Directory or the HRM system as a source, a better solution would be to deliver these and other data in a single, uniform pane of glass: the core registration.
The objective of core registration is to have a single, leading registration for all identities across the organization. With core registration, personal data are retrieved from all sorts of sources (e.g. the HRM, scheduling, flex pool management, Active Directory and facility management system). These may include name, address and town details, information on the employment contract, the room number, title, manager of the employee, as well as used resources, such as the phone and access pass. All data are compiled in the core registration. This set of data is also known as an identity vault.
The core registration is leading for the assignment of physical and logical access. All authorizations across the network are loaded and stored in the core registration and made searchable. The core registration provides a 360-degree overview of people’s identity, what they are allowed to do and which resources they have at their disposal. If employees are not listed in the core registration, they will not have access to the network and no physical access to (parts of) the building.
Every change in the source system will result in a modification in the core registration. Since the data is searchable, the security officer can look up a person and directly see in which systems the person is present, under which identities and what the person in question is allowed to do. The security officer can also see for each department and team which rights are used by whom, so that any anomalies can be quickly identified.
License management and more
In addition to the benefits of setting up more efficient processes for the inflow, transfer and outflow of employees and proactively identifying and responding to security incidents, core registration can be used for audits. Because of the availability of a centralized dashboard for keeping track of who has access to which applications, it will be easier to pass software license audits. In this scenario, the dashboard will work as a business intelligence tool for authorizations.
Core registration can also be used to control the license costs. Using the technique role mining, insight can be provided into which applications are available on average for each organizational role. This matching may result in the conclusion that 90 percent of employees in a particular organizational role (e.g. nurse at the cardiology department) use a particular application, like the scheduling system. When it has been identified which applications are required for a particular organisation role, it will be easy to pinpoint employees in the same role who use different applications. In such cases, an additional check can be performed. After all, it is more than likely that the employee in question is unnecessarily incurring license costs.
Finally, any events triggered by the core registration will result in a network action. By linking the core registration to a provisioning system, these network actions can be implemented automatically. When an employee leaves the organization, the provisioning system will set in motion the procedure for shutting down the user account.
For more information, please visit our website.
Friday, September 5, 2014
Four Simple Solutions for Introducing Complex Passwords
Passwords are a pain and you’re on the hunt to make the management of them easier and less offensive. Complex passwords were initially introduced to improve the security of your systems, but the introduction of such passwords -- which also have to be changed regularly -- leads to resistance among your employees. After all, they have to remember of multitude of password/user name combinations. This results in insecure situations where employees write down passwords on Post-Its and many password reset requests to the helpdesk.
Here are four simple solutions that you can introduce for managing complex passwords that won’t cause frustration among users.
Reduce the number of passwords with single sign-on. Reduce the number of passwords and ensure that employees only have to remember one (complex) password instead of dozens. Single sign-on (SSO) offers the ability to do this. SSO lets employees log in just once, after which access is automatically granted to all applications and systems the user might open. So the staff member doesn’t have to log in afresh for each application. And that saves an average of three to five logins with varying passwords each day.
Perhaps you want to do away with even this one remaining password? In that case, SSO can be deployed in combination with an access pass. The security card your employees use to gain access to the premises or parts of the premises, then replaces the final password/user name combination. By presenting a card to or into a reader and, if required, entering a PIN code, the user is automatically logged in. When the employee again presents the card to a reader, he or she is then logged out.
Automatic password synchronization. Wouldn’t it be ideal if the same password/username combination could be used for every application? The difficulty here is that the passwords almost always have an expiry date and need to be renewed regularly. Typically, the expiry date is not the same for every application. For some applications a new password has to be set monthly, while other software might only require it once a year. It’s virtually impossible for users to reset a newly introduced password in all the other required applications so that the password would then indeed be identical everywhere.
However you can actually automate this very well with solutions for password synchronization, which ensure that passwords are and remain synchronous in multiple systems. The newly set password is then immediately intercepted and forwarded to all other applications.
Help users to create strong passwords. Employees often find it difficult to come up with complex passwords. Some applications insist that the password must contain an uppercase letter, a punctuation mark or a figure. Or that the password must differ from the old one by X percentage.
That’s why users need some help in creating new, strong passwords. Password creation tools assist users in producing their passwords. The established complexity rules are shown when users configure a new password, and they are notified whether the relevant requirements have been met.
Let users reset their passwords themselves. As mentioned earlier, the introduction of complex passwords leads to an increase in the number of password reset requests to the helpdesk. To ease the burden on the helpdesk, it’s possible to let users reset their passwords themselves. Users identify themselves by correctly answering a number of personal questions (e.g. “What’s your mother’s maiden name?”) and can then reset their own passwords, without the intervention of the helpdesk.
A combination of these solutions means time-consuming registration procedures are a thing of the past and the helpdesk is relieved of the problems. Users benefit from maximum user-friendliness, while productivity rises.
Learn more at our website.
Here are four simple solutions that you can introduce for managing complex passwords that won’t cause frustration among users.
Reduce the number of passwords with single sign-on. Reduce the number of passwords and ensure that employees only have to remember one (complex) password instead of dozens. Single sign-on (SSO) offers the ability to do this. SSO lets employees log in just once, after which access is automatically granted to all applications and systems the user might open. So the staff member doesn’t have to log in afresh for each application. And that saves an average of three to five logins with varying passwords each day.
Perhaps you want to do away with even this one remaining password? In that case, SSO can be deployed in combination with an access pass. The security card your employees use to gain access to the premises or parts of the premises, then replaces the final password/user name combination. By presenting a card to or into a reader and, if required, entering a PIN code, the user is automatically logged in. When the employee again presents the card to a reader, he or she is then logged out.
Automatic password synchronization. Wouldn’t it be ideal if the same password/username combination could be used for every application? The difficulty here is that the passwords almost always have an expiry date and need to be renewed regularly. Typically, the expiry date is not the same for every application. For some applications a new password has to be set monthly, while other software might only require it once a year. It’s virtually impossible for users to reset a newly introduced password in all the other required applications so that the password would then indeed be identical everywhere.
However you can actually automate this very well with solutions for password synchronization, which ensure that passwords are and remain synchronous in multiple systems. The newly set password is then immediately intercepted and forwarded to all other applications.
Help users to create strong passwords. Employees often find it difficult to come up with complex passwords. Some applications insist that the password must contain an uppercase letter, a punctuation mark or a figure. Or that the password must differ from the old one by X percentage.
That’s why users need some help in creating new, strong passwords. Password creation tools assist users in producing their passwords. The established complexity rules are shown when users configure a new password, and they are notified whether the relevant requirements have been met.
Let users reset their passwords themselves. As mentioned earlier, the introduction of complex passwords leads to an increase in the number of password reset requests to the helpdesk. To ease the burden on the helpdesk, it’s possible to let users reset their passwords themselves. Users identify themselves by correctly answering a number of personal questions (e.g. “What’s your mother’s maiden name?”) and can then reset their own passwords, without the intervention of the helpdesk.
A combination of these solutions means time-consuming registration procedures are a thing of the past and the helpdesk is relieved of the problems. Users benefit from maximum user-friendliness, while productivity rises.
Learn more at our website.
Friday, August 29, 2014
Benefits of SSO for all businesses
Single sign-on (SSO) solutions benefit system end users, allowing them to quickly log on to their accounts by entering only one set of credentials and thereafter automatically logging them into all their systems and applications. In addition to this benefit, SSO provides other features that can further help end users and system admins throughout any organization.
Additional advantages of SSO, that are often not discussed, include:
Reduction in calls to the helpdesk
Often, since end users are required to remember several different sets of log in credentials, many of which are complicated and require special characters, they have trouble remembering each combination of user name and password. This leads to them calling the helpdesk to reset their passwords. With an SSO solution, end users only need to remember one set of credentials, which drastically reduces calls to the helpdesk and allows them to focus on more important tasks.
Integrates with other solutions
SSO is often able to integrate with other beneficial software, such as self-service password resetting and user provisioning. This allows organizations the ability to easily integrate SSO with solutions they might already have in place or with new software. For password resets, applications that require a new password every month or so, SSO can automatically generate a new password. With user provisioning, SSO can automatically provision a password for a new user.
Follow me
Another additional feature that can be added to SSO is the principle of “follow me.” This allows end users that need to work on different computers, such as doctors in the hospital setting, to easily do so by being able to log in on one computer and then quickly log out and continue their work on another computer. With “follow me,” users can quickly move to different work stations and do not have to open all applications that they were previously working on.
Fast user switching
In situations where users need to log in and out quickly, SSO can be very beneficial. Fast user switching allows users to quickly log on and have all of their applications started and logged in to on public computers. This can further be simplified by allowing the user to quickly swipe a pass card and have the same actions take place. Once they remove the card they are automatically signed out of all applications and the computer.
Fulfills compliance
SSO allows organizations to easily fulfill compliance and regulations. One way in which this is true is that an SSO solution can allow system admins to easily revoke access for a user in a single action, instead of having to go through each application. A report can also easily be generated to show which users have access to what applications to ensure that no users have access to information or applications that they shouldn’t. Lastly, SSO solutions can provide an additional check before the user logins to any critical application by requiring them to enter an additional PIN code or smart card.
Reduction of risks
A SSO solution not only makes the log on process more convenient and faster for the end user, it also makes the company’s information and applications more secure. When employees need to remember several different credentials they often write them down and keep them by their computers, which increases risk of someone unauthorized logging in. With and SSO solution the user only has to remember one set of credentials, reducing the chance that they will write them down.
For more information, please visit our website.
Additional advantages of SSO, that are often not discussed, include:
Reduction in calls to the helpdesk
Often, since end users are required to remember several different sets of log in credentials, many of which are complicated and require special characters, they have trouble remembering each combination of user name and password. This leads to them calling the helpdesk to reset their passwords. With an SSO solution, end users only need to remember one set of credentials, which drastically reduces calls to the helpdesk and allows them to focus on more important tasks.
Integrates with other solutions
SSO is often able to integrate with other beneficial software, such as self-service password resetting and user provisioning. This allows organizations the ability to easily integrate SSO with solutions they might already have in place or with new software. For password resets, applications that require a new password every month or so, SSO can automatically generate a new password. With user provisioning, SSO can automatically provision a password for a new user.
Follow me
Another additional feature that can be added to SSO is the principle of “follow me.” This allows end users that need to work on different computers, such as doctors in the hospital setting, to easily do so by being able to log in on one computer and then quickly log out and continue their work on another computer. With “follow me,” users can quickly move to different work stations and do not have to open all applications that they were previously working on.
Fast user switching
In situations where users need to log in and out quickly, SSO can be very beneficial. Fast user switching allows users to quickly log on and have all of their applications started and logged in to on public computers. This can further be simplified by allowing the user to quickly swipe a pass card and have the same actions take place. Once they remove the card they are automatically signed out of all applications and the computer.
Fulfills compliance
SSO allows organizations to easily fulfill compliance and regulations. One way in which this is true is that an SSO solution can allow system admins to easily revoke access for a user in a single action, instead of having to go through each application. A report can also easily be generated to show which users have access to what applications to ensure that no users have access to information or applications that they shouldn’t. Lastly, SSO solutions can provide an additional check before the user logins to any critical application by requiring them to enter an additional PIN code or smart card.
Reduction of risks
A SSO solution not only makes the log on process more convenient and faster for the end user, it also makes the company’s information and applications more secure. When employees need to remember several different credentials they often write them down and keep them by their computers, which increases risk of someone unauthorized logging in. With and SSO solution the user only has to remember one set of credentials, reducing the chance that they will write them down.
For more information, please visit our website.
Friday, August 15, 2014
Challenges of managing information in the cloud
The cloud continues to be much discussed and the many benefits it offers organizations of all sizes. Rarely is it mentioned, though, that there are a number of complications that come with managing data there, especially in regard to end user accounts and access of applications.
Using cloud applications surely can impact the security, compliance and IT-related cost savings of an organization. In relation to identity and access management, when several cloud applications are implemented, provisioning, password management and the monitoring of access begins to become quite a challenge. Because of this, organizational leaders should seriously consider implementing an automated cloud identity management solution if they’re using or making a move.
Auto provisioning
Creating accounts in cloud applications can be time consuming for both the IT department and the end user. System administrators must manually create accounts for users, which often delays users having access for days and not being able to get their work done. With an automated cloud identity management solution, user accounts are automatically created, modified, enabled or disabled via a synchronization with the HR system. The helpdesk or manager handling the process can easily make changes in one place and automatically synchronize these changes to all cloud applications.
Security
When an organization begins to use several cloud applications, it often becomes difficult to determine that the correct people have the correct access to systems and applications. Users may have access to systems and applications that they shouldn’t, leaving data vulnerable to breach. With a role-based access control (RBAC) module, for example, system administrators can easily control access to the company’s cloud applications on the basis of an employee’s department or job title based on records from the human resource system. So doing, ensures that each employee has the correct access to systems, even in cloud applications.
Password issues
Passwords often become a problem when implementing numerous cloud applications. Since IT administrators need to manage passwords for countless users, who often have trouble remembering several sets of credentials, the responsibility falls on the IT department to deal with resetting these passwords when users forget them. A cloud SSO solution can be used so that end users only must remember one set of credentials for all of their cloud applications, which can be based on their existing Active Directory credentials. If for any reason a password needs to be reset, it can be changed in one place, Active Directory, and then be automatically synchronized with all cloud applications.
Audit
As more cloud applications are deployed in an organization, the need for reporting of whom is using what applications and systems become paramount. The complexity of managing this process is increased by the number of cloud applications deployed and the number of users accessing the systems. A centralized dashboard can be used in an automated identity management solution to easily see on overview of usage and logging in. This allows management to easily review the report for auditing purposes, as well as controlling license costs.
