Role of NEVIS in SingPass/CorpPass Integration

corporate pass singapore

NEVIS, AdNovum’s flagship security suite, is currently utilised by several financial institutions and government agencies across the world. With its modular nature and open interfaces, NEVIS allows for the smooth setup of SingPass and Corporate Pass (CorpPass) in Singapore, while eliminating the need for time-consuming modifications to current systems. With future-proof frameworks that maintain long-term security regardless of new expansions, NEVIS has proven to be a trusted partner to countless organisations and government establishments.

The way NEVIS enhances IT security while augmenting the current system’s usability is through its adaptive context-aware authentication (ACAA) plug-in, which analyses behavioural context data to map out a security profile specific to each individual logging in. By processing unique information such as login time, IP address, location, country, client device and security questions, the plug-in is able to determine whether to enable a user to login and access an application. During a login attempt, the user’s security profile is compared to the context data of the actual login. For instance, if a user tries to login at a time, location or through a device that is not well-recognised by NEVIS, the ACAA plug-in will treat the login attempt as abnormal and take the appropriate measures.

Additionally, ACAA does away with the hassle for two-factor authentication (2FA) that slows down the logging on process. Compared to 2FA, context-aware authentication is far more effective in protection against credential theft. In cases of credential theft, username/password combinations, tokens, smartcards, smartphones can be stolen and used to obtain unauthorised access to sensitive data. As the credentials of an authorised user is used, two-factor authentication systems may not recognise the login as malicious. On the other hand, context-aware security means that any logins that deviate from established behavioural data will be scanned as anomalies. As a result, attacks can be prevented the instance they occur.

Beyond fending off credential theft and sophisticated attacks, the ACAA plug-in works in the background, constantly monitoring and safeguarding critical information. Users can work uninterrupted and conduct online business transactions without the fear of being digitally compromised. This in turn enhances productivity levels of organisations in the long run. Aside from exorbitant security breaches no longer being a threat, businesses can also save costs on operating processes given the ease and convenience of NEVIS.

The workload is also distributed between users and security admin, through passive and active reactions to anomalous logins. Security warning emails are sent to the system administrator, when there is no need to involve the user, allowing them to focus on other important issues. In the event of an active response, the user may be required to solve a CAPTCHA. With NEVIS’s layered security, businesses are granted a secure digital environment to work in.

Furthermore, NEVIS provides highly comprehensive functionalities for SingPass and corporate pass (corppass) in singapore. With flexible configurations that do not require any coding knowledge, electronic services can be programmed to stay up-to-date on any future SingPass and CorpPass enhancements.

With its cost-effectiveness and future-forward security infrastructure, it is no wonder NEVIS is widely used among private and government organisations in Singapore.

Importance of Including IAM Products in IT Security Strategy

identity access management products

A comprehensive IT security strategy will not be complete without including identity and access management (IAM) products to protect the confidentiality of a business’s data and information systems. By having a well-planned IT security strategy that considers potential cyber threats and includes the best solutions, the business or organisation can quickly recover and focus on continuity. Threats can range from cyber attacks from competitors to a computer virus that caused software to malfunction. Regardless of their origin, cyber threats can result in massive losses for the business if confidential data is compromised or leaked. An effective IT security strategy can ensure that the business can defend itself against threats and prevent the exploitation of data and information systems.

Identity and access management is a detailed framework of policies and practices that are used to grant or deny an individual’s right to access protected resources. When incorporated into an IT security strategy, a business can use identity and access management products to control and monitor access to its applications, databases and servers. While controlling and monitoring access is a primary reason, there are several other secondary reasons why business should engage in identity and access management services.

The following are reasons why it is important for businesses and organisations to include IAM products in their IT security strategy:

Reduce chances of data breaches

With IAM solutions such as multi-factor authentication, the chances of security breaches are lowered, as users must provide more evidence to prove their identity before they can access a business’s resources. That will prevent users from accessing data that they were not authorised to know, allowing important information to be kept within the selected users with access. The use of encryption in IAM solutions will also ensure that sensitive user identity data is not compromised, reducing the chances of security breaches.

