Single sign-on (SSO) solutions benefit system end users, allowing them to quickly log on to their accounts by entering only one set of credentials and thereafter automatically logging them into all their systems and applications. In addition to this benefit, SSO provides other features that can further help end users and system admins throughout any organization.
Additional advantages of SSO, that are often not discussed, include:
Reduction in calls to the helpdesk
Often, since end users are required to remember several different sets of log in credentials, many of which are complicated and require special characters, they have trouble remembering each combination of user name and password. This leads to them calling the helpdesk to reset their passwords. With an SSO solution, end users only need to remember one set of credentials, which drastically reduces calls to the helpdesk and allows them to focus on more important tasks.
Integrates with other solutions
SSO is often able to integrate with other beneficial software, such as self-service password resetting and user provisioning. This allows organizations the ability to easily integrate SSO with solutions they might already have in place or with new software. For password resets, applications that require a new password every month or so, SSO can automatically generate a new password. With user provisioning, SSO can automatically provision a password for a new user.
Follow me
Another additional feature that can be added to SSO is the principle of “follow me.” This allows end users that need to work on different computers, such as doctors in the hospital setting, to easily do so by being able to log in on one computer and then quickly log out and continue their work on another computer. With “follow me,” users can quickly move to different work stations and do not have to open all applications that they were previously working on.
Fast user switching
In situations where users need to log in and out quickly, SSO can be very beneficial. Fast user switching allows users to quickly log on and have all of their applications started and logged in to on public computers. This can further be simplified by allowing the user to quickly swipe a pass card and have the same actions take place. Once they remove the card they are automatically signed out of all applications and the computer.
Fulfills compliance
SSO allows organizations to easily fulfill compliance and regulations. One way in which this is true is that an SSO solution can allow system admins to easily revoke access for a user in a single action, instead of having to go through each application. A report can also easily be generated to show which users have access to what applications to ensure that no users have access to information or applications that they shouldn’t. Lastly, SSO solutions can provide an additional check before the user logins to any critical application by requiring them to enter an additional PIN code or smart card.
Reduction of risks
A SSO solution not only makes the log on process more convenient and faster for the end user, it also makes the company’s information and applications more secure. When employees need to remember several different credentials they often write them down and keep them by their computers, which increases risk of someone unauthorized logging in. With and SSO solution the user only has to remember one set of credentials, reducing the chance that they will write them down.
For more information, please visit our website.
Friday, August 29, 2014
Friday, August 15, 2014
Challenges of managing information in the cloud
The cloud continues to be much discussed and the many benefits it offers organizations of all sizes. Rarely is it mentioned, though, that there are a number of complications that come with managing data there, especially in regard to end user accounts and access of applications.
Using cloud applications surely can impact the security, compliance and IT-related cost savings of an organization. In relation to identity and access management, when several cloud applications are implemented, provisioning, password management and the monitoring of access begins to become quite a challenge. Because of this, organizational leaders should seriously consider implementing an automated cloud identity management solution if they’re using or making a move.
Auto provisioning
Creating accounts in cloud applications can be time consuming for both the IT department and the end user. System administrators must manually create accounts for users, which often delays users having access for days and not being able to get their work done. With an automated cloud identity management solution, user accounts are automatically created, modified, enabled or disabled via a synchronization with the HR system. The helpdesk or manager handling the process can easily make changes in one place and automatically synchronize these changes to all cloud applications.
Security
When an organization begins to use several cloud applications, it often becomes difficult to determine that the correct people have the correct access to systems and applications. Users may have access to systems and applications that they shouldn’t, leaving data vulnerable to breach. With a role-based access control (RBAC) module, for example, system administrators can easily control access to the company’s cloud applications on the basis of an employee’s department or job title based on records from the human resource system. So doing, ensures that each employee has the correct access to systems, even in cloud applications.