Overall, cloud IAM solutions offer benefits to end users, IT departments and even management. End users are able to receive their account access quickly and not have to wait to perform their jobs if locked out and IT has full control over the applications and authorizations without having to spend countless hours on account management.
For management, audit and compliance is made easier because of the solutions. They don’t need to spend money on expenses in relation to the applications or the helpdesk, and are able to receive the full benefits of using cloud applications as originally expected.
For more information, please visit our website.
Using cloud applications surely can impact the security, compliance and IT-related cost savings of an organization. In relation to identity and access management, when several cloud applications are implemented, provisioning, password management and the monitoring of access begins to become quite a challenge. Because of this, organizational leaders should seriously consider implementing an automated cloud identity management solution if they’re using or making a move.
Auto provisioning
Creating accounts in cloud applications can be time consuming for both the IT department and the end user. System administrators must manually create accounts for users, which often delays users having access for days and not being able to get their work done. With an automated cloud identity management solution, user accounts are automatically created, modified, enabled or disabled via a synchronization with the HR system. The helpdesk or manager handling the process can easily make changes in one place and automatically synchronize these changes to all cloud applications.
Security
When an organization begins to use several cloud applications, it often becomes difficult to determine that the correct people have the correct access to systems and applications. Users may have access to systems and applications that they shouldn’t, leaving data vulnerable to breach. With a role-based access control (RBAC) module, for example, system administrators can easily control access to the company’s cloud applications on the basis of an employee’s department or job title based on records from the human resource system. So doing, ensures that each employee has the correct access to systems, even in cloud applications.
Password issues
Passwords often become a problem when implementing numerous cloud applications. Since IT administrators need to manage passwords for countless users, who often have trouble remembering several sets of credentials, the responsibility falls on the IT department to deal with resetting these passwords when users forget them. A cloud SSO solution can be used so that end users only must remember one set of credentials for all of their cloud applications, which can be based on their existing Active Directory credentials. If for any reason a password needs to be reset, it can be changed in one place, Active Directory, and then be automatically synchronized with all cloud applications.
Audit
As more cloud applications are deployed in an organization, the need for reporting of whom is using what applications and systems become paramount. The complexity of managing this process is increased by the number of cloud applications deployed and the number of users accessing the systems. A centralized dashboard can be used in an automated identity management solution to easily see on overview of usage and logging in. This allows management to easily review the report for auditing purposes, as well as controlling license costs.
Overall, cloud IAM solutions offer benefits to end users, IT departments and even management. End users are able to receive their account access quickly and not have to wait to perform their jobs if locked out and IT has full control over the applications and authorizations without having to spend countless hours on account management.
For management, audit and compliance is made easier because of the solutions. They don’t need to spend money on expenses in relation to the applications or the helpdesk, and are able to receive the full benefits of using cloud applications as originally expected.
For more information, please visit our website.
Friday, August 8, 2014
How two factor authentication can easily add security for access
Organizations large and small can easily add security to their login procedures with two-factor authentication, which is a simple process that requires users to enter more than one piece of information to access accounts. For example, in addition to simply entering a user name and password, two-factor authentication requires use of another identifier, such as a smart card or a PIN code.
Major organizations are making use of two-factor authorization — Twitter and Google. And while its primary goal is to improve security of systems and applications, the solutions also provide additional features that can be of benefit to all organizations. Here are some of the uses, and features, of two-factor authentication that can benefit employees and their organization:
Easily customizable: System administrations can customize the two-factor authentication process to meet their needs. For example, rules can be created that mandate that during the time a user is logged into an organization’s systems, his smart card also must be in the reader the whole time the employee is working. In this scenario, if the user removes the card he is then automatically logged out of the system. On the other hand, rules also can be written that requires a user to present the card for a few seconds when first logging in for him to access all needed systems.
PIN code memory: Though end users have to enter a PIN code for two-factor authentication, the internal systems have the ability to remember PIN codes for a defined period of time. Users then only have to enter their PIN code once when first logging into the computer at the beginning of the workday and not again after that. Each time after, during the same day, employees or users only have to present their smart card to access systems and not their PIN. This ensures that systems are secure, but does not inconvenience users by requiring them to enter both the PIN code and card each time they login.
Self-service registration: When first implementing smart card use, end users can securely register their smart cards themselves, taking the burden off of the IT department. Once a user inserts his card, which is not registered into the reader, it will enable a user to assign their username and password to this card.
Advanced authentication for resetting passwords: Two-factor authentication can be used to enable users to reset their own passwords. In addition to answering a series of questions that they previously provided answers to, end users can be sent a code via SMS or email that they will have to enter before being able to reset their passwords.
PIN code sent via email or SMS: The PIN code or password that end users provide as one source of authentication does not have to be something that the user actually remembers; nor does it have to be the same password every time. A password PIN can be automatically generated and sent to the user via text message to her cell phone or to her email account, which she then inputs to gain access to her account.
For more information, please visit our website.
Major organizations are making use of two-factor authorization — Twitter and Google. And while its primary goal is to improve security of systems and applications, the solutions also provide additional features that can be of benefit to all organizations. Here are some of the uses, and features, of two-factor authentication that can benefit employees and their organization:
Easily customizable: System administrations can customize the two-factor authentication process to meet their needs. For example, rules can be created that mandate that during the time a user is logged into an organization’s systems, his smart card also must be in the reader the whole time the employee is working. In this scenario, if the user removes the card he is then automatically logged out of the system. On the other hand, rules also can be written that requires a user to present the card for a few seconds when first logging in for him to access all needed systems.
PIN code memory: Though end users have to enter a PIN code for two-factor authentication, the internal systems have the ability to remember PIN codes for a defined period of time. Users then only have to enter their PIN code once when first logging into the computer at the beginning of the workday and not again after that. Each time after, during the same day, employees or users only have to present their smart card to access systems and not their PIN. This ensures that systems are secure, but does not inconvenience users by requiring them to enter both the PIN code and card each time they login.
Self-service registration: When first implementing smart card use, end users can securely register their smart cards themselves, taking the burden off of the IT department. Once a user inserts his card, which is not registered into the reader, it will enable a user to assign their username and password to this card.
Advanced authentication for resetting passwords: Two-factor authentication can be used to enable users to reset their own passwords. In addition to answering a series of questions that they previously provided answers to, end users can be sent a code via SMS or email that they will have to enter before being able to reset their passwords.
PIN code sent via email or SMS: The PIN code or password that end users provide as one source of authentication does not have to be something that the user actually remembers; nor does it have to be the same password every time. A password PIN can be automatically generated and sent to the user via text message to her cell phone or to her email account, which she then inputs to gain access to her account.
For more information, please visit our website.
Friday, August 1, 2014
Continual IT Audits
Information audits are inconvenient, unpleasant and rarely fun. They are a headache because of the fact that when audit season comes around, they take resources away from several departments for extended periods of time while staff managing and leading them also must continue their other daily roles. Unfortunately, there is no getting around an audit, whether internal or external.
Several major compliance regulations in the United States including the Health Insurance Portability and Accountability Act (HIPAA), the Control Objectives for Information and Related Technology (COBIT) and Sarbanes Oxley Act (SOX) require businesses to ensure certain standards within their organizations, including protection of data and full disclosure. Organizations that do not comply face significant fines and potential punishment.
Since audits are mandatory, organizations need to instead find ways that make dealing with them simpler. This is why organizational leaders should instead focus on conducting continual audits or implementing solutions that can help them stay in line with their audit needs throughout the year. This allows them to perform the work for audits along the way instead of having to do it all at once.
Instead of an annual audit check followed by an extensive clean-up operation, several leading organizations are implementing solutions that allow them to exercise constant control over the identities in their networks, their lifecycles and their authorizations.
Continual Audits
To achieve continual audits, some organizations have utilized identity and access management solutions. An automated account management solution with role-based access control (RBAC) allows a manager to oversee and document exactly who has access to what, and any changes they are making. With RBAC in place, managers can easily see an overview of access and correct any issues that arise. This also makes it extremely easy to provide a list of employees who have access to critical data when it comes to audit time.
These same automated account management solutions allow for other tasks to be continually documented for audits in an organized manner. The system automatically logs which employee performs a particular management activity, as well as the time it occurred. Management reporting can be generated in a wide variety of formats meaning the organization always has an insight into the processes involved and whether they are in compliance with regulations.
Case In Point
The Salvation Army had relied on an inefficient paper system prior to its automated solution. The paper system was almost impossible to audit. The automated account management solution has completely resolved this issue and the organization can now easily meet requirements.
According to the Salvation Army’s Christian Cundall, head of messaging services, the organization needed to introduce a solution for user management and auditing for simple reasons. “We were experiencing 1,000 calls a month to our helpdesk for user account-related changes. Any change requests needed to be confirmed via fax, resulting in a large paper trail, which was impossible to audit. The faxes often contained errors and omissions, adding to the workload placed on our helpdesk; 90 percent of the work needed to be duplicated.”
“We were impressed by the ability to force users to comply with our naming conventions, and provide a full log on all actions for auditing purposes,” said Cundall.
For more information, please visit our website.
Several major compliance regulations in the United States including the Health Insurance Portability and Accountability Act (HIPAA), the Control Objectives for Information and Related Technology (COBIT) and Sarbanes Oxley Act (SOX) require businesses to ensure certain standards within their organizations, including protection of data and full disclosure. Organizations that do not comply face significant fines and potential punishment.
Since audits are mandatory, organizations need to instead find ways that make dealing with them simpler. This is why organizational leaders should instead focus on conducting continual audits or implementing solutions that can help them stay in line with their audit needs throughout the year. This allows them to perform the work for audits along the way instead of having to do it all at once.
Instead of an annual audit check followed by an extensive clean-up operation, several leading organizations are implementing solutions that allow them to exercise constant control over the identities in their networks, their lifecycles and their authorizations.
Continual Audits
To achieve continual audits, some organizations have utilized identity and access management solutions. An automated account management solution with role-based access control (RBAC) allows a manager to oversee and document exactly who has access to what, and any changes they are making. With RBAC in place, managers can easily see an overview of access and correct any issues that arise. This also makes it extremely easy to provide a list of employees who have access to critical data when it comes to audit time.
These same automated account management solutions allow for other tasks to be continually documented for audits in an organized manner. The system automatically logs which employee performs a particular management activity, as well as the time it occurred. Management reporting can be generated in a wide variety of formats meaning the organization always has an insight into the processes involved and whether they are in compliance with regulations.
Case In Point
The Salvation Army had relied on an inefficient paper system prior to its automated solution. The paper system was almost impossible to audit. The automated account management solution has completely resolved this issue and the organization can now easily meet requirements.
According to the Salvation Army’s Christian Cundall, head of messaging services, the organization needed to introduce a solution for user management and auditing for simple reasons. “We were experiencing 1,000 calls a month to our helpdesk for user account-related changes. Any change requests needed to be confirmed via fax, resulting in a large paper trail, which was impossible to audit. The faxes often contained errors and omissions, adding to the workload placed on our helpdesk; 90 percent of the work needed to be duplicated.”
“We were impressed by the ability to force users to comply with our naming conventions, and provide a full log on all actions for auditing purposes,” said Cundall.
For more information, please visit our website.
Friday, July 11, 2014
The Three Sides to Data Security
n today’s complex corporate and business network environments, controlling access to sensitive data is of utmost concern. The amount of security-related data stored across a network is immense for many organizations, and relating all this data to the user’s account information in Active Directory can be tricky and time consuming.
There are really three sides to proper data security.
The first step is ensuring that new employee accounts are created with the proper access rights when an employee joins the organization. The second is making sure those access rights remain accurate during the employee’s tenure. The third is revoking all access rights when the employee leaves.
Let’s take a more in-depth look at solutions for all three of these phases of data security.
Defining A Role
By using a role-based access control matrix in conjunction with an identity management solution, companies can ensure that accounts for new employees are always created with proper access rights.
The first step of this stage is to define the roles that employees should have in the organization. This is usually a combination of department, location, and job title.
While establishing the data access rights, group memberships, and application requirements for each role can be time consuming, the end result will allow a template for both new employee creation and an audit point in the future.
Software applications are available that will allow the linking of a human resource system to Active Directory for automatic account creation with all proper rights. Additionally, if there are special requirements, a workflow system can easily be established to allow manager and system owners to process approvals before access is granted.
Managing Access and Security
Access rights to data often tend to creep into multiple areas over an employees’ tenure with an organization.
For example, rights are assigned to one employee for special projects while one employee is covering for another on leave or when an employee changes departments and responsibilities. The revocation of these special or historical rights occurs infrequently at best.
Again, software solutions are available to analyze the rights of employees and make the information actionable. For the product to provide value, there are several items that should be considered as mandatory including the ability to detect:
Once an audit of access rights is performed, it can be compared against the baseline template for each employee role initially established. Any deltas can then be sent to managers and systems owners for verification or revocation of the rights.
Revoking Access
The final step in the data security process is one that is often overlooked or not performed in a timely fashion: the termination of access rights to the network, data and all applications, including cloud-based solutions, must be accomplished immediately upon an employee’s termination.
For example: a terminated sales rep had his network access revoked immediately upon departure, but the organization did not have a process in place to disable access in a timely manner to a cloud-based business intelligence application. The terminated employee realized the account was still live and proceeded to download more than 10,000 records over the course of the next 30 days at a cost to the company of more than $6,000.
The point of this story: imagine the costs if 20, 30, or 100 terminated employees did this very same thing in a short period of time.
When putting a process in place to handle terminated employees, the most common scenario is, once again, a link to the HR system.
When an employee is terminated, a synchronization process needs to be in place to handle the decommissioning of accounts in all internal and external systems. If feasible, using web services or application programming interfaces (API’s) to automate the process will save time and money in the long run. Where not feasible, an email workflow process should be established whereby system owners are notified to terminate the account and positive feedback required to establish the work has been completed.