Create a centralised way to control access

As a business expands, its applications, databases and servers increase as well, creating a need for the IT professionals in the company to have a consistent way of controlling access. IAM solutions allow authorisation and authentication functionality to be consolidated on a single platform, creating a centralised method for access control. Thus, if a user leaves the business, the IT administrators can immediately revoke the user’s access, ensuring that the person can no longer access any of the business resources that are integrated with the IAM platform. Other than protecting the business’s data, IAM solution will also help to improve user experience, as customers can interact with the business through multiple platforms while enjoying the use of single sign-on (SSO) technology. Users will then not come across multiple security interactions that are preventing them from quickly accessing the resources, increasing their user experience and satisfaction.

Helps to reduce security costs

By including IAM products in its IT security strategy, a business can reduce its security costs in the long run. A single IAM platform enables security administrators to control and monitor user access more efficiently; ensuring the business remains protected from security threats even with less personnel on hand. Apart from saving on labour costs, IAM solution can also help to automate certain critical security aspects like managing identity authentication and authorisation, reducing the chances of costly mistakes being made.

For an IT security strategy to be effective, it is important that IAM products be included, as the business can then have greater control over users’ access to its resources. With greater control, IAM products can prevent cyber threats from gaining access to a business’s resources and eventually reduce business losses. Other than ensuring that the business is less likely to face issues like security breaches, IAM solution also allows the business to enjoy benefits like having a centralised platform for access control and cost reduction.

Top Benefits of Using MS Outlook Two Factor Authentication

outlook 2 step verification

When you try to access your Microsoft account, you may suddenly realize that your email account has been hacked. All your confidential information, from your bank details to your credit card details, are gone. Though you have set some form of online security to protect your email account, someone else was able to breach your data. If you have set the Microsoft Office outlook 2 step verification, you could have avoided the situation.

What is two-step authentication?
Two-step authentication, also known as two-tier verification, is a way to authenticate that your identity is genuine.

How does it work?
The first verification step starts the moment you try to log into your Microsoft account: you are asked to enter the username and the password. Microsoft Outlook two factor authentication is the second step that reconfirms the identity of the user. Outlook 2 step verification makes it difficult for anyone else to hack your account which reduces the risk factors.

How to activate two-step authentication?
You have to visit the Security Basics page from the Microsoft website and use the credentials of Microsoft account to log in. Click on the more security tab and turn Outlook 2 step verification on.

Two-step authentication using your smartphone:
As everybody has a smartphone these days and carries it while on the go, it is the most used tool for Outlook 2 step verification. Microsoft sends the authentication code that you need to enter after using the password to log onto your account.

Another well-known method is to receive the verification code on another email address of yours. You need to furnish the backup email address on which you want to receive the authentication code and enter the same when trying to sign into your Outlook account.

How does it protect your account?
As soon as you turn on the Microsoft Outlook email 2FA authentication, your email account will be secured. If someone tries to sign into your Outlook account from another country, the system will block him/her and you will be notified immediately. Even if you yourself use a new device to log into the account, Microsoft will send you an email at once.

Why should you turn on two-factor authentication?
If you think that password alone can secure the email account, you are wrong. There are applications that can generate billions of passwords within the fraction of a second. Moreover, there’s a tendency of users to set the same password for all their accounts, which makes it easier for the hackers to breach accounts. Thus, if you want to protect your email account, you need to activate Microsoft Outlook 2 step verification.

The 2FA email verification is important as it provides additional safety. Also, the authentication code mailed to your email account or contact number is hard to access by the hackers. The authentication code, along with the password can be used just once to log into your Microsoft account. It is similar to the one time password that you receive on your mobile while making any online transactions.

Deciding Between Single Sign-On and Federated Identity

saml authentication singapore

Before deciding between the Single Sign-on security mechanism and Federated Identity, let’s try to understand what they are.

Single Sign-On
Single sign-on (SSO) can be defined as a session and user verification service, which authorises the users to use a single set of credentials to log on and gain access to multiple applications. For instance, a user can gain access to Gmail, Hangout and Google Drive with a single username and password.

Federated Identity
Federated Identity or Federated Identity Management (FIM), on the other hand, is an arrangement which can be set up to connect multiple enterprises so that the subscribers can use a single identification for gaining access to multiple networks under all the enterprises of a specific group. For instance, once a user logs in to a particular application, the person can switch over to other applications like Facebook, Twitter, and LinkedIn and so on, without having to log in separately.

