Cloud Computing and Identity Access Management

For you and I, cloud computing has been a nice innovation, an easy way to store personal files without worrying about our devices running out of space. Users can access and use these files as long as they have an Internet connection. Cloud computing has revolutionised businesses and will continue to change the landscape for data storage and access.

Put simply, cloud computing offers consumers and businesses to store files and run programs over the Internet. Business entities are moving away from on-site servers and hard drives. Once-localised data is shifted and housed on the Internet, centralised in a single web space and accessible via different applications. While this is undoubtedly convenient, this development opened a Pandora’s box for identity access management.

Today, we will take a closer look at a few challenges for identity and access management arising from the shift to cloud computing.

Naturally, one of the largest issues facing identity access management is the difficulty of maintaining secure and proper access to the information on the cloud. Without proper identity management, all members of the cloud will have unlimited access to sensitive data and applications on the cloud.

For large businesses, important information concerning operations or customer information will be at risk at being stolen or tampering from an unauthorised breach. Unwanted entries must be warded off. Even for the cloud’s members, proper identity and access management must be observed to ensure each individual user only has access to the appropriate amount of data.

In 2013, the well-publicised case of a hacking of Target’s data resulted in the theft of over 40 million credit card details. Hackers used a 3rd party vendor’s details to gain access to Target’s data cloud, before spreading malware to steal the data of millions of credit cards. This perfectly illustrates the risks of cloud storage and it’s challenges to identity management: once an individual has access to the cloud, virtually every byte of data can be accessed if there is insufficient management.

Managing the authentication of each user on multiple devices is another challenge for identity and access management. Identity and access management services must consider that cloud-based data can be easily accessed by mobile and personal devices.

Authentication methods must be strong enough to handle lower levels of security measures on personal mobile devices. It has to confidently confirm the user’s identity before granting access to important apps or data. However, overly complicated authentication methods can cause users to simply find ways around security measures, effectively negating whatever safeguards were put in place.

Therefore, the ideal identity and access management product meets the challenge of user friendliness while still ensuring the strength of its authentication methods. Repeatedly demanding personally identifiable information (PII) is enough to turn anyone away from a product or application.

When all is said and done, cloud computing is a real handful for those managing proper identity and access. Stopping unwanted access, properly managing intra-cloud access for different users and handling mobile authentications are just some of the challenges for identity and access management.

2FA SingPass Singapore – Opening New Windows to the Corporate World

2fa singpass singapore

Singapore’s 2FA SingPass Personal Access System is a 2FA or 2-Factor Authentication security system designed to allow users unlimited online transactions with more than 60 government agencies in a seamless, safe and secure way.

The setup was introduced in the month of March 2003 and is managed byGovTech or the Government Technology Agency of Singapore. This agency takes care of systems by reviewing its efficacy on a regular basis and implements enhancements when needed, ensuring that the security cushion it provides is absolutely foolproof. This regular overhauling is needed to incorporate added security features to counter new security threats posed by the ever-changing market dynamics.

Why SingPass?
Since its inception, SingPass has undergone a number of enhancement features to include an improved version of the user interface, some value-added features specifically designed for smartphones and a wide array of stronger security capabilities. Some of the newly added features include an updated version of 2FA to safeguard digital transactions that involve dealing with sensitive and confidential information. This has made Singapore’s 2FA SingPass one of the most secured security systems in the world today.  

The ways to access it
With singapore’s 2fa singpass system, accessing data becomes completely seamless. Perhaps, this is why experts think that this system has opened a new horizon of security options to the business world of Singapore, like it has done for the rest of the world.

With the installation of the 2FA security system, users are required to enter their respective SingPass ID and corresponding passwords. Once done, they have to punch in a One Time Password (OTP) that they receive on their mobiles through SMS. At times, the OTP is also generated through a OneKey token. This OTP plays the all-important role of an additional layer of security in certain scenarios, and is the second factor in the 2-Factor authentication process. Users need to be extra cautious to protect the passwords, usernames and other personal information to safeguard their SingPass account. Here are some tips that will help users do so:

Sharing the login information:
It is imperative that the SingPass ID, password and 2FA details are kept absolutely confidential.