It is imperative that organizations implement the necessary security measures to insure that access to data, groups and applications are right sized for an employee during their tenure. Equally critical is the revocation of all account access when they depart. Failure to meet these criteria can lead to theft of secure data and costly access to external applications.
For more information, please visit our website.
There are really three sides to proper data security.
The first step is ensuring that new employee accounts are created with the proper access rights when an employee joins the organization. The second is making sure those access rights remain accurate during the employee’s tenure. The third is revoking all access rights when the employee leaves.
Let’s take a more in-depth look at solutions for all three of these phases of data security.
Defining A Role
By using a role-based access control matrix in conjunction with an identity management solution, companies can ensure that accounts for new employees are always created with proper access rights.
The first step of this stage is to define the roles that employees should have in the organization. This is usually a combination of department, location, and job title.
While establishing the data access rights, group memberships, and application requirements for each role can be time consuming, the end result will allow a template for both new employee creation and an audit point in the future.
Software applications are available that will allow the linking of a human resource system to Active Directory for automatic account creation with all proper rights. Additionally, if there are special requirements, a workflow system can easily be established to allow manager and system owners to process approvals before access is granted.
Managing Access and Security
Access rights to data often tend to creep into multiple areas over an employees’ tenure with an organization.
For example, rights are assigned to one employee for special projects while one employee is covering for another on leave or when an employee changes departments and responsibilities. The revocation of these special or historical rights occurs infrequently at best.
Again, software solutions are available to analyze the rights of employees and make the information actionable. For the product to provide value, there are several items that should be considered as mandatory including the ability to detect:
- Direct access to a file/directory rather than access through a group membership.
- Access to a file/directory through multiple or nested group memberships.
- Groups and user accounts that are no longer present in Active Directory.
- Duplicate access privileges to a file/folder of a user or user group.
- Access to files/directories through a local or file system user account.
Once an audit of access rights is performed, it can be compared against the baseline template for each employee role initially established. Any deltas can then be sent to managers and systems owners for verification or revocation of the rights.
Revoking Access
The final step in the data security process is one that is often overlooked or not performed in a timely fashion: the termination of access rights to the network, data and all applications, including cloud-based solutions, must be accomplished immediately upon an employee’s termination.
For example: a terminated sales rep had his network access revoked immediately upon departure, but the organization did not have a process in place to disable access in a timely manner to a cloud-based business intelligence application. The terminated employee realized the account was still live and proceeded to download more than 10,000 records over the course of the next 30 days at a cost to the company of more than $6,000.
The point of this story: imagine the costs if 20, 30, or 100 terminated employees did this very same thing in a short period of time.
When putting a process in place to handle terminated employees, the most common scenario is, once again, a link to the HR system.
When an employee is terminated, a synchronization process needs to be in place to handle the decommissioning of accounts in all internal and external systems. If feasible, using web services or application programming interfaces (API’s) to automate the process will save time and money in the long run. Where not feasible, an email workflow process should be established whereby system owners are notified to terminate the account and positive feedback required to establish the work has been completed.
It is imperative that organizations implement the necessary security measures to insure that access to data, groups and applications are right sized for an employee during their tenure. Equally critical is the revocation of all account access when they depart. Failure to meet these criteria can lead to theft of secure data and costly access to external applications.
For more information, please visit our website.
Friday, June 27, 2014
Single Sign-on: Regulating Access Cards
By now, many organizations and employees are aware of the advantages of single sign-on (SSO) solutions because they only have to remember a single password rather than dozens of complex passwords.
In essence, because of the technology, IT departments receive fewer password reset calls, while the organization also can use the solutions to meet its auditing requirements.
Typically, after the number of passwords has been reduced to a single complex password, organizations often replace its remaining password, too. SSO makes this possible by replacing the remaining username and password with an access card and a PIN code. Any type of user card can be used for this; for example, an ID or library card. Users will be logged in automatically by placing their card against, or on, a card reader. The card’s unique ID is then linked to the holder’s username and password. This is referred to as self-service enrollment.
It’s a user-friendly service for employees, but many organizations do not want employees using random card types. Instead, they only want to use cards issued by the organization itself. Because of this, certain cards can be excluded from self-service enrollment, so that physical access cards are only allowed if they are used internally.
Enterprise single sign-on solutions offers the ability to only allow active cards. When a card is issued (when a new employee enters service), it is activated. By setting up a link with the key card system, it’s possible to only accept cards that are used actively within the organization. The main advantage is that the existing and mature facility management process will govern both physical and logical access. When employees leave service, their access cards will be revoked and/or disabled, after which the card is also disabled in the enterprise single sign-on. The result is effectively disabling access to the network and any applications.
Additionally, organizations might go a step further and only accept cards of employees who are physically present within the premises. Another option is to link access cards to the HR system. When the HR system indicates that an employee has left service, that user card will be disabled so that it can no longer be presented to obtain physical or logical access.
Single sign-on combined with a user cards offers a variety of options for integration with other systems, increase security and further protect organizational data.
For more information on SSO, please visit our website.
In essence, because of the technology, IT departments receive fewer password reset calls, while the organization also can use the solutions to meet its auditing requirements.
Typically, after the number of passwords has been reduced to a single complex password, organizations often replace its remaining password, too. SSO makes this possible by replacing the remaining username and password with an access card and a PIN code. Any type of user card can be used for this; for example, an ID or library card. Users will be logged in automatically by placing their card against, or on, a card reader. The card’s unique ID is then linked to the holder’s username and password. This is referred to as self-service enrollment.
It’s a user-friendly service for employees, but many organizations do not want employees using random card types. Instead, they only want to use cards issued by the organization itself. Because of this, certain cards can be excluded from self-service enrollment, so that physical access cards are only allowed if they are used internally.
Enterprise single sign-on solutions offers the ability to only allow active cards. When a card is issued (when a new employee enters service), it is activated. By setting up a link with the key card system, it’s possible to only accept cards that are used actively within the organization. The main advantage is that the existing and mature facility management process will govern both physical and logical access. When employees leave service, their access cards will be revoked and/or disabled, after which the card is also disabled in the enterprise single sign-on. The result is effectively disabling access to the network and any applications.
Additionally, organizations might go a step further and only accept cards of employees who are physically present within the premises. Another option is to link access cards to the HR system. When the HR system indicates that an employee has left service, that user card will be disabled so that it can no longer be presented to obtain physical or logical access.
Single sign-on combined with a user cards offers a variety of options for integration with other systems, increase security and further protect organizational data.
For more information on SSO, please visit our website.
Friday, June 13, 2014
IAM for Small Businesses - Why they need to focus on identity and access management issues
While often overlooked, small businesses — like large organizations — frequently have numerous identity and access management issues. These include ensuring security of systems and applications, as well as handling copious password issues. Unlike large organizations, though, small businesses often do not have the staff and resources readily available to easily handle these tasks so they either go unaddressed or require more time and money than is necessary.
There are several solutions for small businesses, though, that easily mitigates these problems and save time and money in the long run. The following are common password management issues that small businesses have and how IAM solutions can easily solve them:
Easily Managing Passwords
Employees, no matter what the size of the organization, often have many sets of credentials they need to use when logging into their applications to perform their jobs. To remember multiple sets of credentials, they often write down their user names and passwords and store them somewhere near their desks. Doing so puts the organizations applications at risk and reduces the security.
An easy way for small business to reduce the headache of multiple passwords for their employees to manage, as well as to ensure the security of their systems, is with a single sign-on (SSO) application. With an SSO solution, employees only have to remember one set of credentials. These allow them to enter their single user name and password one time and, thereafter, are automatically signed into all applications and systems once they are opened.
It also ensures that employees will not use non-secure methods to remember their passwords.
Dealing with Sensitive Data
Like larger organizations, small businesses often deal with sensitive data and information that needs to be kept secure. They often need to ensure that this information cannot easily be accessed by just anyone in the organization.
Many small businesses have solved this issue by implementing a single sign-on solution in combination with two-factor authentication. This allows small businesses to add another layer of security to systems and applications. Two-factor authentication is used by requiring users to present a smart card, as well as a PIN code, to access certain systems. Two-factor authentication also can be customized to the needs of the organization such as having the computer remember the PIN for a defined period of time after it is entered or automatically closing all sessions on the computer after the smart card is removed. Each of these customizations adds additional security to the systems, as well as improving efficiency for the user.
Quickly Resetting Passwords
When an employee forgets his password, or is locked out of an application, he usually needs to go through the time-consuming process of resetting his passwords. In a small business, there may not be a 24×7 helpdesk to call to resolve this issue. If there is a helpdesk or IT department, focusing on password resets can take away from the department’s time of focusing on other issues.
The IAM solution that can easily help with this issue is a self-service reset password solution. This allows end users to easily and securely reset passwords themselves. Users simply register by providing answers to a few personal questions — much like a banking website — then when they need to reset their password they simply click the “forgot my password” button, provide the correct answers and are able to reset their password without having to contact anyone else at the company. This reduces the annoyance of password resets for both the IT department and the end user, and allows employees to both be productive and work on more important tasks.
Overall, small businesses have many of the same issues that larger organizations deal with but often do not have the budget to deal with them. By implementing one or all of the solutions they are able to reduce the amount of time the IT staff spends dealing with these issues, and not need to have an employee working full time to handle them, thus drastically reducing their own administrative costs.
For more information, please visit our website.
There are several solutions for small businesses, though, that easily mitigates these problems and save time and money in the long run. The following are common password management issues that small businesses have and how IAM solutions can easily solve them:
Easily Managing Passwords
Employees, no matter what the size of the organization, often have many sets of credentials they need to use when logging into their applications to perform their jobs. To remember multiple sets of credentials, they often write down their user names and passwords and store them somewhere near their desks. Doing so puts the organizations applications at risk and reduces the security.
An easy way for small business to reduce the headache of multiple passwords for their employees to manage, as well as to ensure the security of their systems, is with a single sign-on (SSO) application. With an SSO solution, employees only have to remember one set of credentials. These allow them to enter their single user name and password one time and, thereafter, are automatically signed into all applications and systems once they are opened.
It also ensures that employees will not use non-secure methods to remember their passwords.
Dealing with Sensitive Data
Like larger organizations, small businesses often deal with sensitive data and information that needs to be kept secure. They often need to ensure that this information cannot easily be accessed by just anyone in the organization.
Many small businesses have solved this issue by implementing a single sign-on solution in combination with two-factor authentication. This allows small businesses to add another layer of security to systems and applications. Two-factor authentication is used by requiring users to present a smart card, as well as a PIN code, to access certain systems. Two-factor authentication also can be customized to the needs of the organization such as having the computer remember the PIN for a defined period of time after it is entered or automatically closing all sessions on the computer after the smart card is removed. Each of these customizations adds additional security to the systems, as well as improving efficiency for the user.
Quickly Resetting Passwords
When an employee forgets his password, or is locked out of an application, he usually needs to go through the time-consuming process of resetting his passwords. In a small business, there may not be a 24×7 helpdesk to call to resolve this issue. If there is a helpdesk or IT department, focusing on password resets can take away from the department’s time of focusing on other issues.
The IAM solution that can easily help with this issue is a self-service reset password solution. This allows end users to easily and securely reset passwords themselves. Users simply register by providing answers to a few personal questions — much like a banking website — then when they need to reset their password they simply click the “forgot my password” button, provide the correct answers and are able to reset their password without having to contact anyone else at the company. This reduces the annoyance of password resets for both the IT department and the end user, and allows employees to both be productive and work on more important tasks.
Overall, small businesses have many of the same issues that larger organizations deal with but often do not have the budget to deal with them. By implementing one or all of the solutions they are able to reduce the amount of time the IT staff spends dealing with these issues, and not need to have an employee working full time to handle them, thus drastically reducing their own administrative costs.
For more information, please visit our website.
Friday, June 6, 2014
Security Solutions for Working Remotely
In the last six years working remotely grew a staggering 73 percent. One of four U.S. employees works remotely at least some of the time and that doesn’t include people who work remotely because they travel regularly. Richard Branson, founder of Virgin Group, blogged, “One day offices will be a thing of the past.” Until then, though, security issues with working remotely need to be ironed out.
Yet another major trend is universities and education entities creating online programs for students who live far from campus, prefer schooling from home or have less time to complete a program at traditional school times.
Though working from home, whether it’s for a company or for school, has many benefits, it causes significant issues for both the organization’s IT department and the end users.
Here are three major issues and solutions.
Issue #1: Managing accounts for remote employees
Correctly provisioning accounts for hundreds or thousands of users who are not physically working within the walls of an organization can be a major headache for IT. It also can be an issue for the end users as employees and students need their accounts quickly and correctly provisioned so that they can begin their work and have access to the systems and applications that they need.
In addition, ensuring that employees that are no longer with the company are correctly de-provisioned also needs to be done properly. A disgruntled employee that has access to the organization’s network can cause a great deal of havoc to its data.
Issue #2: Losing track of who has access to what
Amidst all of the account provisioning, granting access and revoking access to the many cloud applications, organizational IT leaders can easily lose track of exactly who has access to what. This can become not only a security issue but also a problem for licensing costs since the organizations do not know exactly how many licenses they need to buy or maintain.
In addition, this can be a problem when needing to audit systems since it is difficult for the organization to show and document who has access to what data.
Issue #3: Dealing with password issues
Like students or employees working on site, those working remotely tend to have difficulty remembering their credentials for the many different applications they need to access. Especially for employees who are on the go, contacting the IT department can be a major hassle. Needing to contact the help desk to have a password reset while working remotely is a huge annoyance, not only for the end user but also for the IT department since they get copious amounts of these types of calls.
So are these issues solved?
Leading businesses and several educational entities use identity and access management solutions for resolving these issues.
Managing accounts. An automated account management solution can allow the IT department at any organization to easily complete a form, check the boxes for which systems user accounts need to be created in and accounts are automatically provisioned. This task can even be delegated to less technical staff if needed, such as help desk employees.