Choosing one over the other
Now the question is whether it is wise to opt for SSO over FIM or the other way round. Let’s dig deeper:
Of late, we have seen a lot of words being exchanged on this subject of the fraternity of IT professionals and Singapore business circle. There is a school of thought that is of the opinion that the two are synonymous. This is incorrect. The reality is if one looks at the concepts both of them tend to mean, there is enough room for confusion. The fact that there are some authentication products available on the market today has further fanned up the confusion.

Features of Single Sign-on
The concept of Single Sign-On authentication or SAML SSO grants authentication to the user to use all the domains, which are integrated under the mother application. Refer to the definition of SSO that has been mentioned at the start of this chapter. However, the mechanism also revokes other prompts, which may come up as and when the other users are simultaneously running active sessions on that application – something that happens in case of public domains like SingPass, used by thousands of users concurrently at any particular given point in time. That is the reason it uses 2FA SingPass corporate pass setup for optimal security and integrates them.

Features of Federal Identity
Federal Identity, on the other hand, links the electronic identity of an individual by considering them as attributes, which are stored in various identity management setups or systems. Naturally, this needs adherence to a set of certain guidelines for managing the identity of the user and policing on the same. The technology also describes certain standards, which can facilitate the portability of that identity across different domains of security – something that is the backbone of the Corpas integration concept used at present.

This particular setup is supported by another technology, which is known as Security Assertion Markup Language authentication or saml authentication. It is a process that facilitates the exchange of authentication and authorisation of data between multiple parties, for example between a service provider and an identity provider.

Hence, if we take into account all the aspects of this discussion, we can probably conclude that it is not the issue of opting for one security mechanism over the other. It is just opting for the right one, considering the security threat perceptions and taking the perfect decision to counter those threats. Both Single Sign-On and Federal Identity Management are perfect in their ways. It is just the prevailing business scenario and associated issues that determine the perfect authentication process that needs to be chosen.

Understanding CorpPass and its role in corporate transactions

identity and access management services The newly launched corporate digital identity in Singapore, Corporate Pass or CorpPass is a revolutionary system that aims to change the way companies handle digital transactions with the government. With the CorpPass, a business organisation no longer needs to use their own SingPass account in order to perform transactions such as applying for trade licenses and business grants. It becomes simpler to separate the personal transactions from the corporate ones. Here are a few pieces of important information about the CorpPass.

Continue reading “Understanding CorpPass and its role in corporate transactions”

Top Identity and Access Management Challenges in Business Environment

Modern businesses vouch for incorporation of foolproof identity access management (IAM) system. Businesses in Singapore favor IAM implementation so that sensitive data and information aren’t stolen through hacking or data theft. Implementation of identity access management is extremely challenging; however, companies have to address and overcome them by framing a robust policy.

Continue reading “Top Identity and Access Management Challenges in Business Environment”

5 Reasons Your Company Needs Identity and Access Management

identity and access management productsBefore we take a detailed look at the issues surrounding identity and access management (IAM), let us first understand what it is. This is a highly technical issue. However, it can ordinarily be defined as a computerized security discipline, which is structured to offer access to confidential resources to appropriate personnel at suitable times, for official or business purposes. There are a number of reasons to use a foolproof identity and access management system. Let us discuss at least 5 of them.

Continue reading “5 Reasons Your Company Needs Identity and Access Management”

How to Secure Your Email With Outlook 2 Step Verification

outlook 2 step verificationMicrosoft Office outlook two factor authentication ensures that your Microsoft account is protected and no one else can log into your email. 2-step verification uses your credentials as well as your contact number (known as security data). Even though there is a chance that someone gets access to your password, he/she cannot break into your email account without accessing the security data. It is no different in Singapore. That’s why you should always make sure no two or more passwords are same while manning different accounts.

Continue reading “How to Secure Your Email With Outlook 2 Step Verification”

5 Highly Effective Yet Simple Methods of Securing a Website

With recent reports of security breaches on banks, federal agencies, big multinationals, and many other companies worldwide, ask yourself how secure your website is. Hackers target sensitive clients’ information and even risk draining your company and siphoning clients’ money using the stolen data. While the issue of cyber security is a very complex one because it keeps changing from time to time, it is still possible to secure your website using the following 5 simple methods.

Continue reading “5 Highly Effective Yet Simple Methods of Securing a Website”