All Posts By

Manju Negi

IAM and SAP: Thick-Client Support

By | IAM | No Comments

You’ve got a powerful ERP solution that helps with resource planning and does a great job of it. There’s no doubt that its SAP.

But, while SAP has Single Sign-On (SSO) to its own solution and to apps that connect with it, it is left outside of the scope of SSO and Provisioning that connects all apps within your Identity and Access Management solution.

SAP is a thick-client app, and pretty much nobody wants to integrate with these kinds of apps. They rationalize that, someday in a distant future, thick-client apps will be entirely replaced by web-based apps, and therefore that their solutions are future proof.

But this future is not very likely and is not the real reason that the bulk of the industry has no solution for these apps. It is because thick-client app support is cumbersome and expensive to develop – and because developing such as solution has a poor ROI as only a small fraction of all business apps are of this kind. It is monumentally cheaper to just provide IAM for web-based apps and bottom-lines are padded nicely.

But you need support for thick-client apps. A security system is only worth its weakest link. Certain industries like banking and manufacturing choose to use thick-client over web-apps for security reasons. It’s safer to use apps that are local when important financial information is being processed. Devices used in the manufacturing industry also must function on thick-client apps because they are not networked by design. And even if you do not fall in one of these categories, you still use apps like SAP. With such a critical app left out of your SSO solution, your security and productivity fall to a lower rating.

ILANTUS Niche Identity, Compact Identity and Cloud Identity solutions all integrate seamlessly with SAP and other thick-client apps. We hold several patents for the technology that enables us to do this and we are the only vendor in the industry who can properly SSO and Provision to thick-client apps.

ILANTUS cares about security and about improving the productivity of your organization. We engineer our products based on 18 years of experience serving customers and know what makes a solution real and viable. That’s why we developed thick-client support, and that’s why you should choose us as an IAM vendor.

 

Another day, another data breach…are you kidding?!

By | IAM | No Comments

Insider breaches…outsider breaches…. breaches are breaches. Both can be serious, and both can be prevented. However, one of these breaches falls back on a company’s leadership and management as a serious breach in trust.

The insider breach is almost more serious in its threat because employees may feel betrayed by their own organization for not being vigilant and taking steps to ensure that former employees are locked out of any system they had access to. And of course, companies prefer to keep the unsettling news quiet because of how unsettled insiders in the organization and outsiders could become. (When Target was breached a few years ago, even though I did not have a Target card that could have been breached, it took me years as an outsider to go back to shopping at Target.)

So, this week we hear that Coca Cola had a data breach by a former employee. And we hear that Sun Trust Bank had a data breach by a former employee and these are the ones we hear about. How many more are being kept under wraps for obvious PR reasons?

The ability to expose any information about a company comes from access. And in order to be secure in order to know that access is appropriate…a company must know who has access to what and check on that access periodically with a secure way of checking.

  • How much information does an employee need to do the job they are assigned to.
  • And how many accesses does an employee have when reassigned…what has been retained but not needed in the new role.
  • And how efficient is the system to shut down those accesses when an employee leaves.

At ILANTUS Technologies, we hear many stories about companies who understand the seriousness of access but may do not take access review seriously enough. Accesses are assigned but then reviewed manually. And here comes the problem with manual review…unintentional mistakes which lead to audit failures.
Risks are inherent in user access simply because people can be vindictive or can make mistakes as the access holders or the access reviewers. The access reviewers have to have a process that is risk free and efficient to ensure each employee has the proper freedom of access to the company and that the company is not at risk because of those accesses.

Many companies look at the automated process as expensive. Expensive compared to what? Expensive as compared to the salary of the manual reviewers. We meet with people who tell us that they don’t want to pay any more than what they currently pay. But how much do those manual reviewers cost the company when mistakes are made, be they unintentional or intentional?

According to Bill Gates:
“The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency.”

Automation does incur cost. However, the ROI is accuracy, efficiency and security. It also requires a mindset shift. How much more of a mindset shift do you need to prevent your company from hitting the front page in the “Today’s Data Breach Report” section.

There is no doubt that user access reviews can protect a company’s greatest asset…it’s information. Is that worth the risk a manual process can pose or is that worth the determination to find an automated security system to keeps the data doors locked tight because proper accesses are keyed into the security system.

At ILANTUS, we know companies need to engage in secure access management. We’ve been in the Identity and Access Management domain since its inception and have never branched away from this core. We take this seriously. Let us show you how that translates into a system that will work for your company.

 

Does your Applications Continue to have Orphan Accounts

By | IAM | No Comments

What is orphan Account?

Has your Employee already left the organization, and your It Team/Application team has still not deactivated their accounts on application where the user had access before?

This is one of the common mistake that on it group continue to make. Where they don’t manage the user’s account and their responsibilities/ Access/Entitlements/Roles etc.

It can be really dangerous to have such accounts left orphan, where other active users can gain the Access to application such accounts seals potential security holes in the network.

Traditional /Manual Termination process:

 


when an employee leaves the organization , unflagging his/her identity from the  can be a job of 5 seconds changes  to a  never ending process. The organization security with application depends on how good is their IT groups who understands Provisioning/De provisioning . And how quickly it groups can remove the left Employee Access from different -different applications.

Sometimes I have seen some employee installs application with their personal account, users for its official purpose. When this employee leaves the organization, the other colleagues keep using the application with the same login credentials (by now it because a shared accounts) which of course does not fall under best practice, but somehow employee agree not to share it with Audit.

Ilantus helps in automatically manage the orphan accounts

 

  • Right after Employee left the organization
  • All history orphan Accounts identification.
  • Disabling/Deleting all found orphan Accounts across Applications.
  • Better management of shared accounts
  • Where one of the shared Accounts leaves the organization

Ilantus automatically can

 

  • Change the password of the used accounts.
  • Notify the other active user/admin with new random generated password

 

Re-certification camp again automatically sent to Manager/App owner/Internal Auditor/etc to review the orphan accounts, where they can perform their decision.

 

  • Disable Accounts.
  • Delete Accounts
  • Lock Accounts
  • Custom Action etc…