When employee or student accounts need to be disabled, help desk employees can easily de-provision users without manually going into each system and application.
Additionally, the accounts also can be placed into a different category, such as “alumni,” where they have limited access to systems, but can still utilize their email account, for example.
Managing access. To keep track of exactly who has access to what, a centralized dashboard can be used to provide an overview of which users are deployed in each application. This allows the organization to know exactly who has access to what, and how many licenses they need for each application.
Managing passwords. A single sign-on solution helps with password issues. This allows users to log in once with a single set of credentials and thereafter gain access to all other applications for which they are authorized.
If a password needs to be reset, a self-service password reset software is a helpful solution for remote employees and students. This type of solution allows end users to reset their own passwords without having to contact the help desk. Users can answer security questions that they have previously provided answers to and quickly reset their passwords.
With all or some of these solutions, organizations and educational entities provide a better experience to their users that work remotely and also enable them to work more efficiently.
For more information, please visit our website.
Yet another major trend is universities and education entities creating online programs for students who live far from campus, prefer schooling from home or have less time to complete a program at traditional school times.
Though working from home, whether it’s for a company or for school, has many benefits, it causes significant issues for both the organization’s IT department and the end users.
Here are three major issues and solutions.
Issue #1: Managing accounts for remote employees
Correctly provisioning accounts for hundreds or thousands of users who are not physically working within the walls of an organization can be a major headache for IT. It also can be an issue for the end users as employees and students need their accounts quickly and correctly provisioned so that they can begin their work and have access to the systems and applications that they need.
In addition, ensuring that employees that are no longer with the company are correctly de-provisioned also needs to be done properly. A disgruntled employee that has access to the organization’s network can cause a great deal of havoc to its data.
Issue #2: Losing track of who has access to what
Amidst all of the account provisioning, granting access and revoking access to the many cloud applications, organizational IT leaders can easily lose track of exactly who has access to what. This can become not only a security issue but also a problem for licensing costs since the organizations do not know exactly how many licenses they need to buy or maintain.
In addition, this can be a problem when needing to audit systems since it is difficult for the organization to show and document who has access to what data.
Issue #3: Dealing with password issues
Like students or employees working on site, those working remotely tend to have difficulty remembering their credentials for the many different applications they need to access. Especially for employees who are on the go, contacting the IT department can be a major hassle. Needing to contact the help desk to have a password reset while working remotely is a huge annoyance, not only for the end user but also for the IT department since they get copious amounts of these types of calls.
So are these issues solved?
Leading businesses and several educational entities use identity and access management solutions for resolving these issues.
Managing accounts. An automated account management solution can allow the IT department at any organization to easily complete a form, check the boxes for which systems user accounts need to be created in and accounts are automatically provisioned. This task can even be delegated to less technical staff if needed, such as help desk employees.
When employee or student accounts need to be disabled, help desk employees can easily de-provision users without manually going into each system and application.
Additionally, the accounts also can be placed into a different category, such as “alumni,” where they have limited access to systems, but can still utilize their email account, for example.
Managing access. To keep track of exactly who has access to what, a centralized dashboard can be used to provide an overview of which users are deployed in each application. This allows the organization to know exactly who has access to what, and how many licenses they need for each application.
Managing passwords. A single sign-on solution helps with password issues. This allows users to log in once with a single set of credentials and thereafter gain access to all other applications for which they are authorized.
If a password needs to be reset, a self-service password reset software is a helpful solution for remote employees and students. This type of solution allows end users to reset their own passwords without having to contact the help desk. Users can answer security questions that they have previously provided answers to and quickly reset their passwords.
With all or some of these solutions, organizations and educational entities provide a better experience to their users that work remotely and also enable them to work more efficiently.
For more information, please visit our website.
Friday, May 30, 2014
Automating Schools' User Management Makes Dollars and Sense
For schools, budgets are always tight. Add to that strict regulations and reduced financial support from local and county government, and they are under enormous pressure to operate efficiently.
One solution many districts are using to reduce budgets and streamline efficiencies is automating user accounts of students and staff. Countless schools throughout the U.S. are using simple solutions to manage the thousands of user accounts they create at the beginning of each session and host throughout a term.
Hutto School District in Texas implemented a user management resource administrator (UMRA) system to automatically manage user accounts including password re-sets, saving the district an average of three hours for each help desk request generated by a user.
North Hunterdon-Voorhees School District in New Jersey uses a similar UMRA to automate the process of provisioning and de-provisioning student user accounts so that its internal IT department no longer spends countless hours performing password re-sets and managing the deluge of daily helpdesk tickets related to account access issues.
And Murray Independent School District in Kentucky uses an UMRA to maximize efficiency while receiving less funding, said Rusty Back, the school’s CIO.
“Before we used the user management resource administrator, I manually managed the creation and deletion of user accounts,” Back said. “These tasks took up most of my time, and the demands placed on IT continued to increase. We needed processes that would allow me to perform other, more important IT duties.”
User management systems allow IT staffs the power to push password reset abilities and account modifications to the staff via a web portal. The web portal lets faculty and staff reset student passwords without having to wait for an IT staff member to fulfill the request. And because passwords can be reset by the faculty and staff, there is little to no down time for students.
Educators seeking alternatives to hiring additional staff to manage user accounts can find automated solution like UMRA to create, change and delete user accounts for both students and staff, replacing manual execution of account creation.
Travis Brown, Network Administrator for Hutto ISD said, "The user management resource administrator software saved our district considerable man hours and resources by automatically managing our user accounts in Active Directory. We began saving time and money immediately."
The systems automatically synchronize data between the student information system, the campus and Active Directory, eliminating the need for manual redundancies or needless hours spent managing user accounts by members of the helpdesk staff.
The software manages bulk user creation, modifications and deletions for the district. What was once a manual process can now be automated and run daily within a school environment. Data is pulled from the cloud and synced with the school’s Active Directory at each project run, ensuring user accounts are up to date and that Active Directory is clean, organized and has a consistent folder structure.
“The software saves us from having to do manual scripting and spending resources on tasks that can be automated,” said Brown. “Our team can now focus on high-impact projects that benefit the entire Hutto district.”
At Pinellas County School District, in Pinellas County, Florida, the district has 138 schools ranging from pre-K to 12th grade, as well as an adult school for community and work force education. With 103,000 students, 8,500 teachers and more than 200,000 parents, the IT staff spent an inordinate amount of time correcting account problems and the help desk received a large volume of calls about password issues.
One of the biggest problems for the district was addressing the needs of its teachers, who often had problems when they were off for summer break and either forgot their password or were locked out because of password expiration over this time period.
The school implemented an UMRA solution to automatically populate the parent portal, student information system and any other systems as required, eliminating a tedious and potentially error-prone manual process.
“Parents are very connected these days, so they need to have access to the parent portal to get an answer on any questions that they have,” said John Just, assistant superintendent at Pinellas County School District.
Within the first year of roll out, Pinellas enrolled more than 200,000 parents in both UMRA and a separate self service reset password manager (SSRPM) concurrently. SSRPM is a self-service application that allows end users to reset their Active Directory passwords. The number of password-related calls to the helpdesk has been reduced significantly, said Just.
As another school year opens, IT leaders within school settings have at least one option for cutting costs and trimming the number of man hours spent handling redundant tasks. Perhaps, doing so allows for much needed time and resources to be sent in more important places, like the classroom.
For more information, please visit our website.
One solution many districts are using to reduce budgets and streamline efficiencies is automating user accounts of students and staff. Countless schools throughout the U.S. are using simple solutions to manage the thousands of user accounts they create at the beginning of each session and host throughout a term.
Hutto School District in Texas implemented a user management resource administrator (UMRA) system to automatically manage user accounts including password re-sets, saving the district an average of three hours for each help desk request generated by a user.
North Hunterdon-Voorhees School District in New Jersey uses a similar UMRA to automate the process of provisioning and de-provisioning student user accounts so that its internal IT department no longer spends countless hours performing password re-sets and managing the deluge of daily helpdesk tickets related to account access issues.
And Murray Independent School District in Kentucky uses an UMRA to maximize efficiency while receiving less funding, said Rusty Back, the school’s CIO.
“Before we used the user management resource administrator, I manually managed the creation and deletion of user accounts,” Back said. “These tasks took up most of my time, and the demands placed on IT continued to increase. We needed processes that would allow me to perform other, more important IT duties.”
User management systems allow IT staffs the power to push password reset abilities and account modifications to the staff via a web portal. The web portal lets faculty and staff reset student passwords without having to wait for an IT staff member to fulfill the request. And because passwords can be reset by the faculty and staff, there is little to no down time for students.
Educators seeking alternatives to hiring additional staff to manage user accounts can find automated solution like UMRA to create, change and delete user accounts for both students and staff, replacing manual execution of account creation.
Travis Brown, Network Administrator for Hutto ISD said, "The user management resource administrator software saved our district considerable man hours and resources by automatically managing our user accounts in Active Directory. We began saving time and money immediately."
The systems automatically synchronize data between the student information system, the campus and Active Directory, eliminating the need for manual redundancies or needless hours spent managing user accounts by members of the helpdesk staff.
The software manages bulk user creation, modifications and deletions for the district. What was once a manual process can now be automated and run daily within a school environment. Data is pulled from the cloud and synced with the school’s Active Directory at each project run, ensuring user accounts are up to date and that Active Directory is clean, organized and has a consistent folder structure.
“The software saves us from having to do manual scripting and spending resources on tasks that can be automated,” said Brown. “Our team can now focus on high-impact projects that benefit the entire Hutto district.”
At Pinellas County School District, in Pinellas County, Florida, the district has 138 schools ranging from pre-K to 12th grade, as well as an adult school for community and work force education. With 103,000 students, 8,500 teachers and more than 200,000 parents, the IT staff spent an inordinate amount of time correcting account problems and the help desk received a large volume of calls about password issues.
One of the biggest problems for the district was addressing the needs of its teachers, who often had problems when they were off for summer break and either forgot their password or were locked out because of password expiration over this time period.
The school implemented an UMRA solution to automatically populate the parent portal, student information system and any other systems as required, eliminating a tedious and potentially error-prone manual process.
“Parents are very connected these days, so they need to have access to the parent portal to get an answer on any questions that they have,” said John Just, assistant superintendent at Pinellas County School District.
Within the first year of roll out, Pinellas enrolled more than 200,000 parents in both UMRA and a separate self service reset password manager (SSRPM) concurrently. SSRPM is a self-service application that allows end users to reset their Active Directory passwords. The number of password-related calls to the helpdesk has been reduced significantly, said Just.
As another school year opens, IT leaders within school settings have at least one option for cutting costs and trimming the number of man hours spent handling redundant tasks. Perhaps, doing so allows for much needed time and resources to be sent in more important places, like the classroom.
For more information, please visit our website.
Friday, May 23, 2014
Contract Employees and Account Management
If your company hires contract employees, outside workers, or employees who work for a limited amount of time, you know all too well that managing these types of accounts can be a headache! With these types of accounts, there is constant movement and employees of this type need to be quickly added but then also promptly removed when they are no longer working for your company.
In addition, since contract employees are often only working for a short period of time, they need to have their accounts quickly created so that they can start performing their jobs. Unlike other employees, they cannot be waiting around for days for all their accounts to be created and access appropriate applications. Employees who are brought in during the hectic holiday season especially need to have access quickly so they can begin working. The issue though, is that in a large organization this could process could take up to a few days.
Due to the high turnover rate of these types of employees, IT also needs to ensure that their accounts are properly disabled once they leave the company. More times than not this task is over looked since someone has to go into each application and manually disable the user, which is time consuming. This is an extreme security risk since these ex- employees will still have access to the company’s data and network. There have been many cases where disgruntled employees either reap havoc on their ex employers network, or steal important customer data. Dealing with the headache of contract employees accounts, is an issue that organizations of all sizes face.
Many leading organizations have solved this issue using Active Directory management software. The following is how they have used this type of solution to solve the account management issue of contract employees:
Provisioning Accounts
An AD Management solution allows the organization to automate the account management process and not have to manually perform tasks such as creating and disabling accounts. By connecting with your company’s HR system, any change that is made in that system is automatically synchronized to all connected applications.
So, when someone enters a new personnel request the solution can automatically create new accounts in any connected system or applications, create a share drive, personal drive, profile, set up a phone, or many other tasks for new hires. The manager in charge then receives an audit trail of all actions and can continue to request additional services needed, such as hardware or mobile devices. This allows contract employees to receive access to all of the resources they need quickly so that they can begin work on their first day of employment.
Disabling Former Employees
To handle the issue of disabling former employees, an AD management solution can assist with automatically disabling accounts. Once an employee is disabled in the source system, the software automatically disables their AD and all connected accounts to ensure the employee no longer has access. It also has the ability to transfer that employee’s personal drive to their manager. This ensures that any projects that were in the works are not lost.
In addition, a set expiration can be placed on an account. This allows the organization to ensure that an account is automatically disabled on a certain day, so that no action has to be taken at all.
Many organizations around the world deal with managing accounts for contract employees. Often they do not realize that there is a simple solution which many of their counterpart’s use, which can reduce the headache, allow employees to be more productive, and increase overall security. “An AD account management solution has not only helped improve the security of access by terminating faster, it has also greatly improved our data security,” said Dan Backer, Director, Campus Technology, at National Geographic.
For more information, please visit our website.
In addition, since contract employees are often only working for a short period of time, they need to have their accounts quickly created so that they can start performing their jobs. Unlike other employees, they cannot be waiting around for days for all their accounts to be created and access appropriate applications. Employees who are brought in during the hectic holiday season especially need to have access quickly so they can begin working. The issue though, is that in a large organization this could process could take up to a few days.