Re-using passwords is a strict no-no:
It is better not to reuse the passwords across different accounts. This applies in particular when browsing certain websites, which might not be secure. Login information can very well be hijacked from these websites and then be used for hacking the SingPass Account.

Regular change of passwords
It is best to keep on changing the password regularly to ensure safety and security of the 2FA SingPass Singapore Personal Access System.

Use of strong passwords
It is better to use stronger passwords, which are alphanumeric and are comprised of at least eight to twenty-four characters.

Be wary of phishing sites
There may be certain websites which resemble websites by the Singapore government, but are actually fake. These sites are meant for tricking the users and lure them to disclose the personal details. To make sure a site you’re using is not one of these phishing sites, it is imperative to check the URL prior to opening the site and see if it is correct. The genuine sites should have an address bar with a ‘lock’ sign icon in your web browser.

The inclusion of two-factor authentication into the Singapore government’s website security has helped protect the important personal data of over 5 million people in Singapore. It is no doubt an important tool in countering hacking and other illegal activities which could threaten the livelihood of many Singaporeans. Businesses can consider implementing the 2FA system into their own corporation, through corporate passes in Singapore. Social media sites such as Facebook and even Gmail are now offering users their own form of 2-Factor authentication, recognizing the importance of enhanced security in their web services. 2FA is likely the way forward, and we are only left to wonder what other new ways web developers can use to push website security even further.

Role of NEVIS in SingPass/CorpPass Integration

corporate pass singapore

NEVIS, AdNovum’s flagship security suite, is currently utilised by several financial institutions and government agencies across the world. With its modular nature and open interfaces, NEVIS allows for the smooth setup of SingPass and Corporate Pass (CorpPass) in Singapore, while eliminating the need for time-consuming modifications to current systems. With future-proof frameworks that maintain long-term security regardless of new expansions, NEVIS has proven to be a trusted partner to countless organisations and government establishments.

The way NEVIS enhances IT security while augmenting the current system’s usability is through its adaptive context-aware authentication (ACAA) plug-in, which analyses behavioural context data to map out a security profile specific to each individual logging in. By processing unique information such as login time, IP address, location, country, client device and security questions, the plug-in is able to determine whether to enable a user to login and access an application. During a login attempt, the user’s security profile is compared to the context data of the actual login. For instance, if a user tries to login at a time, location or through a device that is not well-recognised by NEVIS, the ACAA plug-in will treat the login attempt as abnormal and take the appropriate measures.

Additionally, ACAA does away with the hassle for two-factor authentication (2FA) that slows down the logging on process. Compared to 2FA, context-aware authentication is far more effective in protection against credential theft. In cases of credential theft, username/password combinations, tokens, smartcards, smartphones can be stolen and used to obtain unauthorised access to sensitive data. As the credentials of an authorised user is used, two-factor authentication systems may not recognise the login as malicious. On the other hand, context-aware security means that any logins that deviate from established behavioural data will be scanned as anomalies. As a result, attacks can be prevented the instance they occur.

Beyond fending off credential theft and sophisticated attacks, the ACAA plug-in works in the background, constantly monitoring and safeguarding critical information. Users can work uninterrupted and conduct online business transactions without the fear of being digitally compromised. This in turn enhances productivity levels of organisations in the long run. Aside from exorbitant security breaches no longer being a threat, businesses can also save costs on operating processes given the ease and convenience of NEVIS.

The workload is also distributed between users and security admin, through passive and active reactions to anomalous logins. Security warning emails are sent to the system administrator, when there is no need to involve the user, allowing them to focus on other important issues. In the event of an active response, the user may be required to solve a CAPTCHA. With NEVIS’s layered security, businesses are granted a secure digital environment to work in.

Furthermore, NEVIS provides highly comprehensive functionalities for SingPass and corporate pass (corppass) in singapore. With flexible configurations that do not require any coding knowledge, electronic services can be programmed to stay up-to-date on any future SingPass and CorpPass enhancements.

