The majority of calls received by the IT helpdesk need to be verified. After all, to protect the network, helpdesk needs to be certain that the caller is who they say they are before they can grant access rights to applications. So, how can they do this whilst protecting each end-user’s personal information?
A lot of organisations use physical forms of identification – for example; employees will be asked to provide a document signed by their manager or a copy of their passport before being assigned permissions. Although this process can be unnecessarily time-consuming, quicker approaches such as calling the helpdesk are often deemed to be unsafe by management as they can involve too many risks.
To help to solve these issues, Tools4ever has developed the Helpdesk Caller ID Verification solution – which allows service desk staff to securely determine a caller’s identity over the phone. When enrolling with the software , employees must answer a series of personal questions, for example; “What is your mother’s maiden name?”
The answers to these questions can from then on be used to verify each employee’s identity. To make this process even more secure IT Support are not able see the actual answer to the question, only parts of it (for example the first and last letter of the answer). The helpdesk assistant asks the caller which letters should be filled in and can then verify the identity of the caller.
Helpdesk Caller ID Verification can be a very cost effective solution as it doesn’t require any additional hardware and allows organisations to securely determine the identity of their callers, without any long-drawn out procedures. An ideal way to secure your network, without the muss or the fuss!
Tuesday, 3 July 2012
Thursday, 24 May 2012
ACCESS MANAGEMENT AND SOX COMPLIANCY/AUDITS
We frequently deal with companies that have to be compliant to SOX regulations. This often has a big impact on the IT department, particularly with regards to managing access rights. We find in these scenarios there are three very common issues which tend to arise:
Workflow and validations on access rights:
Whether it concerns regular active directory user accounts, NTFS rights, active directory groups, e-mail or application authorisations, all requests and validations have to comply with SOX regulations. This can often mean that, in order to create each user account, the IT department needs sign off from the person making the request, as well as the validating manager and the IT Management.
Traditionally this had to be done by a manual, paper driven process –and many companies still use this outdated method. This means that every time a SOX audit takes place, the IT department has to spend weeks sorting through the papers with the auditor. However, an automated workflow management system (As provided with software like UMRA, User Management Resource Administrator) can automate these steps and make SOX audits a piece of cake for the IT department.
With UMRA there’s no risk of papers getting lost in the audit process or people having to wait for their access rights, as the solution will automatically alert the appropriate staff, who can validate a request before it is sent to IT.
Traceability:
In order to comply with regulations, all requests for access and granting of access must be traceable. This is a standard feature of the Tools4ever’s Identity and Access Management suite.
Segregation of Duty:
In order to comply with some SOX requirements, certain tasks must be done by separate members of staff. For example an order placed by person X must be validated by person Y. This has consequences for access management as permission to use certain data, or the access rights within an application must be tightly controlled.
The access management system must block or alert personnel whenever two permissions are being granted to the same user. This is easy to achieve with the reporting and provisioning mechanisms in Tools4ever’s identity and access management solutions. The solution only needs to know which permissions cannot be combined and it will then automatically manage and audit these requirements.
Feel free to contact your Tools4ever office if you have any questions about SOX compliancy, and Access Management workflows.
Workflow and validations on access rights:
Whether it concerns regular active directory user accounts, NTFS rights, active directory groups, e-mail or application authorisations, all requests and validations have to comply with SOX regulations. This can often mean that, in order to create each user account, the IT department needs sign off from the person making the request, as well as the validating manager and the IT Management.
Traditionally this had to be done by a manual, paper driven process –and many companies still use this outdated method. This means that every time a SOX audit takes place, the IT department has to spend weeks sorting through the papers with the auditor. However, an automated workflow management system (As provided with software like UMRA, User Management Resource Administrator) can automate these steps and make SOX audits a piece of cake for the IT department.
With UMRA there’s no risk of papers getting lost in the audit process or people having to wait for their access rights, as the solution will automatically alert the appropriate staff, who can validate a request before it is sent to IT.
Traceability:
In order to comply with regulations, all requests for access and granting of access must be traceable. This is a standard feature of the Tools4ever’s Identity and Access Management suite.
Segregation of Duty:
In order to comply with some SOX requirements, certain tasks must be done by separate members of staff. For example an order placed by person X must be validated by person Y. This has consequences for access management as permission to use certain data, or the access rights within an application must be tightly controlled.
The access management system must block or alert personnel whenever two permissions are being granted to the same user. This is easy to achieve with the reporting and provisioning mechanisms in Tools4ever’s identity and access management solutions. The solution only needs to know which permissions cannot be combined and it will then automatically manage and audit these requirements.
Feel free to contact your Tools4ever office if you have any questions about SOX compliancy, and Access Management workflows.
Tuesday, 24 January 2012
Password Synchronisation vs. Single Sign On
Clients often ask me to advise them on reducing the number of passwords end-users need to use in order to access their account and applications. Their first approach, in order to avoid multiple passwords, is usually to ensure that passwords are synchronised over different systems.
This is certainly a valid approach, but is it always the best solution? This post focuses on the advantages and disadvantages of using a password synchronisation tool to reduce the number of login credentials. It also looks at the strength of Enterprise Single Sign On software as an alternative (Such as Tools4ever’s E-SSOM).