Password issues
Passwords often become a problem when implementing numerous cloud applications. Since IT administrators need to manage passwords for countless users, who often have trouble remembering several sets of credentials, the responsibility falls on the IT department to deal with resetting these passwords when users forget them. A cloud SSO solution can be used so that end users only must remember one set of credentials for all of their cloud applications, which can be based on their existing Active Directory credentials. If for any reason a password needs to be reset, it can be changed in one place, Active Directory, and then be automatically synchronized with all cloud applications.
Audit
As more cloud applications are deployed in an organization, the need for reporting of whom is using what applications and systems become paramount. The complexity of managing this process is increased by the number of cloud applications deployed and the number of users accessing the systems. A centralized dashboard can be used in an automated identity management solution to easily see on overview of usage and logging in. This allows management to easily review the report for auditing purposes, as well as controlling license costs.
Overall, cloud IAM solutions offer benefits to end users, IT departments and even management. End users are able to receive their account access quickly and not have to wait to perform their jobs if locked out and IT has full control over the applications and authorizations without having to spend countless hours on account management.
For management, audit and compliance is made easier because of the solutions. They don’t need to spend money on expenses in relation to the applications or the helpdesk, and are able to receive the full benefits of using cloud applications as originally expected.
For more information, please visit our website.
Using cloud applications surely can impact the security, compliance and IT-related cost savings of an organization. In relation to identity and access management, when several cloud applications are implemented, provisioning, password management and the monitoring of access begins to become quite a challenge. Because of this, organizational leaders should seriously consider implementing an automated cloud identity management solution if they’re using or making a move.
Auto provisioning
Creating accounts in cloud applications can be time consuming for both the IT department and the end user. System administrators must manually create accounts for users, which often delays users having access for days and not being able to get their work done. With an automated cloud identity management solution, user accounts are automatically created, modified, enabled or disabled via a synchronization with the HR system. The helpdesk or manager handling the process can easily make changes in one place and automatically synchronize these changes to all cloud applications.
Security
When an organization begins to use several cloud applications, it often becomes difficult to determine that the correct people have the correct access to systems and applications. Users may have access to systems and applications that they shouldn’t, leaving data vulnerable to breach. With a role-based access control (RBAC) module, for example, system administrators can easily control access to the company’s cloud applications on the basis of an employee’s department or job title based on records from the human resource system. So doing, ensures that each employee has the correct access to systems, even in cloud applications.
Password issues
Passwords often become a problem when implementing numerous cloud applications. Since IT administrators need to manage passwords for countless users, who often have trouble remembering several sets of credentials, the responsibility falls on the IT department to deal with resetting these passwords when users forget them. A cloud SSO solution can be used so that end users only must remember one set of credentials for all of their cloud applications, which can be based on their existing Active Directory credentials. If for any reason a password needs to be reset, it can be changed in one place, Active Directory, and then be automatically synchronized with all cloud applications.
Audit
As more cloud applications are deployed in an organization, the need for reporting of whom is using what applications and systems become paramount. The complexity of managing this process is increased by the number of cloud applications deployed and the number of users accessing the systems. A centralized dashboard can be used in an automated identity management solution to easily see on overview of usage and logging in. This allows management to easily review the report for auditing purposes, as well as controlling license costs.
Overall, cloud IAM solutions offer benefits to end users, IT departments and even management. End users are able to receive their account access quickly and not have to wait to perform their jobs if locked out and IT has full control over the applications and authorizations without having to spend countless hours on account management.
For management, audit and compliance is made easier because of the solutions. They don’t need to spend money on expenses in relation to the applications or the helpdesk, and are able to receive the full benefits of using cloud applications as originally expected.
For more information, please visit our website.
Friday, August 8, 2014
How two factor authentication can easily add security for access
Organizations large and small can easily add security to their login procedures with two-factor authentication, which is a simple process that requires users to enter more than one piece of information to access accounts. For example, in addition to simply entering a user name and password, two-factor authentication requires use of another identifier, such as a smart card or a PIN code.
