Tag Archive for: identities

Five ways security teams can more effectively manage identities in the cloud

/in


Managing identities in the cloud has been described as a “big mess” by many security pros – and that’s why SC Media decided to focus on this issue as we celebrate Data Privacy Day.

For starters, the comparatively orderly on-prem days in which all identities were managed by Microsoft Active Directory, or network admins could geo-locate an employee based on an IP address that was in the company’s building are long gone.

Rather, the confluence of the cloud accelerated by the pandemic moved companies outside the building, where they are now managing hundreds of applications and data sets, and permissions and access right for all those applications and data.

“For just AWS alone, a company may have 100 different applications,” said Frank Dickson, vice president for security and trust at IDC. “Someone may have access to Salesforce, but only to the files for their customers. So think about the exponential scaling of that complexity across multiple applications and you begin to understand how challenging managing identities in the cloud has become.”

Based on interviews with Dickson and other security pros here’s a list of tips to consider for managing identities in the cloud.

  • Invest in core identity technology. Dickson said once a company gets past 100 users, managing identity becomes unwieldy. Businesses need to invest in a tool such as Okta or Azure AD that can automate the management of all the cloud-based identities – and that’s especially true for large organizations with hundreds, if not thousands of users.
  • Consider cloud identity management tools for IaaS and SaaS. There’s no one-size-fits-all solution to managing identifies in the cloud, said Dickson. There are products from the likes of CrowdStrike, Microsoft and Sonrai Security for example, under the umbrella of cloud infrastructure entitlement management (CIEM), that let different teams and developers implement least privilege access at scale. It lets security teams grant access to a specific segment in public cloud environments, and it can do this across all the major public cloud environments, such as AWS, Azure and the Google Cloud Platform. And then there are tools known as SaaS Detection and Response…

Source…

Techstrong TV: Understanding & Managing Digital Identities

/in


David and Charlene discuss how to effectively manage digital identities and assets in the rapidly evolving digital world. The video and a transcript of the conversation are below.

This is Digital Anarchist.

AppSec/API Security 2022

 

Charlene O’Hanlon: Hey everybody. Welcome back to Tech Strong TV. I’m Charlene O’Hanlon and I am here now with David Mahdi who is the chief strategy officer and CISO advisor over at Setigo. David, thanks so much for being with me here today. I am just so very excited to have a conversation with you about digital identities, because I know that it’s a very, very hot topic among a lot of organizations as they kind of seek to maybe lock down their systems a little bit more, at least understand what they’ve got so that they can lock it down. So thanks very much for being on tech rung TV and having the conversation with me. I’m very excited. Great to

 

David Mahdi: Well Charlene, thank you very much for having me. And I – it’s digital identity is certainly an area that I’m passionate about. And I think all of us have our own personal stories, whether it’s getting locked out of account at work or getting locked out of a personal account.  It all comes back to that.

 

Interviewer: Yeah. I can count on one hand how many times that happens to me in a week. So it’s but you know, it can be difficult to manage all those passwords. But let’s kind of start at the beginning. So we’re talking about digital identities and you know, these days there is not a person on this earth I think who doesn’t have some sort of digital identity. But what exactly are we talking about when we do say digital identity?

 

Mahdi: Yeah. Great question. So digital identity really well, first of all, we have to think of not just humans, right? You are you you’re Charlene, I’m David, and in the traditional physical world, you might have a passport, a driver’s license and all these types of IDs. And that’s how you, you know, when someone says, are you really Charlene in person and you show one of those ID cards, right? But obviously over the last few decades we’ve been doing more and more online, and we’ve kind of danced around ways to do digital identity online for the…

Source…

Secure SSO for Cloud Applications using existing on premise Active Directory Identities

/in


single sign on userlock

The new release of UserLock 11 provides existing on-premise Active Directory (AD) Identities with secure Single Sign-On (SSO) access to both the corporate network and multiple cloud applications, from wherever they are working. In combination with Multi-Factor Authentication (MFA) it enables on-premise AD identities to securely access Microsoft 365 and other leading cloud applications.

  • For maximum security and ease, Userlock SSO maintains Windows Server Active Directory as the authoritative user directory and extends it to work with the cloud.
  • Given the increased vulnerability of corporate passwords for all organizations, UserLock’s granular Multifactor Authentication (MFA) provides the SSO protection you need without unnecessarily impeding employees.
  • New MFA enhancements have been added to help organizations scale MFA across all employees.

 

Today’s modern hybrid organization relies on Active Directory and the cloud to operate. With the demand for remote work at an unprecedented scale, IT teams need to streamline access to both the corporate network and cloud application from wherever employees are working.

This change in user access requirements creates new security risks that can often lead organizations to adopt either complex, costly or disruptive changes.” said François Amigorena, President & CEO of IS Decisions.

With UserLock, organizations can benefit from an easy-to-use, non-disruptive and affordable SSO solution that leverage’s their existing investment in Active Directory to effectively secure employees access to both the corporate network and multiple cloud applications.”

On-site Federated Authentication

Installed in minutes on a standard Windows server, UserLock SSO supports SAML 2.0 protocol to enable federated authentication of cloud applications. Each user needs to log in only once with their existing AD credentials (and a second factor if required), to seamlessly access all cloud resources.

  • Secure on site authentication is retained, even for remote access
  • Accounts, services, roles and group policies continue to be enforced
  • No need to create and manage a new directory for user ID’s
  • No change or provisioning needed for existing access to…

Source…