Due to the high turnover rate of these types of employees, IT also needs to ensure that their accounts are properly disabled once they leave the company. More times than not this task is over looked since someone has to go into each application and manually disable the user, which is time consuming. This is an extreme security risk since these ex- employees will still have access to the company’s data and network. There have been many cases where disgruntled employees either reap havoc on their ex employers network, or steal important customer data. Dealing with the headache of contract employees accounts, is an issue that organizations of all sizes face.
Many leading organizations have solved this issue using Active Directory management software. The following is how they have used this type of solution to solve the account management issue of contract employees:
Provisioning Accounts
An AD Management solution allows the organization to automate the account management process and not have to manually perform tasks such as creating and disabling accounts. By connecting with your company’s HR system, any change that is made in that system is automatically synchronized to all connected applications.
So, when someone enters a new personnel request the solution can automatically create new accounts in any connected system or applications, create a share drive, personal drive, profile, set up a phone, or many other tasks for new hires. The manager in charge then receives an audit trail of all actions and can continue to request additional services needed, such as hardware or mobile devices. This allows contract employees to receive access to all of the resources they need quickly so that they can begin work on their first day of employment.
Disabling Former Employees
To handle the issue of disabling former employees, an AD management solution can assist with automatically disabling accounts. Once an employee is disabled in the source system, the software automatically disables their AD and all connected accounts to ensure the employee no longer has access. It also has the ability to transfer that employee’s personal drive to their manager. This ensures that any projects that were in the works are not lost.
In addition, a set expiration can be placed on an account. This allows the organization to ensure that an account is automatically disabled on a certain day, so that no action has to be taken at all.
Many organizations around the world deal with managing accounts for contract employees. Often they do not realize that there is a simple solution which many of their counterpart’s use, which can reduce the headache, allow employees to be more productive, and increase overall security. “An AD account management solution has not only helped improve the security of access by terminating faster, it has also greatly improved our data security,” said Dan Backer, Director, Campus Technology, at National Geographic.
For more information, please visit our website.
Friday, May 16, 2014
The value of Healthcare IT can be seen in "soft" savings
It's understandable that some practitioners may feel a sense of trepidation when it comes to shifting their health records online, and while chiropractic documentation software can help ease the transition, it may not be enough to fully ease that anxiety. But what exactly is it that some are so worried about? Not being tech-savvy enough? Or just concern that the value expected for making this chiropractic EHR investment may not necessarily be worth the effort? In the case of the latter, it's important to begin looking at beyond traditional measures of ROI, and look outside of the box to more "soft" savings.
According to Healthcare IT News, these "soft dollar savings" are a little more abstract than what one may typically think of as money saved, but have real value of their own. Unlike "hard" savings, which account for precise dollar amounts that have been saved or spent, soft costs refer more to the time being spent by the user.
Dean Wiech, managing director for the identity management software Tools4ever, tells the source that providing users with streamlined and secure experiences can significantly cut back on the amount of time spent handling their chiropractic EHR software – and as Wiech so succinctly puts it, "Time is money."
"A lot of times quantifying savings is more about looking at cost avoidance," said Wiech. "Most of our customers can cost justify their expenses based on the time they spend opening, deleting and managing accounts."
In other words, the easier of a time you have with handling your online chiropractic EMR software, the less time, money and effort you'll have to allocate for that purpose in the first place.
For more information, please visit our website: www.tools4ever.com
According to Healthcare IT News, these "soft dollar savings" are a little more abstract than what one may typically think of as money saved, but have real value of their own. Unlike "hard" savings, which account for precise dollar amounts that have been saved or spent, soft costs refer more to the time being spent by the user.
Dean Wiech, managing director for the identity management software Tools4ever, tells the source that providing users with streamlined and secure experiences can significantly cut back on the amount of time spent handling their chiropractic EHR software – and as Wiech so succinctly puts it, "Time is money."
"A lot of times quantifying savings is more about looking at cost avoidance," said Wiech. "Most of our customers can cost justify their expenses based on the time they spend opening, deleting and managing accounts."
In other words, the easier of a time you have with handling your online chiropractic EMR software, the less time, money and effort you'll have to allocate for that purpose in the first place.
For more information, please visit our website: www.tools4ever.com
Friday, May 9, 2014
Misconception Perception: Single Sign-On Myths Debunked
Single sign-on (SSO) allows end users to log in to accounts once with their credentials and thereafter enjoy immediate access to all of their applications and systems without being asked to log in again. This is extremely beneficial in reducing help desk calls since users only have to remember one password instead of many.
Though SSO can be beneficial to any company, many IT managers and security officers are skeptical about the implementation of an SSO solution. Their skepticism is the result of a number of preconceptions, which in many cases are misconceptions, about these identity and access management tools.
The following are the many incorrect common beliefs about SSO.
Implementing SSO Imposes Greater Pressure on Security
IT managers and security officers often believe that with one-time logging in to accounts security of information is immediately placed at risk. They assume that if an unauthorized person gets hold of that single log-in credential, that person will have access to all the account’s associated applications.
When using SSO, all the various access entries to applications are replaced by one access point. For example, the software allows users to use just one password for multiple accounts. Once the password is entered, all accounts are accessed. Though this does appear to constitute a risk, the log-in process is actually streamlined for the user. Having to remember just one password essentially does away with the risk that the user will scribble passwords on a piece of paper and place them under their keyboard (as is often the case) like they might if they have to remember 12 password and username combinations (the average number per user) that most users have without SSO.
This was often the case at Community Bank and Trust of Florida. Since the bank uses hundreds of different systems and applications that require complex passwords, users understandably had a difficult time remembering all of their user credentials. By implementing SSO at the bank, end users no longer have to use unsecure methods, such as writing down their passwords to remember them.
It is also possible to add extra security to the primary SSO log-in with a user card and pin code or an extra-strong password. Logging in with a card and pin code is an extremely secure authentication, and users also consider it to be very user-friendly.
An SSO Implementation is a Long, Drawn Out Project
This is often wrongly assumed because SSO implementation is part of a broader security policy. Other components might include introducing more complicated passwords, taking more care with authorizations and complying with standards imposed by the government.
Because SSO affects almost all end users and runs throughout the organization, some see implementation as taking a great deal of time to notify and prepare end users for the change. SSO brings with it a number of questions, such as:
“How do I deal with people who have multiple log-ins on one application?”
“What do I do if an application offered through SSO gets a new version?”
“What happens if the application itself asks for a password to be reset?”
All of these questions often cause SSO implementation to be shifted to the background. However, any potential complexity faced at implementation is no reason to postpone adding a SSO solution because it has long-lasting benefits once up and running. By starting small, say by making the top five applications available through SSO, a considerable time saving on the number of log-in actions can be achieved, justifying buying the solution.
For example, at Community Bank and Trust of Florida, an SSO solution was easily and quickly implemented to solve its password issues. It was even possible for the bank’s IT leaders to roll into production exactly what they did during their trial phase, which made their implementation process extremely convenient.
It’s Not Possible to Make Cloud Applications Accessible via SSO
Just as with all other applications, it is certainly possible to log in to cloud applications with SSO.
An SSO Implementation is Expensive
The nice thing about an SSO solution is that it’s often not necessary to set it up for all the people in an organization. SSO may be needed only for a select group of people who need to access many different applications, such as tellers. The advice here is to restrict implementations to the most critical applications and the employees who have to log in to a variety of different applications. This will control the implementation in terms of price and complexity, and offers an excellent springboard for any further growth and expansion in accordance with changing future needs.
An SSO Solution is Not Needed Because We Use Extremely Complex Passwords
Insisting on extremely complex passwords is one way to secure the network, but at the same time, it’s also one of the causes of insecure situations. This is because many end users have difficulty remembering their mandated passwords, certainly when they have to recall more than a dozen username and password combinations. Often, requiring the use of complex passwords leads to frequent help desk calls because employees tend to forget them more readily. A highly insecure and undesirable situation arises when end users write their passwords on notes and leave them lying around their computer.
Using SSO means employees only have to remember one password for all of their applications, meaning a simple solution to a complex problem, easier access to multiple accounts for all who need access to them, and fewer calls the help desk, ensuring IT staff are able to focus on more important priorities than password resets. For example, All Star Automotive in Louisiana was able to see a major reduction in time dealing with password issues by implementing an SSO solution. The IT manager at the automotive group said, “Users can now concentrate on their jobs rather than managing their own passwords.”
For more information, please visit our website.
Though SSO can be beneficial to any company, many IT managers and security officers are skeptical about the implementation of an SSO solution. Their skepticism is the result of a number of preconceptions, which in many cases are misconceptions, about these identity and access management tools.
The following are the many incorrect common beliefs about SSO.
Implementing SSO Imposes Greater Pressure on Security
IT managers and security officers often believe that with one-time logging in to accounts security of information is immediately placed at risk. They assume that if an unauthorized person gets hold of that single log-in credential, that person will have access to all the account’s associated applications.
When using SSO, all the various access entries to applications are replaced by one access point. For example, the software allows users to use just one password for multiple accounts. Once the password is entered, all accounts are accessed. Though this does appear to constitute a risk, the log-in process is actually streamlined for the user. Having to remember just one password essentially does away with the risk that the user will scribble passwords on a piece of paper and place them under their keyboard (as is often the case) like they might if they have to remember 12 password and username combinations (the average number per user) that most users have without SSO.
This was often the case at Community Bank and Trust of Florida. Since the bank uses hundreds of different systems and applications that require complex passwords, users understandably had a difficult time remembering all of their user credentials. By implementing SSO at the bank, end users no longer have to use unsecure methods, such as writing down their passwords to remember them.
It is also possible to add extra security to the primary SSO log-in with a user card and pin code or an extra-strong password. Logging in with a card and pin code is an extremely secure authentication, and users also consider it to be very user-friendly.
An SSO Implementation is a Long, Drawn Out Project
This is often wrongly assumed because SSO implementation is part of a broader security policy. Other components might include introducing more complicated passwords, taking more care with authorizations and complying with standards imposed by the government.
Because SSO affects almost all end users and runs throughout the organization, some see implementation as taking a great deal of time to notify and prepare end users for the change. SSO brings with it a number of questions, such as:
“How do I deal with people who have multiple log-ins on one application?”
“What do I do if an application offered through SSO gets a new version?”
“What happens if the application itself asks for a password to be reset?”
All of these questions often cause SSO implementation to be shifted to the background. However, any potential complexity faced at implementation is no reason to postpone adding a SSO solution because it has long-lasting benefits once up and running. By starting small, say by making the top five applications available through SSO, a considerable time saving on the number of log-in actions can be achieved, justifying buying the solution.
For example, at Community Bank and Trust of Florida, an SSO solution was easily and quickly implemented to solve its password issues. It was even possible for the bank’s IT leaders to roll into production exactly what they did during their trial phase, which made their implementation process extremely convenient.
It’s Not Possible to Make Cloud Applications Accessible via SSO
Just as with all other applications, it is certainly possible to log in to cloud applications with SSO.
An SSO Implementation is Expensive
The nice thing about an SSO solution is that it’s often not necessary to set it up for all the people in an organization. SSO may be needed only for a select group of people who need to access many different applications, such as tellers. The advice here is to restrict implementations to the most critical applications and the employees who have to log in to a variety of different applications. This will control the implementation in terms of price and complexity, and offers an excellent springboard for any further growth and expansion in accordance with changing future needs.
An SSO Solution is Not Needed Because We Use Extremely Complex Passwords
Insisting on extremely complex passwords is one way to secure the network, but at the same time, it’s also one of the causes of insecure situations. This is because many end users have difficulty remembering their mandated passwords, certainly when they have to recall more than a dozen username and password combinations. Often, requiring the use of complex passwords leads to frequent help desk calls because employees tend to forget them more readily. A highly insecure and undesirable situation arises when end users write their passwords on notes and leave them lying around their computer.
Using SSO means employees only have to remember one password for all of their applications, meaning a simple solution to a complex problem, easier access to multiple accounts for all who need access to them, and fewer calls the help desk, ensuring IT staff are able to focus on more important priorities than password resets. For example, All Star Automotive in Louisiana was able to see a major reduction in time dealing with password issues by implementing an SSO solution. The IT manager at the automotive group said, “Users can now concentrate on their jobs rather than managing their own passwords.”
For more information, please visit our website.
Friday, April 25, 2014
Reduce Talent Related Costs with Automated Access Management
HR professionals at retail organizations know all too well that employee turnover can be extremely high - sometimes in excess of 70%. This means that talent might get hired, on-boarded and leave the organization in a matter of months – and the IT department doesn't even know about them. This is a very costly process and retail organizations have found that automated access-management solutions can help bring this expense down.
Many global retail organization have implemented identity and access-management solutions as they realize an account management solution can automate the provisioning process, eliminating many hours of work and unnecessary costs.
In addition, many retail organizations use automated access-management solutions to improve the security of their networks. What's very interesting is that they're assigning their HR department to manage these solutions. Here's why:
Managing information about your talent is as simple as entering their information into a form where the access-management solution automatically creates all his accounts in all the systems and applications he needs to work in. HR representatives are able to see quickly which employee has access to exactly what applications and what changes employees are making in the network, and are then able to work with talents' managers to make any needed corrections to access rights, if needed.
By using automated access-management solutions, HR departments are better able to manage employees and their on- and off-boarding while reducing the load on the IT departments. Since high employee turnover rates often require a full-time IT staff member to manage these tasks, automating the process allows for fewer IT positions to manage this. IT folks can then be reassigned to higher priorities or you can reduce their positions reduced, meaning the resources can be used in other areas of the business.
Organizations without such solutions or those without a plan to manage the process of automating this portion of the hiring process face several issues because of the high employee turnover rates.
To read more, please visit our website.
Many global retail organization have implemented identity and access-management solutions as they realize an account management solution can automate the provisioning process, eliminating many hours of work and unnecessary costs.
In addition, many retail organizations use automated access-management solutions to improve the security of their networks. What's very interesting is that they're assigning their HR department to manage these solutions. Here's why:
- Once talent leaves the business, they're able to make changes to his or her profile as all accounts connected to that person are automatically disabled.