Major organizations are making use of two-factor authorization — Twitter and Google. And while its primary goal is to improve security of systems and applications, the solutions also provide additional features that can be of benefit to all organizations. Here are some of the uses, and features, of two-factor authentication that can benefit employees and their organization:
Easily customizable: System administrations can customize the two-factor authentication process to meet their needs. For example, rules can be created that mandate that during the time a user is logged into an organization’s systems, his smart card also must be in the reader the whole time the employee is working. In this scenario, if the user removes the card he is then automatically logged out of the system. On the other hand, rules also can be written that requires a user to present the card for a few seconds when first logging in for him to access all needed systems.
PIN code memory: Though end users have to enter a PIN code for two-factor authentication, the internal systems have the ability to remember PIN codes for a defined period of time. Users then only have to enter their PIN code once when first logging into the computer at the beginning of the workday and not again after that. Each time after, during the same day, employees or users only have to present their smart card to access systems and not their PIN. This ensures that systems are secure, but does not inconvenience users by requiring them to enter both the PIN code and card each time they login.
Self-service registration: When first implementing smart card use, end users can securely register their smart cards themselves, taking the burden off of the IT department. Once a user inserts his card, which is not registered into the reader, it will enable a user to assign their username and password to this card.
Advanced authentication for resetting passwords: Two-factor authentication can be used to enable users to reset their own passwords. In addition to answering a series of questions that they previously provided answers to, end users can be sent a code via SMS or email that they will have to enter before being able to reset their passwords.
PIN code sent via email or SMS: The PIN code or password that end users provide as one source of authentication does not have to be something that the user actually remembers; nor does it have to be the same password every time. A password PIN can be automatically generated and sent to the user via text message to her cell phone or to her email account, which she then inputs to gain access to her account.
For more information, please visit our website.
Major organizations are making use of two-factor authorization — Twitter and Google. And while its primary goal is to improve security of systems and applications, the solutions also provide additional features that can be of benefit to all organizations. Here are some of the uses, and features, of two-factor authentication that can benefit employees and their organization:
Easily customizable: System administrations can customize the two-factor authentication process to meet their needs. For example, rules can be created that mandate that during the time a user is logged into an organization’s systems, his smart card also must be in the reader the whole time the employee is working. In this scenario, if the user removes the card he is then automatically logged out of the system. On the other hand, rules also can be written that requires a user to present the card for a few seconds when first logging in for him to access all needed systems.
PIN code memory: Though end users have to enter a PIN code for two-factor authentication, the internal systems have the ability to remember PIN codes for a defined period of time. Users then only have to enter their PIN code once when first logging into the computer at the beginning of the workday and not again after that. Each time after, during the same day, employees or users only have to present their smart card to access systems and not their PIN. This ensures that systems are secure, but does not inconvenience users by requiring them to enter both the PIN code and card each time they login.
Self-service registration: When first implementing smart card use, end users can securely register their smart cards themselves, taking the burden off of the IT department. Once a user inserts his card, which is not registered into the reader, it will enable a user to assign their username and password to this card.
Advanced authentication for resetting passwords: Two-factor authentication can be used to enable users to reset their own passwords. In addition to answering a series of questions that they previously provided answers to, end users can be sent a code via SMS or email that they will have to enter before being able to reset their passwords.
PIN code sent via email or SMS: The PIN code or password that end users provide as one source of authentication does not have to be something that the user actually remembers; nor does it have to be the same password every time. A password PIN can be automatically generated and sent to the user via text message to her cell phone or to her email account, which she then inputs to gain access to her account.
For more information, please visit our website.
Friday, August 1, 2014
Continual IT Audits
Information audits are inconvenient, unpleasant and rarely fun. They are a headache because of the fact that when audit season comes around, they take resources away from several departments for extended periods of time while staff managing and leading them also must continue their other daily roles. Unfortunately, there is no getting around an audit, whether internal or external.
Several major compliance regulations in the United States including the Health Insurance Portability and Accountability Act (HIPAA), the Control Objectives for Information and Related Technology (COBIT) and Sarbanes Oxley Act (SOX) require businesses to ensure certain standards within their organizations, including protection of data and full disclosure. Organizations that do not comply face significant fines and potential punishment.