Although password synchronisation solutions will reduce the number of passwords the end user needs to key in, a number of technical conditions must be met in order for the software to function effectively:
1. Password synchronisation applications (for example PSM (Password Synchronisation Manager) by Tools4ever) need to be able to know which accounts in each application correspond to which user in the enterprise directory (such as Active Directory). However, this is not always an easy process as many applications use different (manual) naming conventions or limit the number and/or type of characters in the user name.
2. Each application must allow an automated password change whenever a password is amended in Active Directory. This often requires a specific connector or API. The password complexity rules of the application must also comply with those of the central directory. However, many applications have limited password complexity rules and therefore weaker passwords would need to be used at Active Directory level in order for the password synchronisation solution to work. This kind of scenario is not ideal as it could lead to potential security issues.
In many cases the conditions above mean that a new project must be undertaken to make password synchronisation possible. This involves time, resources and may involve changing usernames and passwords for the end user which is just the situation that we are trying to avoid.
Enterprise Single Sign On solutions can offer a number of advantages over PSM software. Firstly, it is often easier to implement an Enterprise Single Sign On solution. Enterprise SSO solutions (specifically E-SSOM by Tools4ever) can recognise the login screens/events of applications and can automatically fill them out. The result for the end user can be even better than a successful password synchronisation as not only do they no longer have to remember different sets of login credentials, but they also do not need to key in logon credentials for each application.
In the case of Enterprise SSO Manager:
1. The conditions (as specified above) for password synchronisation do not have to be met.
2. Nothing has to be changed in the existing login/password structures.
3. No API’s or connectors are necessary to access application passwords.
4. The solution will work with any type of application or mode of authentication.
As such, Enterprise Single Sign On solutions are often the preferred choice over Password Synchronisation tools. Personally, I find that if you only have one or two applications to synchronise and all the conditions have been met anyway, Password Synchronisation can be an excellent tool to use. However, if the conditions for password synchronisation are not met natively or if you are interested in ‘synchronising’ more applications, an Enterprise SSO solution like Tools4ever’s E-SSOM, would be the better solution in terms of light implementation, scalability and resulting ease of use for the end-user.
To learn more about E-SSOM and PSM please visit:
Enterprise SSO Manager http://www.tools4ever.com/gb/products/enterprise-single-sign-on-manager/
Password Synchronisation Manager http://www.tools4ever.com/gb/products/password-synchronization-manager/
This is certainly a valid approach, but is it always the best solution? This post focuses on the advantages and disadvantages of using a password synchronisation tool to reduce the number of login credentials. It also looks at the strength of Enterprise Single Sign On software as an alternative (Such as Tools4ever’s E-SSOM).
Although password synchronisation solutions will reduce the number of passwords the end user needs to key in, a number of technical conditions must be met in order for the software to function effectively:
1. Password synchronisation applications (for example PSM (Password Synchronisation Manager) by Tools4ever) need to be able to know which accounts in each application correspond to which user in the enterprise directory (such as Active Directory). However, this is not always an easy process as many applications use different (manual) naming conventions or limit the number and/or type of characters in the user name.
2. Each application must allow an automated password change whenever a password is amended in Active Directory. This often requires a specific connector or API. The password complexity rules of the application must also comply with those of the central directory. However, many applications have limited password complexity rules and therefore weaker passwords would need to be used at Active Directory level in order for the password synchronisation solution to work. This kind of scenario is not ideal as it could lead to potential security issues.
In many cases the conditions above mean that a new project must be undertaken to make password synchronisation possible. This involves time, resources and may involve changing usernames and passwords for the end user which is just the situation that we are trying to avoid.
Enterprise Single Sign On solutions can offer a number of advantages over PSM software. Firstly, it is often easier to implement an Enterprise Single Sign On solution. Enterprise SSO solutions (specifically E-SSOM by Tools4ever) can recognise the login screens/events of applications and can automatically fill them out. The result for the end user can be even better than a successful password synchronisation as not only do they no longer have to remember different sets of login credentials, but they also do not need to key in logon credentials for each application.
In the case of Enterprise SSO Manager:
1. The conditions (as specified above) for password synchronisation do not have to be met.
2. Nothing has to be changed in the existing login/password structures.
3. No API’s or connectors are necessary to access application passwords.
4. The solution will work with any type of application or mode of authentication.
As such, Enterprise Single Sign On solutions are often the preferred choice over Password Synchronisation tools. Personally, I find that if you only have one or two applications to synchronise and all the conditions have been met anyway, Password Synchronisation can be an excellent tool to use. However, if the conditions for password synchronisation are not met natively or if you are interested in ‘synchronising’ more applications, an Enterprise SSO solution like Tools4ever’s E-SSOM, would be the better solution in terms of light implementation, scalability and resulting ease of use for the end-user.
To learn more about E-SSOM and PSM please visit:
Enterprise SSO Manager http://www.tools4ever.com/gb/products/enterprise-single-sign-on-manager/
Password Synchronisation Manager http://www.tools4ever.com/gb/products/password-synchronization-manager/
Subscribe to:
Posts (Atom)