- This helps to ensure that employees who are no longer with the company can't access anything on the network once they've left. Since HR is the first to know about the turnover of talent, it makes sense to have this responsibility assigned to this department.
Managing information about your talent is as simple as entering their information into a form where the access-management solution automatically creates all his accounts in all the systems and applications he needs to work in. HR representatives are able to see quickly which employee has access to exactly what applications and what changes employees are making in the network, and are then able to work with talents' managers to make any needed corrections to access rights, if needed.
By using automated access-management solutions, HR departments are better able to manage employees and their on- and off-boarding while reducing the load on the IT departments. Since high employee turnover rates often require a full-time IT staff member to manage these tasks, automating the process allows for fewer IT positions to manage this. IT folks can then be reassigned to higher priorities or you can reduce their positions reduced, meaning the resources can be used in other areas of the business.
Organizations without such solutions or those without a plan to manage the process of automating this portion of the hiring process face several issues because of the high employee turnover rates.
To read more, please visit our website.
Friday, April 18, 2014
Simple Ways to Improve Security and Avoid Breaches
Recent security breaches continue to shed light on just how easily hackers can access complex systems and steal important information from organizations and their customers. While this is scary for customers, it is equally devastating to the organizations. This type of news shocks and scares organizational leaders as they realize that their organizations and their data are not safe, and perhaps that their security measures are not as strong as they may think.
Organizational leaders need to ensure that their client information is truly secure. One major breach of information can cause major damage — not only monetarily, but also affect the public’s trust in an organization. Secure information can easily be accessed if the correct measures aren’t in place. Leadership may feel that their network is secure, but many security measures can actually cause additional issues.
Take, for example, organizational policies for end users having to change their password every month or so. Many leaders feel that this approach ensures security since there is not a static password that can be stolen. If employees have to do this for each of their many passwords, though, chances are they are writing their passwords down to remember them. This counteracts the intention of ensuring security through frequent password changes.
Organizational leaders need to re-evaluate their security measures and consider if they truly are the best solutions they can have in place or if they are hurting themselves more than they are helping. The following are some suggestions that might help ensure the security of the network and applications, with minimal effort and investment:
Eliminate The Need To Write Down Passwords
As mentioned earlier, many organizations require their employees to use complex passwords with length and characters requirements. Then these passwords need to be changed on a regular basis. It is not feasible to think that employees are going to be able to remember several of these ever-changing complex passwords or their rules.
This is where single sign-on comes in. A single set of credentials for all of the employee’s systems and applications is actually much more secure. Single sign-on allows the employee to log in with a single set of credentials and thereafter is granted access to all the systems and applications in which they need to access. This single password can follow the organization's password conventions, but also means employees are less likely to write down credentials to remember them.
Monitor Exactly Who Has Access To What Applications & Systems
Organizations often deal with a great deal of employee movement and fluctuation of account access. Employees join and leave the organization; employees lend their access information to each other on vacation, borrowing credentials, etc. This often leaves the team leaders with no clear idea of who has access to what and the types of changes they are making in their systems.
An automated user account management solution has the ability to allow system admins to see exactly who has access to what systems and applications, when those users are logging in and what types of changes they are making. These solutions also allow team leads to easily make access changes if necessary and correct any issues before they lead to problems; this type of information is also extremely useful when it comes to audits.
Ensure Accounts Are Properly Disabled
Another issue many organizations face is overlooking the disabling of accounts for employees who are no longer with the firm. This is extremely common for temporary or contract employees who only require access to systems for a short period of time. Since system admins have to manually disable an employee from all systems and applications, doing so can sometimes get overlooked or lost along the way.
This means that an employee who is no longer with the company can still access important information. Automated account management solutions allow for easy disabling of accounts with one click, which means a manager or team lead can easily make changes without having to contact a system admin. In addition, temporary employees’ access can automatically be revoked after a specified period of time so that no manual action has to be taken at all.
Identity and access management solutions, such as the ones mentioned, help to ensure extra security of networks and can deter or prevent security breaches. Taking some time to evaluate current security measures can bring an organization's security protocols to the next, more protected level.
For more information, please visit our website - www.tools4ever.com
Organizational leaders need to ensure that their client information is truly secure. One major breach of information can cause major damage — not only monetarily, but also affect the public’s trust in an organization. Secure information can easily be accessed if the correct measures aren’t in place. Leadership may feel that their network is secure, but many security measures can actually cause additional issues.
Take, for example, organizational policies for end users having to change their password every month or so. Many leaders feel that this approach ensures security since there is not a static password that can be stolen. If employees have to do this for each of their many passwords, though, chances are they are writing their passwords down to remember them. This counteracts the intention of ensuring security through frequent password changes.
Organizational leaders need to re-evaluate their security measures and consider if they truly are the best solutions they can have in place or if they are hurting themselves more than they are helping. The following are some suggestions that might help ensure the security of the network and applications, with minimal effort and investment:
Eliminate The Need To Write Down Passwords
As mentioned earlier, many organizations require their employees to use complex passwords with length and characters requirements. Then these passwords need to be changed on a regular basis. It is not feasible to think that employees are going to be able to remember several of these ever-changing complex passwords or their rules.
This is where single sign-on comes in. A single set of credentials for all of the employee’s systems and applications is actually much more secure. Single sign-on allows the employee to log in with a single set of credentials and thereafter is granted access to all the systems and applications in which they need to access. This single password can follow the organization's password conventions, but also means employees are less likely to write down credentials to remember them.
Monitor Exactly Who Has Access To What Applications & Systems
Organizations often deal with a great deal of employee movement and fluctuation of account access. Employees join and leave the organization; employees lend their access information to each other on vacation, borrowing credentials, etc. This often leaves the team leaders with no clear idea of who has access to what and the types of changes they are making in their systems.
An automated user account management solution has the ability to allow system admins to see exactly who has access to what systems and applications, when those users are logging in and what types of changes they are making. These solutions also allow team leads to easily make access changes if necessary and correct any issues before they lead to problems; this type of information is also extremely useful when it comes to audits.
Ensure Accounts Are Properly Disabled
Another issue many organizations face is overlooking the disabling of accounts for employees who are no longer with the firm. This is extremely common for temporary or contract employees who only require access to systems for a short period of time. Since system admins have to manually disable an employee from all systems and applications, doing so can sometimes get overlooked or lost along the way.
This means that an employee who is no longer with the company can still access important information. Automated account management solutions allow for easy disabling of accounts with one click, which means a manager or team lead can easily make changes without having to contact a system admin. In addition, temporary employees’ access can automatically be revoked after a specified period of time so that no manual action has to be taken at all.
Identity and access management solutions, such as the ones mentioned, help to ensure extra security of networks and can deter or prevent security breaches. Taking some time to evaluate current security measures can bring an organization's security protocols to the next, more protected level.
For more information, please visit our website - www.tools4ever.com
Friday, March 28, 2014
4 Ways Your Small Business Can Improve IT Processes
Maintain Sanity and Security For Your Business Without Breaking the Bank
When dealing with IT management for business support and growth, many small businesses are forced to do more with less, which can actually result in poorly-designed security measures.
Simple and effective steps and strategies that are also budget-friendly can have a huge impact on a business’s position in their industry market and allow leaders to focus on more pressing business matters.
The following tips provide examples of how several organizations are taking such aggressive results-oriented action:
1. Improve Security Methods
Businesses often require employees to remember several different and complex passwords, which also need to be changed regularly according to company guidelines. To remember the passwords, employees often write them down and then store them somewhere to refer to later. These methods create a higher risk for security breaches for the business.
At All Star Automotive, in Baton Rouge, employees in every position throughout the company needed to log in to several different applications to perform their jobs. Each employee needed to remember log-in credentials for nine or more applications, which became frustrating. The solution? Single sign-on.
By implementing a single sign-on solution, employees no longer have to remember several different credentials. They simply log in once and the single sign-on system takes over the log-in process thereafter, initiating an automatic log in to all the applications and systems for which the employee is authorized.
2. Reduction of Helpdesk Tickets
The IT department is often inundated with calls from users requesting help with issues that are simple, but are time consuming. This takes time away from other more technical projects that the IT department could be focusing on.
At Lifestyle Hearing, based in Canada, user accounts for employees needed to be created and controls put in place by the IT department. By automating their account management system, the human resources department now has controlled access through a web-based form to create an account that allows the company to easily enter the employee’s information, define their profiles and which systems they need access to.
Since HR now handles all account management tasks, the IT department has saved substantial time and is able to focus on other issues.
3. Timely System Updates and User Management
Managing end-user accounts for up-to-date access and accurate information can be difficult. These tasks are often performed manually and consume a large amount of time for IT employees.
At Springs Global of Fort Mill, South Carolina, information in the IT database was often inaccurate because information would only get changed when someone had noticed a difference and made the appropriate modifications.
To alleviate these issues, an automated account management solution was implemented to synchronize their HR system, Cyborg, with Active Directory each evening. This, in turn, populates other internal systems such as SharePoint, help desk software and the Exchange Global Address List. With changes made each night, employee information is now current and up to date.
4. Delegation
Account management can be a time-consuming task for IT employees, and can take them away from working on higher level projects. Though the task could be handed off to other to the least experienced employees within an organization, this can cause a security risk.
Springs Global faced this situation and wanted to find a way to provide help desk administrators the ability to perform certain active directory tasks without giving them elevated rights. By automating its account management, the company now uses a “forms” system that allows HR employees to make minor changes, but not have elevated rights in the domain so that the systems remain secure.
This is done through several digital forms that allow HR employees to easily enter only the requested information in order to reduce error and ensure security.
By taking these four actions, leading organizations in a variety of market sectors have actually streamlined their efficiency and achieved measurable results, while saving time and money and securing access to their critical information.
These simple solutions mean long-term improvements for any organization making the changes and can improve overall operation of IT throughout a system.
For more information, please visit www.tools4ever.com
When dealing with IT management for business support and growth, many small businesses are forced to do more with less, which can actually result in poorly-designed security measures.
Simple and effective steps and strategies that are also budget-friendly can have a huge impact on a business’s position in their industry market and allow leaders to focus on more pressing business matters.
The following tips provide examples of how several organizations are taking such aggressive results-oriented action:
1. Improve Security Methods
Businesses often require employees to remember several different and complex passwords, which also need to be changed regularly according to company guidelines. To remember the passwords, employees often write them down and then store them somewhere to refer to later. These methods create a higher risk for security breaches for the business.
At All Star Automotive, in Baton Rouge, employees in every position throughout the company needed to log in to several different applications to perform their jobs. Each employee needed to remember log-in credentials for nine or more applications, which became frustrating. The solution? Single sign-on.
By implementing a single sign-on solution, employees no longer have to remember several different credentials. They simply log in once and the single sign-on system takes over the log-in process thereafter, initiating an automatic log in to all the applications and systems for which the employee is authorized.
2. Reduction of Helpdesk Tickets
The IT department is often inundated with calls from users requesting help with issues that are simple, but are time consuming. This takes time away from other more technical projects that the IT department could be focusing on.
At Lifestyle Hearing, based in Canada, user accounts for employees needed to be created and controls put in place by the IT department. By automating their account management system, the human resources department now has controlled access through a web-based form to create an account that allows the company to easily enter the employee’s information, define their profiles and which systems they need access to.
Since HR now handles all account management tasks, the IT department has saved substantial time and is able to focus on other issues.
3. Timely System Updates and User Management
Managing end-user accounts for up-to-date access and accurate information can be difficult. These tasks are often performed manually and consume a large amount of time for IT employees.
At Springs Global of Fort Mill, South Carolina, information in the IT database was often inaccurate because information would only get changed when someone had noticed a difference and made the appropriate modifications.
To alleviate these issues, an automated account management solution was implemented to synchronize their HR system, Cyborg, with Active Directory each evening. This, in turn, populates other internal systems such as SharePoint, help desk software and the Exchange Global Address List. With changes made each night, employee information is now current and up to date.
4. Delegation
Account management can be a time-consuming task for IT employees, and can take them away from working on higher level projects. Though the task could be handed off to other to the least experienced employees within an organization, this can cause a security risk.
Springs Global faced this situation and wanted to find a way to provide help desk administrators the ability to perform certain active directory tasks without giving them elevated rights. By automating its account management, the company now uses a “forms” system that allows HR employees to make minor changes, but not have elevated rights in the domain so that the systems remain secure.
This is done through several digital forms that allow HR employees to easily enter only the requested information in order to reduce error and ensure security.
By taking these four actions, leading organizations in a variety of market sectors have actually streamlined their efficiency and achieved measurable results, while saving time and money and securing access to their critical information.
These simple solutions mean long-term improvements for any organization making the changes and can improve overall operation of IT throughout a system.
For more information, please visit www.tools4ever.com
Friday, March 14, 2014
Reduce your talent-related costs with automated access-management solution
HR professionals at retail organizations know all too well that employee turnover can be extremely high - sometimes in excess of 70%. This means that talent might get hired, on-boarded and leave the organization in a matter of months – and the IT department doesn't even know about them. This is a very costly process and retail organizations have found that automated access-management solutions can help bring this expense down.
Many global retail organizations have implemented identity and access-management solutions as they realize an account management solution can automate the provisioning process, eliminating many hours of work and unnecessary costs.
In addition, many retail organizations use automated access-management solutions to improve the security of their networks. What's very interesting is that they're assigning their HR department to manage these solutions. Here's why:
Reduce your talent-related costs with automated access-management solution
By using automated access-management solutions, HR departments are better able to manage employees and their on- and off-boarding while reducing the load on the IT departments. Since high employee turnover rates often require a full-time IT staff member to manage these tasks, automating the process allows for fewer IT positions to manage this. IT folks can then be reassigned to higher priorities or you can reduce their positions reduced, meaning the resources can be used in other areas of the business.