Since audits are mandatory, organizations need to instead find ways that make dealing with them simpler. This is why organizational leaders should instead focus on conducting continual audits or implementing solutions that can help them stay in line with their audit needs throughout the year. This allows them to perform the work for audits along the way instead of having to do it all at once.
Instead of an annual audit check followed by an extensive clean-up operation, several leading organizations are implementing solutions that allow them to exercise constant control over the identities in their networks, their lifecycles and their authorizations.
Continual Audits
To achieve continual audits, some organizations have utilized identity and access management solutions. An automated account management solution with role-based access control (RBAC) allows a manager to oversee and document exactly who has access to what, and any changes they are making. With RBAC in place, managers can easily see an overview of access and correct any issues that arise. This also makes it extremely easy to provide a list of employees who have access to critical data when it comes to audit time.
These same automated account management solutions allow for other tasks to be continually documented for audits in an organized manner. The system automatically logs which employee performs a particular management activity, as well as the time it occurred. Management reporting can be generated in a wide variety of formats meaning the organization always has an insight into the processes involved and whether they are in compliance with regulations.
Case In Point
The Salvation Army had relied on an inefficient paper system prior to its automated solution. The paper system was almost impossible to audit. The automated account management solution has completely resolved this issue and the organization can now easily meet requirements.
According to the Salvation Army’s Christian Cundall, head of messaging services, the organization needed to introduce a solution for user management and auditing for simple reasons. “We were experiencing 1,000 calls a month to our helpdesk for user account-related changes. Any change requests needed to be confirmed via fax, resulting in a large paper trail, which was impossible to audit. The faxes often contained errors and omissions, adding to the workload placed on our helpdesk; 90 percent of the work needed to be duplicated.”
“We were impressed by the ability to force users to comply with our naming conventions, and provide a full log on all actions for auditing purposes,” said Cundall.
For more information, please visit our website.
Several major compliance regulations in the United States including the Health Insurance Portability and Accountability Act (HIPAA), the Control Objectives for Information and Related Technology (COBIT) and Sarbanes Oxley Act (SOX) require businesses to ensure certain standards within their organizations, including protection of data and full disclosure. Organizations that do not comply face significant fines and potential punishment.
Since audits are mandatory, organizations need to instead find ways that make dealing with them simpler. This is why organizational leaders should instead focus on conducting continual audits or implementing solutions that can help them stay in line with their audit needs throughout the year. This allows them to perform the work for audits along the way instead of having to do it all at once.
Instead of an annual audit check followed by an extensive clean-up operation, several leading organizations are implementing solutions that allow them to exercise constant control over the identities in their networks, their lifecycles and their authorizations.
Continual Audits
To achieve continual audits, some organizations have utilized identity and access management solutions. An automated account management solution with role-based access control (RBAC) allows a manager to oversee and document exactly who has access to what, and any changes they are making. With RBAC in place, managers can easily see an overview of access and correct any issues that arise. This also makes it extremely easy to provide a list of employees who have access to critical data when it comes to audit time.
These same automated account management solutions allow for other tasks to be continually documented for audits in an organized manner. The system automatically logs which employee performs a particular management activity, as well as the time it occurred. Management reporting can be generated in a wide variety of formats meaning the organization always has an insight into the processes involved and whether they are in compliance with regulations.
Case In Point
The Salvation Army had relied on an inefficient paper system prior to its automated solution. The paper system was almost impossible to audit. The automated account management solution has completely resolved this issue and the organization can now easily meet requirements.
According to the Salvation Army’s Christian Cundall, head of messaging services, the organization needed to introduce a solution for user management and auditing for simple reasons. “We were experiencing 1,000 calls a month to our helpdesk for user account-related changes. Any change requests needed to be confirmed via fax, resulting in a large paper trail, which was impossible to audit. The faxes often contained errors and omissions, adding to the workload placed on our helpdesk; 90 percent of the work needed to be duplicated.”
“We were impressed by the ability to force users to comply with our naming conventions, and provide a full log on all actions for auditing purposes,” said Cundall.
For more information, please visit our website.
Subscribe to:
Posts (Atom)