With its cost-effectiveness and future-forward security infrastructure, it is no wonder NEVIS is widely used among private and government organisations in Singapore.

Importance of Including IAM Products in IT Security Strategy

identity access management products

A comprehensive IT security strategy will not be complete without including identity and access management (IAM) products to protect the confidentiality of a business’s data and information systems. By having a well-planned IT security strategy that considers potential cyber threats and includes the best solutions, the business or organisation can quickly recover and focus on continuity. Threats can range from cyber attacks from competitors to a computer virus that caused software to malfunction. Regardless of their origin, cyber threats can result in massive losses for the business if confidential data is compromised or leaked. An effective IT security strategy can ensure that the business can defend itself against threats and prevent the exploitation of data and information systems.

Identity and access management is a detailed framework of policies and practices that are used to grant or deny an individual’s right to access protected resources. When incorporated into an IT security strategy, a business can use identity and access management products to control and monitor access to its applications, databases and servers. While controlling and monitoring access is a primary reason, there are several other secondary reasons why business should engage in identity and access management services.

The following are reasons why it is important for businesses and organisations to include IAM products in their IT security strategy:

Reduce chances of data breaches

With IAM solutions such as multi-factor authentication, the chances of security breaches are lowered, as users must provide more evidence to prove their identity before they can access a business’s resources. That will prevent users from accessing data that they were not authorised to know, allowing important information to be kept within the selected users with access. The use of encryption in IAM solutions will also ensure that sensitive user identity data is not compromised, reducing the chances of security breaches.

Create a centralised way to control access

As a business expands, its applications, databases and servers increase as well, creating a need for the IT professionals in the company to have a consistent way of controlling access. IAM solutions allow authorisation and authentication functionality to be consolidated on a single platform, creating a centralised method for access control. Thus, if a user leaves the business, the IT administrators can immediately revoke the user’s access, ensuring that the person can no longer access any of the business resources that are integrated with the IAM platform. Other than protecting the business’s data, IAM solution will also help to improve user experience, as customers can interact with the business through multiple platforms while enjoying the use of single sign-on (SSO) technology. Users will then not come across multiple security interactions that are preventing them from quickly accessing the resources, increasing their user experience and satisfaction.

Helps to reduce security costs

By including IAM products in its IT security strategy, a business can reduce its security costs in the long run. A single IAM platform enables security administrators to control and monitor user access more efficiently; ensuring the business remains protected from security threats even with less personnel on hand. Apart from saving on labour costs, IAM solution can also help to automate certain critical security aspects like managing identity authentication and authorisation, reducing the chances of costly mistakes being made.

For an IT security strategy to be effective, it is important that IAM products be included, as the business can then have greater control over users’ access to its resources. With greater control, IAM products can prevent cyber threats from gaining access to a business’s resources and eventually reduce business losses. Other than ensuring that the business is less likely to face issues like security breaches, IAM solution also allows the business to enjoy benefits like having a centralised platform for access control and cost reduction.

Top Benefits of Using MS Outlook Two Factor Authentication

outlook 2 step verification

When you try to access your Microsoft account, you may suddenly realize that your email account has been hacked. All your confidential information, from your bank details to your credit card details, are gone. Though you have set some form of online security to protect your email account, someone else was able to breach your data. If you have set the Microsoft Office outlook 2 step verification, you could have avoided the situation.

What is two-step authentication?
Two-step authentication, also known as two-tier verification, is a way to authenticate that your identity is genuine.

How does it work?
The first verification step starts the moment you try to log into your Microsoft account: you are asked to enter the username and the password. Microsoft Outlook two factor authentication is the second step that reconfirms the identity of the user. Outlook 2 step verification makes it difficult for anyone else to hack your account which reduces the risk factors.

How to activate two-step authentication?
You have to visit the Security Basics page from the Microsoft website and use the credentials of Microsoft account to log in. Click on the more security tab and turn Outlook 2 step verification on.