Organizations without such solutions or those without a plan to manage the process of automating this portion of the hiring process face several issues because of the high employee turnover rates.
Fore more information, please visit our website: www.tools4ever.com
Many global retail organizations have implemented identity and access-management solutions as they realize an account management solution can automate the provisioning process, eliminating many hours of work and unnecessary costs.
In addition, many retail organizations use automated access-management solutions to improve the security of their networks. What's very interesting is that they're assigning their HR department to manage these solutions. Here's why:
Reduce your talent-related costs with automated access-management solution
- Once talent leaves the business, they're able to make changes to his or her profile as all accounts connected to that person are automatically disabled.
- This helps to ensure that employees who are no longer with the company can't access anything on the network once they've left. Since HR is the first to know about the turnover of talent, it makes sense to have this responsibility assigned to this department.
By using automated access-management solutions, HR departments are better able to manage employees and their on- and off-boarding while reducing the load on the IT departments. Since high employee turnover rates often require a full-time IT staff member to manage these tasks, automating the process allows for fewer IT positions to manage this. IT folks can then be reassigned to higher priorities or you can reduce their positions reduced, meaning the resources can be used in other areas of the business.
Organizations without such solutions or those without a plan to manage the process of automating this portion of the hiring process face several issues because of the high employee turnover rates.
Fore more information, please visit our website: www.tools4ever.com
Friday, March 7, 2014
No need to be skeptical about BYOD with these 5 measures
Many organizational leaders remain skeptical of implementing a BYOD program because of the horror stories they hear about data breaches, access to the technology and employees taking advantage of the program. But like many landmark advances to the way business gets done, BYOD and the number of programs is likely only going to increase as it is one obvious solution for creating efficiency throughout a business environment.
There are several options for securing a successful strategy. The following five ways can ensure a successful BYOD strategy and free leaders from the problems that may sometimes cause:
1. Set up a BYOD policy from the beginning
By setting up a set of rules from the beginning, employees will know exactly what is expected from them so that there is no confusion about what using their own devices in the workplace means. This also will allow organization leaders the ability to define any repercussions should employees misuse or take advantage of the use of BYOD.
2. Use an IAM solution to register devices
In addition to all of the employee accounts, admins also will have to set up and register all employee devices. In the beginning especially there will be a large influx of new devices that need to be added, which is extremely time consuming if it is done manually. An IAM solution allows admins to easily add the new devices by simply adding them in Active Directory.
If desired, they can also allow end users to register the devices themselves. End users simply fill out a web form that is set up for a work flow request, which will then be automatically be sent to the appropriate manager or department for approval.
3. A process for disabling users
Allowing employees to use their own devices can lead to a security risk once the employee is no longer with the company. Since employees will be keeping the devices, they may potentially still be able to access the company’s network. An automated account management solution will allow managers to easily disable the user from all systems and applications with just one click, ensuring that the network stays secure.
4. Set guidelines for the types of devices allowed
One of the top issues with BYOD is that there are many different types, brands, operating systems, etc. for devices. When employees register their device with the company, they then expect the IT department to support it and resolve any issues with the device, which can be a headache for IT. An organization needs to set, from the beginning, which types and brands of devices they are going to support. They can then use an IAM solution, which easily can monitor and ensure that only these devices are registered and used. When a user then tries to register a device, only those which the company supports will be able to be registered.
5. Security for compliance and audit needs
It is important that the organization ensures that BYOD also meets audit and compliance needs. IAM software will help the organization to ensure that on their device users only has access to the systems and applications which they are supposed to. This information can then also be easily accessed when it comes to audit time.
For more information, please visit our website: www.tools4ver.com
There are several options for securing a successful strategy. The following five ways can ensure a successful BYOD strategy and free leaders from the problems that may sometimes cause:
1. Set up a BYOD policy from the beginning
By setting up a set of rules from the beginning, employees will know exactly what is expected from them so that there is no confusion about what using their own devices in the workplace means. This also will allow organization leaders the ability to define any repercussions should employees misuse or take advantage of the use of BYOD.
2. Use an IAM solution to register devices
In addition to all of the employee accounts, admins also will have to set up and register all employee devices. In the beginning especially there will be a large influx of new devices that need to be added, which is extremely time consuming if it is done manually. An IAM solution allows admins to easily add the new devices by simply adding them in Active Directory.
If desired, they can also allow end users to register the devices themselves. End users simply fill out a web form that is set up for a work flow request, which will then be automatically be sent to the appropriate manager or department for approval.
3. A process for disabling users
Allowing employees to use their own devices can lead to a security risk once the employee is no longer with the company. Since employees will be keeping the devices, they may potentially still be able to access the company’s network. An automated account management solution will allow managers to easily disable the user from all systems and applications with just one click, ensuring that the network stays secure.
4. Set guidelines for the types of devices allowed
One of the top issues with BYOD is that there are many different types, brands, operating systems, etc. for devices. When employees register their device with the company, they then expect the IT department to support it and resolve any issues with the device, which can be a headache for IT. An organization needs to set, from the beginning, which types and brands of devices they are going to support. They can then use an IAM solution, which easily can monitor and ensure that only these devices are registered and used. When a user then tries to register a device, only those which the company supports will be able to be registered.
5. Security for compliance and audit needs
It is important that the organization ensures that BYOD also meets audit and compliance needs. IAM software will help the organization to ensure that on their device users only has access to the systems and applications which they are supposed to. This information can then also be easily accessed when it comes to audit time.
For more information, please visit our website: www.tools4ver.com
Friday, February 14, 2014
Automated Identity and Access Management Reduces Security Risks
In today’s technology filled world, the proliferation of user credentials, such as user names and passwords, has grown exponentially. As such, requirements for managing employee access requirements continue to evolve at an unprecedented pace.
As new solutions are put in place to protect a company’s data, the average employee is forced to remember more and more password and login combinations. For example, the typical employee must remember six sets of user credentials. At the same time, top executives within a firm may need to remember as many as 12 or more password and login credentials.
In many cases, the jumble of logins and access passwords becomes a bit of a mess for employees and the company to manage, not to mention the costs associated with loss of employee productivity and work time. The time spent digging for passwords might be considered inconsequential, but the opposite is often true.
According to analyst firms Gartner and IDC, each have reported that password-related calls from employees occupy between 25 percent and 40 percent of all inquiries to the helpdesk. As staggering as the amount of time spent manually resetting and managing employee accounts is, it may pale in comparison with how much the average cost of each call to the helpdesk, which typically ranges between $10 and $31 a piece.
On top of this, an employee that’s lost access to internal systems and programs typically loses 20 minutes of productive work time for each call placed to the helpdesk.
And the costs don’t stop there. Though more difficult to figure, there are risks associated with users, who are desperate to avoid the call to the helpdesk, when they write down credentials on pieces of paper and stick them to monitors or store them underneath keyboards, for example. Doing so creates a great deal of risk and exposes confidential company information to the outside world.
Mitigate the Risk
Technologies exist from numerous vendors to significantly reduce the costs and risks associated with password management issues. Effective password reset applications have been around and utilized for several years. The best example of this can be found on a bank or financial institution’s website. For locked accounts, users must answer a series of challenge questions to gain access to their requested information.
For business looking to emulate these examples and do away with manual-, time- and cash-consuming processes, once the system is implemented with the self-service password reset tool, employees and end users enroll in it and going forward, if they ever lose their passwords they can simply reset them on their own whenever they need without assistance from the IT staff or helpdesk.
Strengthening the Security of Self-Service Resets
There will forever be fear from some individuals who believe that by allowing a single sign on self-service password reset function, they are making it much easier for the security of their systems to be compromised. As you might image, there are simple solutions to addresses these concerns, too.
The best example may be two-factor authentication. Two-factor authentication can be accomplished by a user providing a one-time PIN code via SMS or an alternate email address. These password self-service applications typically eliminate up to 95 percent of password-related calls to the helpdesk.
Two factor-authentication can also be used to reduce password-related issues is single sign on applications. These products reduce the number of credentials required to access accounts and information from the previously mentioned log in credentials (ranging from six to 12) to one.
Perhaps the best case for this comes from a recent study by the Ponemon Institute, which found that employees spend on average nine-and-a-half minutes each day logging into the applications needed to perform their jobs.
Another recent survey by Tools4ever revealed that respondents overwhelmingly (67 percent of the sample) stated they spend too much time logging in and out of applications to access information, while 85 percent of respondents agreed that efficiencies would be created by using only one set of credentials.
The most common benefit of two-factor authentication is the reduction of the credentials being written down and stored on or near the desktop by employees, as previously mentioned. Another feature of two-factor authentication is pairing it with biometrics or scan cards in conjunction with credentials and or a PIN code, which further increases the network security.
Also, as many applications require a password change because of time passage (for example, every three months users must update their passwords), an single sign on solution can anonymously reset the password so an end user is never even aware of their password. This reduces the chance of a terminated employee gaining access to sensitive systems from home if their account is not revoked in a timely fashion.
In addition, as password management solutions mature with the market, prices of the solutions have continued to drop and the expediency with which an implementation can be executed is getting significantly shorter.
Self-service password reset solutions can be deployed in one or two days and provide an ROI in as little as one month. SSO solutions typically are deployed across one or two weeks and provide and ROI in as little as three months or less. ROIs of these solutions are typically based on hard dollar savings only and do not take into account soft dollar savings associated with the increase of security or decrease in associated risks of leaving sensitive systems potentially exposed, which is where the real long-term gains are made for those that implement the systems.
For more information, please visit our website - www.tools4ever.com
As new solutions are put in place to protect a company’s data, the average employee is forced to remember more and more password and login combinations. For example, the typical employee must remember six sets of user credentials. At the same time, top executives within a firm may need to remember as many as 12 or more password and login credentials.
In many cases, the jumble of logins and access passwords becomes a bit of a mess for employees and the company to manage, not to mention the costs associated with loss of employee productivity and work time. The time spent digging for passwords might be considered inconsequential, but the opposite is often true.
According to analyst firms Gartner and IDC, each have reported that password-related calls from employees occupy between 25 percent and 40 percent of all inquiries to the helpdesk. As staggering as the amount of time spent manually resetting and managing employee accounts is, it may pale in comparison with how much the average cost of each call to the helpdesk, which typically ranges between $10 and $31 a piece.
On top of this, an employee that’s lost access to internal systems and programs typically loses 20 minutes of productive work time for each call placed to the helpdesk.
And the costs don’t stop there. Though more difficult to figure, there are risks associated with users, who are desperate to avoid the call to the helpdesk, when they write down credentials on pieces of paper and stick them to monitors or store them underneath keyboards, for example. Doing so creates a great deal of risk and exposes confidential company information to the outside world.
Mitigate the Risk
Technologies exist from numerous vendors to significantly reduce the costs and risks associated with password management issues. Effective password reset applications have been around and utilized for several years. The best example of this can be found on a bank or financial institution’s website. For locked accounts, users must answer a series of challenge questions to gain access to their requested information.
For business looking to emulate these examples and do away with manual-, time- and cash-consuming processes, once the system is implemented with the self-service password reset tool, employees and end users enroll in it and going forward, if they ever lose their passwords they can simply reset them on their own whenever they need without assistance from the IT staff or helpdesk.
Strengthening the Security of Self-Service Resets
There will forever be fear from some individuals who believe that by allowing a single sign on self-service password reset function, they are making it much easier for the security of their systems to be compromised. As you might image, there are simple solutions to addresses these concerns, too.
The best example may be two-factor authentication. Two-factor authentication can be accomplished by a user providing a one-time PIN code via SMS or an alternate email address. These password self-service applications typically eliminate up to 95 percent of password-related calls to the helpdesk.
Two factor-authentication can also be used to reduce password-related issues is single sign on applications. These products reduce the number of credentials required to access accounts and information from the previously mentioned log in credentials (ranging from six to 12) to one.
Perhaps the best case for this comes from a recent study by the Ponemon Institute, which found that employees spend on average nine-and-a-half minutes each day logging into the applications needed to perform their jobs.
Another recent survey by Tools4ever revealed that respondents overwhelmingly (67 percent of the sample) stated they spend too much time logging in and out of applications to access information, while 85 percent of respondents agreed that efficiencies would be created by using only one set of credentials.
The most common benefit of two-factor authentication is the reduction of the credentials being written down and stored on or near the desktop by employees, as previously mentioned. Another feature of two-factor authentication is pairing it with biometrics or scan cards in conjunction with credentials and or a PIN code, which further increases the network security.
Also, as many applications require a password change because of time passage (for example, every three months users must update their passwords), an single sign on solution can anonymously reset the password so an end user is never even aware of their password. This reduces the chance of a terminated employee gaining access to sensitive systems from home if their account is not revoked in a timely fashion.
In addition, as password management solutions mature with the market, prices of the solutions have continued to drop and the expediency with which an implementation can be executed is getting significantly shorter.
Self-service password reset solutions can be deployed in one or two days and provide an ROI in as little as one month. SSO solutions typically are deployed across one or two weeks and provide and ROI in as little as three months or less. ROIs of these solutions are typically based on hard dollar savings only and do not take into account soft dollar savings associated with the increase of security or decrease in associated risks of leaving sensitive systems potentially exposed, which is where the real long-term gains are made for those that implement the systems.
For more information, please visit our website - www.tools4ever.com
Friday, February 7, 2014
Why Implementing a BYOD Solution and IAM Solution Go Hand in Hand
Implementing a bring-your-own-device (BYOD) strategy can be an extremely beneficial undertaking but if implemented on its own, it can also create several problems. For example, many security issues can arise, as well as a great deal of time spent by the IT department setting up and monitoring all the new devices.
This alone is why it’s necessary that a mobile identity and access management (IAM) solution be implemented in conjunction with BYOD. Such a solution allows companies to receive the full benefit of BYOD without having to deal with the many issues that come along with it.
