All Posts By

Admin

UBER got hacked

By | Uncategorized | No Comments

Ride-sharing technology company Uber, concealed a hack that affected 57 million customers and drivers. The hack took place in 2016 and then-CEO Travis Kalanick reportedly was privy to the fact.

The hack was carried out by two perpetrators who were able to access a private GitHub coding site used by Uber software engineers. The hackers then accessed data stored on an Amazon Web Services account that handled computing tasks for the company. This, they were able to accomplish with login credentials they were able to obtain. These hackers then found an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company. The hackers were able to get 57 million names, email addresses and mobile phone numbers. The names and driver’s license numbers of around 600,000 drivers in the United States were also compromised.

What is coming out from many of the recent hacks is that the hacking happens in a chain of events. A person (mostly an employee of the company that gets hacked) also has accounts in other places that may not be so secure. The hacker picks up the login details, passwords and other credentials from those places and tries it out in the company account to get vital information. Hillary Clinton’s campaign hacking also happened that way where the hackers first got information from the gmail accounts which obviously were not so secure. The recent hacking at Onelogin had a similar Modus Operandi followed by the hackers.

 This points at two things. First, it is the Management of Identity of the person that is more important than just securing his company account. Second, hackers attack the weakest link in the chain to get vital clues that are then used to attack important accounts. In any case it is important to secure the vital accounts thru MFA (Multi Factor Authentication) and strong Password Management.

One Login hacked: Raises questions on selection of SSO Solutions

By | IDaaS | No Comments

Password Manager and Single Sign-On provider Onelogin recently got hacked. Company’s chief Security officer Alvaro Hoyos said it is working with law enforcement. Onelogin believes that all customers served by its US data centers are affected and customer data was potentially compromised.

It said “Our review has shown that a threat actor obtain access to a set of keys and used them to access the AWS API from an intermediate host with another, smaller service provider In the US.”

The above kind of increasing incidents clearly show there is a need to review the following while selecting a SSO solutions:

  • The data centers used by intermediate host (if any) of SSO solution providers.
  • Whether SSO solution is to be used in traditional “In premise” rather than cloud mode.
  • For information ILANTUS uses only Microsoft Azure and no intermediate hosts. ILANTUS also provides both cloud and In premise models.

ILANTUS ARaaS – Standard Access Review Service Package

By | Access Review as a Service | No Comments
Features Details
Who has Access to What Centralized view of users and their access

Intuitive administrative dashboards deliver information with summary of key usage and activity statistics

Access Recertification Up to four access recertification campaign to perform user access certification with maintain revoke capabilities on user’s and access
Closed Loop Remediation Manual revoke/disable of target system accounts if reviewer revokes access during re-certification
Auditing and Reports All user access

Orphan accounts

Access Certification

Alert & Notifications Email Notifications with pre-defined templates

ILANTUS ARaaS Solutions

By | Uncategorized | No Comments

The ILANTUS ARaaS cloud-based solution offers enterprises the ability to address complex business challenges – access governance, user administration and provisioning, password management, single sign-on – without any need for costly and complex on-premise systems and in-house skillsets. Built on industry leading and proprietary technologies, hosted ARaaS offers a comprehensive suite of features and options that enable organizations to take control over user management and compliance challenges cost-effectively, quickly, and with ease. Hosted ARaaS provides:

  • Quick Time to Value – Engineered to eliminate 70% to 80% of traditional deployment timelines.
  • Support – Minimize the complexity of solution management and support.
  • Choice – Eliminate the gaps in your current Identity solution with ILANTUS options.
  • Flexible – Choose the modules you want, when you want.
  • Secure – Compliant with industry certifications: SSAE 16 SOC1, SOC2 and ISO 27001

ILANTUS ARaaS Solution –Modular Approach

By | Access Review | No Comments

Access Review as a Service is a user friendly automated process with quick and easy implementation.  ILANTUS provides training to enable staff with the skills for tool adoption, ease of administration post implementation and with a Managed Services option that manages the environment during review cycles.  Professional and Managed Services differentiates ILANTUS with this cloud based solution driven by RSA technology.

Access Compliance Manager (ACM)

  • Access Review
  • Validation and Access Risks Analysis
  • Access Revocation through Help Desk
  • Review for Exceptional Access for SoD

Value: Engineered to eliminate 70% to 80% of traditional deployment timelines (Quick Time to Value).

ACM provides:

  • Value: Engineered to eliminate 70% to 80% of traditional deployment timelines (Quick Time to Value).
  • Support: Minimizes the complexity of solution management and support.
  • Choice: Eliminates the gaps in your current Identity solution with ILANTUS options.
  • Flexible: Allows you to choose the modules you want, when you want.
  • Secure: Compliant with industry certifications: SSAE 16 SOC1 and ISO 27001

Click here for more information

ILANTUS ARaaS Hosting Operations

By | ARaaS | No Comments
Components Availability
Availability The solution will be available for 12, 24 or 36 months as selected.

