IDENTITY AND ACCESS MANAGEMENT FOR A SECURE WFH

The Covid — 19 pandemic has disrupted the way enterprises globally access the corporate IT Network, Two changes are apparent

• Working remotely / from home is no more a privilege but a norm
• Enterprise’s big and small are adopting Cloud due to the flexibility it offers in a work from anywhere environment

These two changes have forced security professionals to re-architect the enterprise network as the End Point’s / Remote workers are highly prone to cyber-attacks.

Our earlier post was an attempt to initiate a broader discussion on the proposed secure access framework which was around three key pillars of endpoint protection.

• Endpoint access protection
• Endpoint threat Protection
• Endpoint data protection

In this post, we will delve deep into the “Endpoint Access Protection” aspect of “Secure Remote Access”. Endpoint access protection can be achieved by implementing SSO, MFA, Application control, Automated provisioning, and segregation of duties based on administrative roles and privileges.

Active Directory

Active directory is a collection of databases connecting users to enterprise networks and it is a setup to control real-time access to SaaS, web, desktop, and mobile applications.

User Provisioning and Deprovisioning

A critical part of IAM. It is an administrative level scheme involving creating users meaning the user is provisioned to the active directory and is eligible to access the applications and services assigned in its role, updating roles and privileges, and deleting user access meaning deprovisioning the user if he/she has left the organization.

Application Control

A preventative measure implemented in the enterprise infrastructure that blocks unauthorized application access that exposes the user to vulnerabilities, and monitoring of activities of the organization’s users on the company’s applications.

Single Sign On

Is the most convenient authentication scheme in federated identity systems. With user ID and password, it unifies the sign in to all the networks, devices, applications, and services of the organization respective of the executive’s privileges. Once signed in, the reentering of credentials again is nonessential.

Multi-factor Authentication

An effective authentication mechanism to identify the credibility of the sign-in attempt. It is an added line of defense after the user has entered the correct credentials like ID and password. It requires two or more identity factors successfully verified for accessing the corporate network and servers.

Privileged Access Management

A traditional system administers by the admin users, who have privileges and access to critical corporate data and multiple systems, who can securely manage and monitor other users.