Two-step authentication using your smartphone:
As everybody has a smartphone these days and carries it while on the go, it is the most used tool for Outlook 2 step verification. Microsoft sends the authentication code that you need to enter after using the password to log onto your account.

Another well-known method is to receive the verification code on another email address of yours. You need to furnish the backup email address on which you want to receive the authentication code and enter the same when trying to sign into your Outlook account.

How does it protect your account?
As soon as you turn on the Microsoft Outlook email 2FA authentication, your email account will be secured. If someone tries to sign into your Outlook account from another country, the system will block him/her and you will be notified immediately. Even if you yourself use a new device to log into the account, Microsoft will send you an email at once.

Why should you turn on two-factor authentication?
If you think that password alone can secure the email account, you are wrong. There are applications that can generate billions of passwords within the fraction of a second. Moreover, there’s a tendency of users to set the same password for all their accounts, which makes it easier for the hackers to breach accounts. Thus, if you want to protect your email account, you need to activate Microsoft Outlook 2 step verification.

The 2FA email verification is important as it provides additional safety. Also, the authentication code mailed to your email account or contact number is hard to access by the hackers. The authentication code, along with the password can be used just once to log into your Microsoft account. It is similar to the one time password that you receive on your mobile while making any online transactions.

Deciding Between Single Sign-On and Federated Identity

saml authentication singapore

Before deciding between the Single Sign-on security mechanism and Federated Identity, let’s try to understand what they are.

Single Sign-On
Single sign-on (SSO) can be defined as a session and user verification service, which authorises the users to use a single set of credentials to log on and gain access to multiple applications. For instance, a user can gain access to Gmail, Hangout and Google Drive with a single username and password.

Federated Identity
Federated Identity or Federated Identity Management (FIM), on the other hand, is an arrangement which can be set up to connect multiple enterprises so that the subscribers can use a single identification for gaining access to multiple networks under all the enterprises of a specific group. For instance, once a user logs in to a particular application, the person can switch over to other applications like Facebook, Twitter, and LinkedIn and so on, without having to log in separately.

Choosing one over the other
Now the question is whether it is wise to opt for SSO over FIM or the other way round. Let’s dig deeper:
Of late, we have seen a lot of words being exchanged on this subject of the fraternity of IT professionals and Singapore business circle. There is a school of thought that is of the opinion that the two are synonymous. This is incorrect. The reality is if one looks at the concepts both of them tend to mean, there is enough room for confusion. The fact that there are some authentication products available on the market today has further fanned up the confusion.

Features of Single Sign-on
The concept of Single Sign-On authentication or SAML SSO grants authentication to the user to use all the domains, which are integrated under the mother application. Refer to the definition of SSO that has been mentioned at the start of this chapter. However, the mechanism also revokes other prompts, which may come up as and when the other users are simultaneously running active sessions on that application – something that happens in case of public domains like SingPass, used by thousands of users concurrently at any particular given point in time. That is the reason it uses 2FA SingPass corporate pass setup for optimal security and integrates them.

Features of Federal Identity
Federal Identity, on the other hand, links the electronic identity of an individual by considering them as attributes, which are stored in various identity management setups or systems. Naturally, this needs adherence to a set of certain guidelines for managing the identity of the user and policing on the same. The technology also describes certain standards, which can facilitate the portability of that identity across different domains of security – something that is the backbone of the Corpas integration concept used at present.

This particular setup is supported by another technology, which is known as Security Assertion Markup Language authentication or saml authentication. It is a process that facilitates the exchange of authentication and authorisation of data between multiple parties, for example between a service provider and an identity provider.

Hence, if we take into account all the aspects of this discussion, we can probably conclude that it is not the issue of opting for one security mechanism over the other. It is just opting for the right one, considering the security threat perceptions and taking the perfect decision to counter those threats. Both Single Sign-On and Federal Identity Management are perfect in their ways. It is just the prevailing business scenario and associated issues that determine the perfect authentication process that needs to be chosen.