For the second and any following recertification cycles, 15 day advance notice is all that is required to gain full access to your environment.

Environments One environments: Production
Operations 24×7
Disaster Recovery Mean time to recovery after DR is 6 hours

Maximum  possible data loss after DR event is 1 hour

Service Level Agreements
Components Availability of Environment During Cycle
Hosted ARaaS – AGS Standard Access Review Service 99%

exclusive of maintenance windows

Application On-boarding Services for ARaaS

By | ARaaS | No Comments

ILANTUS Application On-boarding Services consists of expertly trained consultants that can fill the gaps in your knowledge or resource availability. ILANTUS provides three different options of engaging application on-boarding services

End to End Setup
  • Gather the integration requirements
  • Configure the application collectors
  • Perform the account assessment
  • Setup access review campaigns
  • Support testing and production migration
On Call Setup Support
  • Provide Email/Phone guidance as required to the TMX resource to successfully complete the application on-boarding
Hybrid Setup Support
  • Gather the integration requirements
  • Configure the application collectors
  • Provide Email/Phone guidance as required to the TMX resource to successfully complete the application on-boarding

Productised Cricket!

By | IAM | No Comments

Well, who does not know Cricket? One of the most popular games in the world. The roots of cricket goes back to centuries. Cricket has evolved over time. It has taken three major formats – Test, One-day and T20.

If you observe these formats – Test cricket is played for 4-5 days. Cricket lovers have to watch and wait for results. Sometimes no results. Then came the concept of one-day cricket .More exciting mode. Fifty overs per innings. A max of 6 – 8 hours for results. This mode in deed increased the cricket fans. The adoption was more. Then in recent few years T20 – the game changer. With T20 mode of cricket, the game has reached altogether to a new level. Twenty overs per innings. A max of 3-4 hours for the result. It has not only attracted lot of capital to the game but also huge audience. Quick results and the way the game engages spectators with thrill and excitement is making it more addictive. With ODI, test cricket is diminishing. With T20, ODI and Test Cricket are losing the spectators interest.

Spectators do not have time to watch and wait for long time to see the results. They neither want to understand the complexities. End of the day his/her experience with the game is what matters.

On the same lines drawing an analogy between the traditional and new era products, latter one should be like T20. Unlike with the traditional products, customers do not want months of implementation time frame and then start experiencing the product. Quick turnaround time is essential. New era products should keep end user excited and delighted with its features. The need of the market is “simple and swift”.

At ILANTUS our goal is to deliver “simple and swift” products. With the Agile framework we are able to set up T20 mode for our development and delivery. The process has enabled us to deliver the quality products in fast pace. We also continuously “listen” to our customers. Our internal process has helped us to incorporate customer feedbacks. We want our customer to have a delighted experience with our products.
Note: This blog is with due respect to all formats of Cricket.

Tired of using multiple user ids & passwords?

By | IAM, Xpress Password | No Comments
  • User ID and password combination is still the most common way through which users gain access to an application. Average number of applications that a user has access to is increasing with the proliferating applications on-premise and on the cloud. Hence the number of passwords that a user has to remember is proportionally increasing.
  • Complex password policies and password history requirements lead to more number of incidents for ‘Forgotten Passwords’.
  • Due to stringent IT Security compliance & audit requirements, each user should have their own account to access each application.
  • More and more organizations are embracing adoption of BYOD. Hence organizations need to ensure users have access to applications through all these devices.
  • With globalization, remote workforce is proliferating. Ensuring access to applications for these remote workforces is a top priority for the organizations.
  • Adoption of Mac workstations is proliferating. Lot of organizations has a mix of Windows and Mac workstations.
  • These challenges lead user to use multiple user ids and passwords with more complex password policies. It reduces the user conveniences and of course, their productivity. On the other hand, increases the help-desk calls/tickets as the users often forgot their passwords or locked out their applications accounts.
    According to Gartner, one of the main global IAM Market Research organization:
  • Approximately 30% of total call load for multipurpose help desks are password-related. Volumes are higher for limited-function call centers.
  • Hard costs for help-desk-related calls range from $3 to $18 (For North America organizations) per call. The lower end of the range pertains to call centers that provide predominantly administrative support; the higher end of the range pertains to help desks that have more highly compensated technical staff that perform multiple support functions in addition to password-related calls.
  • Also, the use multiple user ids & password may lead to security threats, as users will find short-cut ways to remember these passwords such as sticking those passwords on their workstations/laptops, use “easily guessed” password or commonly used passwords such as “P@ss1234”, “Abcd1234” etc.
    By using a Single Sign On solution or a Password Management tools, these challenges can be easily addressed.