Here are some reasons why BYOD and mobile IAM go hand in hand and should be implemented together.
Cost Savings
One of the main reasons that companies implement BYOD is to lower their costs associated with purchasing a large number of computers or tablets. Though BYOD may lower costs of technology, if not implemented correctly, the strategy can result in higher costs in areas such as the time and support from the IT department. Without an IAM solution in place, IT employees will first have to deal with the large influx of new devices being used with their network. This can be extremely time consuming, since it has to be done manually, and each device needs to be added.
With an IAM solution in place, IT employees can easily add new devices by simply listing them in Active Directory. If desired, they can also allow end users to register the devices themselves. End users simply fill out a web form that is set up for a work flow request, which then will be automatically sent to the appropriate manager or department for approval. This completely removes IT’s need for intervention.
After implementation, an IAM solution will continue to enhance BYOD and ensure low cost and less attention from IT. IAM also allows IT administrators to easily add, make changes or disable users who are using mobile devices from one place, rather than requiring them to make changes in each system or application.
Securing the company’s infrastructure
Though BYOD means employees are using their own devices instead of company provided technology, employees still need access to the company’s network, systems and applications. This can become an issue when employees leave the company, since they keep their devices, possibly allowing them access to company data.
Organizations need to ensure that when employees leave, they no longer have access to the company’s network and data. Though the solution seems simple – disable users from the system and applications to which they have access – this often, more times than not, goes unnoticed and users remains active with access to all systems as if they were employees of the organization.
The reason for this is that IT must be notified of the employee’s leave, then must manually disable the user from all systems and applications. If an IAM solution is implemented once an employee leaves, a manager can automatically disable the user and deactivate account access, ensuring the security of the company’s data.
Easily control devices registered
One of the most important things companies can do to ensure a successful BYOD implementation is to be in control of BYOD and set rules and criteria that require employees to use their own devices from the beginning. Though this makes sense in theory, it is often difficult to do since companies often need to control and monitor hundreds or thousands of employees. This is why organizations need a solution that monitors the devices registered for them.
There are many different types and brands of devices with various different operating systems. Once an organization decides which they are going to support, this can be set up in their mobile IAM solution. When a user tries to register a device, only those that the company supports will be able to be registered with the organization.
Overall, BYOD and an IAM solutions work together, providing an organization with an optimal solution for a mobile workforce. Many of the issues commonly associated with BYOD can be easily eliminated, allowing the company to reap the best of the program’s benefits.
For more information , please visit our website.
This alone is why it’s necessary that a mobile identity and access management (IAM) solution be implemented in conjunction with BYOD. Such a solution allows companies to receive the full benefit of BYOD without having to deal with the many issues that come along with it.
Here are some reasons why BYOD and mobile IAM go hand in hand and should be implemented together.
Cost Savings
One of the main reasons that companies implement BYOD is to lower their costs associated with purchasing a large number of computers or tablets. Though BYOD may lower costs of technology, if not implemented correctly, the strategy can result in higher costs in areas such as the time and support from the IT department. Without an IAM solution in place, IT employees will first have to deal with the large influx of new devices being used with their network. This can be extremely time consuming, since it has to be done manually, and each device needs to be added.
With an IAM solution in place, IT employees can easily add new devices by simply listing them in Active Directory. If desired, they can also allow end users to register the devices themselves. End users simply fill out a web form that is set up for a work flow request, which then will be automatically sent to the appropriate manager or department for approval. This completely removes IT’s need for intervention.
After implementation, an IAM solution will continue to enhance BYOD and ensure low cost and less attention from IT. IAM also allows IT administrators to easily add, make changes or disable users who are using mobile devices from one place, rather than requiring them to make changes in each system or application.
Securing the company’s infrastructure
Though BYOD means employees are using their own devices instead of company provided technology, employees still need access to the company’s network, systems and applications. This can become an issue when employees leave the company, since they keep their devices, possibly allowing them access to company data.
Organizations need to ensure that when employees leave, they no longer have access to the company’s network and data. Though the solution seems simple – disable users from the system and applications to which they have access – this often, more times than not, goes unnoticed and users remains active with access to all systems as if they were employees of the organization.
The reason for this is that IT must be notified of the employee’s leave, then must manually disable the user from all systems and applications. If an IAM solution is implemented once an employee leaves, a manager can automatically disable the user and deactivate account access, ensuring the security of the company’s data.
Easily control devices registered
One of the most important things companies can do to ensure a successful BYOD implementation is to be in control of BYOD and set rules and criteria that require employees to use their own devices from the beginning. Though this makes sense in theory, it is often difficult to do since companies often need to control and monitor hundreds or thousands of employees. This is why organizations need a solution that monitors the devices registered for them.
There are many different types and brands of devices with various different operating systems. Once an organization decides which they are going to support, this can be set up in their mobile IAM solution. When a user tries to register a device, only those that the company supports will be able to be registered with the organization.
Overall, BYOD and an IAM solutions work together, providing an organization with an optimal solution for a mobile workforce. Many of the issues commonly associated with BYOD can be easily eliminated, allowing the company to reap the best of the program’s benefits.
For more information , please visit our website.
Friday, January 31, 2014
Authentication Challenges in the Cloud
As the cloud continues to expand within the commercial world and cloud services such as Google Apps, GoToMeeting, and Office 365 being widely deployed, working with cloud applications have user and access management consequences that need to be addressed.
Controlling who has access to specific applications and the corresponding data is even more complicated with cloud applications than with a typical office intranet. Providers of cloud solutions give little priority to developing better management of user accounts and access rights in their applications; they are more occupied with developing new, business-oriented features.
Consequently, user and access management in cloud applications entails a number of challenges such as:
1. Single Authentication
Active Directory is the central link in the chain for user access to applications and systems. The traditional LAN-based applications often have specific integration, such as LDAP, with the central user account directory. Working with cloud applications means more authentication sources. In addition to the corporate Active Directory network log-in, users also need to remember their credentials for each cloud application utilized.
There are only a few possibilities for synchronizing user accounts between both authentication sources, (like AD Federation Services from Microsoft and the SAML standard). In this manner, end-users can log in transparently to the cloud applications. However, Federation is not a replacement for provisioning and basic user account management. Maintaining roles within a cloud application and linking accounts to central authentication remains an important task with which access to specific data is regulated.
A single-sign-on (SSO) solution for the cloud would help in this situation. Vendors that offer SSO for cloud base the credentials on those that already exist in Active Directory. This allows the user to log in to all of their cloud applications with just their AD credentials.
2. Manual Actions
Providers who do not support Federation, such as many providers of e-learning environments and HR systems, frequently offer a web-browser that managers can use to control access to the cloud application directly. However, there is no automatic provisioning and this necessitates a sequence of manual operations. This process is time consuming and error prone. Also, when it’s possible to import a basic CSV file into the cloud application, it still requires manual intervention by the application manager. This can result in a lot of unnecessary work.
For example, consider the procedure required when an employee leaves the organization. This procedure often occurs in phases: first the user log-in is removed, then the account is removed, data transferred to a different user, and, finally, an email notification is sent to the manager. All these phases require a separate manual operation for user management in the cloud application. In this case, an automated account management solution would assist in the process. A solution such as this would synchronize user accounts via the HR system, so that any changes made in HR, such as disabling a user would automatically be synchronized to all connected accounts in all applications.
3. Naming and Password Conventions
Conventions governing naming standards and passwords are often inconsistent between network and cloud applications. In the network, a user ID might be based on the log-in name, and in the cloud it might be the email address. This complicates exchanging user account details between the environments, and, in many cases, differences also apply to password conventions.
When extremely complex passwords are required in the corporate network, cloud applications might not be able to handle this type of password. The possibility also exists that the cloud application requires a different duration for password expiration than within the corporate network. Synchronizing passwords between the network and cloud applications can be exceedingly difficult. In this case, automated solutions can be helpful as they can enforce a standard naming convention across all applications while allowing for uniqueness when more than one employee has the same name.
An enterprise SSO solution can mitigate the password complexity issues by “remembering” the user’s password and providing it automatically each time the user logs into the application. Further, an SSO application can also routinely reset the password in the background, or prompt the user to do so, when expiration occurs.
4. Organizational Structure
The reporting hierarchy structure within an organization is often utilized to assign authorizations to employees based on their role or position, commonly referred to as role-based access control (RBAC). Within the corporate network, this structure is contained in an HR system or within Active Directory.
Cloud applications normally cannot translate this organizational structure, and the web-based provisioning functionality they offer does not offer a robust method for incorporating this level of detail. Naturally, it is possible to transfer the entire organizational structure to the cloud application, but this requires an enormous volume of management activity when something in the hierarchy changes.
RBAC in an automated account management solution can assist with this issue. It allows access to various components of the cloud applications to be based on the end user’s organizational role. In this way access will be controlled on the basis of the department or title in the HR system.
5. Bulk actions
Performing bulk actions in cloud applications is occasionally rejected by the application. Consider, for example, schools that want to create a thousand user accounts for students in a cloud application, such as an e-learning system. Some cloud applications that impose restrictions on the number of actions that can be carried out in one pass or require that no management activities are undertaken during working hours to prevent overloads on their network.
A robust provisioning application can adhere to the processing rules imposed by cloud applications by breaking up the number of requests to be processed in one connection and/or limiting the execution to specific time-frames.
Working with cloud applications generally means that organizations no longer have user and access management in their own hands, and that the rules and service level agreements of the cloud applications apply. User and access management are of secondary importance to business requirements. If it is requisite for an organization to have control of user and access management, there are third-party developers that provide software solutions to ease the transition to cloud-based applications.
For more information, please visit our website.
Controlling who has access to specific applications and the corresponding data is even more complicated with cloud applications than with a typical office intranet. Providers of cloud solutions give little priority to developing better management of user accounts and access rights in their applications; they are more occupied with developing new, business-oriented features.
Consequently, user and access management in cloud applications entails a number of challenges such as:
1. Single Authentication
Active Directory is the central link in the chain for user access to applications and systems. The traditional LAN-based applications often have specific integration, such as LDAP, with the central user account directory. Working with cloud applications means more authentication sources. In addition to the corporate Active Directory network log-in, users also need to remember their credentials for each cloud application utilized.
There are only a few possibilities for synchronizing user accounts between both authentication sources, (like AD Federation Services from Microsoft and the SAML standard). In this manner, end-users can log in transparently to the cloud applications. However, Federation is not a replacement for provisioning and basic user account management. Maintaining roles within a cloud application and linking accounts to central authentication remains an important task with which access to specific data is regulated.
A single-sign-on (SSO) solution for the cloud would help in this situation. Vendors that offer SSO for cloud base the credentials on those that already exist in Active Directory. This allows the user to log in to all of their cloud applications with just their AD credentials.
2. Manual Actions
Providers who do not support Federation, such as many providers of e-learning environments and HR systems, frequently offer a web-browser that managers can use to control access to the cloud application directly. However, there is no automatic provisioning and this necessitates a sequence of manual operations. This process is time consuming and error prone. Also, when it’s possible to import a basic CSV file into the cloud application, it still requires manual intervention by the application manager. This can result in a lot of unnecessary work.
For example, consider the procedure required when an employee leaves the organization. This procedure often occurs in phases: first the user log-in is removed, then the account is removed, data transferred to a different user, and, finally, an email notification is sent to the manager. All these phases require a separate manual operation for user management in the cloud application. In this case, an automated account management solution would assist in the process. A solution such as this would synchronize user accounts via the HR system, so that any changes made in HR, such as disabling a user would automatically be synchronized to all connected accounts in all applications.
3. Naming and Password Conventions
Conventions governing naming standards and passwords are often inconsistent between network and cloud applications. In the network, a user ID might be based on the log-in name, and in the cloud it might be the email address. This complicates exchanging user account details between the environments, and, in many cases, differences also apply to password conventions.
When extremely complex passwords are required in the corporate network, cloud applications might not be able to handle this type of password. The possibility also exists that the cloud application requires a different duration for password expiration than within the corporate network. Synchronizing passwords between the network and cloud applications can be exceedingly difficult. In this case, automated solutions can be helpful as they can enforce a standard naming convention across all applications while allowing for uniqueness when more than one employee has the same name.
An enterprise SSO solution can mitigate the password complexity issues by “remembering” the user’s password and providing it automatically each time the user logs into the application. Further, an SSO application can also routinely reset the password in the background, or prompt the user to do so, when expiration occurs.
4. Organizational Structure
The reporting hierarchy structure within an organization is often utilized to assign authorizations to employees based on their role or position, commonly referred to as role-based access control (RBAC). Within the corporate network, this structure is contained in an HR system or within Active Directory.
Cloud applications normally cannot translate this organizational structure, and the web-based provisioning functionality they offer does not offer a robust method for incorporating this level of detail. Naturally, it is possible to transfer the entire organizational structure to the cloud application, but this requires an enormous volume of management activity when something in the hierarchy changes.
RBAC in an automated account management solution can assist with this issue. It allows access to various components of the cloud applications to be based on the end user’s organizational role. In this way access will be controlled on the basis of the department or title in the HR system.
5. Bulk actions
Performing bulk actions in cloud applications is occasionally rejected by the application. Consider, for example, schools that want to create a thousand user accounts for students in a cloud application, such as an e-learning system. Some cloud applications that impose restrictions on the number of actions that can be carried out in one pass or require that no management activities are undertaken during working hours to prevent overloads on their network.
A robust provisioning application can adhere to the processing rules imposed by cloud applications by breaking up the number of requests to be processed in one connection and/or limiting the execution to specific time-frames.
Working with cloud applications generally means that organizations no longer have user and access management in their own hands, and that the rules and service level agreements of the cloud applications apply. User and access management are of secondary importance to business requirements. If it is requisite for an organization to have control of user and access management, there are third-party developers that provide software solutions to ease the transition to cloud-based applications.
For more information, please visit our website.
Subscribe to:
Posts (Atom)