Category

IDaaS

Nested multi-tenancy in IDaaS Next

By | IDaaS | No Comments

 

With the growing number for SaaS applications and cloud infrastructure and applications, each business unit in the organization is taking their own decision to get the best suitable solution to operate and support their businesses. Be it a Sales, Financial or Marketing department, they choose their own solutions. There is no dependency on IT team for deploying and/or supporting such solutions.

Similarly, the individual businesses that are part of the large business groups such as retail chains with multiple brands or financial service groups with various services are also in the same path to choose the supporting solutions for running their own business.

The challenges faced by IT Support team (a shared group in such enterprises) faces now are:

1. Difficult to define a common set of requirements on shared infrastructure solutions such as Single Sign-on, Password Management, User Provisioning etc. for all their business units/departments

2. Deploying, Managing & Supporting one single solution for such requirements

ILANTUS offers a simple but easy to setup solution for these challenges without any additional cost and effort: “Nested multi-tenant” feature.

With this feature, organization who uses ILANTUS latest Identity as a Service solution, IDaaS Next, can spin-off as many numbers of sub-tenants; each tenant for each business unit or department.

Each of these tenant act as an independent solution though it runs on the same codebase, the individual units can on-board their own users and applications for SSO, Password management and other Identity management operations. They can even brand the solution with their own logos and images. Access controls and other security aspects can be better managed in these nested solutions as each individual tenant can define their own controls in their solution.

[styled_button title=”White Paper” href=”https://www.ilantus.com/wp-content/uploads/2017/09/Nested-Multitenancy.pdf” link_target=”_blank” title_align=”text-center” display=”inline” button_height=”” text_size=”” letter_spacing=”” font_weight=”300″ text_color=”text-white” style=”style-1″ bg_color=”bg-main” icon=”” icon_size=”” icon_style=”” icon_color=”icon-color-main” border_width=”1″ border_style=”solid” border_radius=”” border_color=”border-color-main”]     [styled_button title=”Request a demo” href=”https://www.ilantus.com/single-sign-on/request-a-demo/” link_target=”_blank” title_align=”text-center” display=”inline” button_height=”” text_size=”” letter_spacing=”” font_weight=”300″ text_color=”text-white” style=”style-1″ bg_color=”bg-second” icon=”infinityicon-next” icon_size=”” icon_style=”right-icon” icon_color=”icon-color-white” border_width=”1″ border_style=”solid” border_radius=”” border_color=”border-color-second”]

How to choose an Access Management (AM) solution

By | Access Review, Access Review as a Service, ARaaS, IAM, IDaaS, Uncategorized | No Comments

“By 2019, more than 80% of organizations will use access management software or services, up from 55% today.” – Gartner, 2017

Access Management (AM) is evolving to support digital business requirements. AM increasingly works along with Identity Governance and Administration (IGA) and Data Sources.

 

Functions of Access Management

The Key functions of AM are listed below.
1. User Authentication – Verifying the identity of a user
2. Single Sign-On (SSO) – Allows a user to access multiple applications with one set of login credentials
3. Session Management – The process of managing the lifecycle of a user session
4. Coarse Grained Authorization – Allowing only members of a certain group or role to perform a privileged operation
5. Fine Grained Authorization – Allowing only a certain individual user to perform a specific action on a specific object within the target application
6. Security Token Services (STS) – The service component that builds, signs, and issues security tokens according to the WS-Trust and WS-Federation protocols

Access Management Solutions

There are various kinds of AM solutions available in the market.
1. Federated Authentication and Authorization Services: These solutions provide Standards-based SSO and coarse-grained authorization. However, they do not provide Session management and fine-grained authorization.
2. Traditional Web Access Manager (WAM) Software: These solutions provide SSO, Session management, STS, Authorization enforcement on fine-grained access targets and Legacy on-premises apps support. However, they do not provide Standards-based SSO, password vault-and-forward style web SSO, MFA, IGA functions
3. Externalized Authorization Manager (EAM) Software: The scope of these solutions is limited to providing Authorization enforcement on fine-grained access targets. However, they do not provide Authentication, SSO or STS. Strong entitlement governance and participation of target application developers are critical to success of implementation of these solutions.
4. IDaaS based Access Management: These solutions provide Standards-based SSO, Password Vaulting-and-Forwarding Style Web SSO, MFA, coarse-grained authorization, some IGA functions and reporting for web apps. However, they do not provide Fine-grained authorization enforcement. These solutions find handing of Legacy on-premises apps to be challenging and very few products offer this feature.

Gartner says that “By 2021, IDaaS will be the majority access management delivery model for new purchases, up from less than 20% today.”

Considerations for Decision Making
In this section we will look at some of the key considerations for decision making on the solution to be adopted for Access Management.
There are several Access Management solutions available in the market which are either:
1. Point Solutions that cater to one or more AM functions mentioned above at a great degree of depth.
2. Multi-function Solutions that cater to most of the AM functions mentioned above at a most commonly required level.

Components of Access Management
The key components to be kept in mind for selection of an Access Management solution are given below.
1. User Audience – Who is going to use the solution? This can be a combination of one or more of the below:
a. Employees
b. External users like contractors, partners
c. Consumers
Does the solution cater to all the constituents of the expected user audience?

2. Criticality and longevity of Target Applications in scope – Does the solution cater to all the critical target applications? Often, some of the applications that are currently in use would be replaced by other applications in the immediate, short or long term. Consider if the solution must address the application currently in use, the new application or both?

3. Endpoint Devices – Users are increasingly accessing their applications across several devices. At times these can also be Internet Connected Things. Does the solution cater to all the devices that users are expecting to access the applications over?

4. Application Architecture – Most of the times, different applications used in an organization follow a different architecture. Is the solution compatible with the architecture of the different target applications?

5. External Authentication and Authorization Options – There are solutions that support the externalization of authentication and authorization to commonly used providers such as Social ID providers. Does the solution support such externalization? Is this a requirement?

6. Location of logical and physical components of target applications – Security, Statutory and Regulatory Compliance requires the locations of the solution, data, physical and logical components to be at certain locations. Does the solution cater to these requirements?
Consider the above components based on the requirements of Target Systems and Applications of your organization. Also consider the current Solution in place and gaps in the solution to cater to the requirements.

Delivery Models
Access Management solutions are delivered as On-Premise, Cloud or Hybrid solutions. Consider the following:
• Organization size
• Compliance needs and risk adversity
• Need for support to legacy apps
• Availability of in-house IAM skills

Higher the level of the above considerations, On-Premise Software based solutions are recommended. If they are lower, Cloud based IDaaS solutions are recommended. Hybrid solutions can be considered where existing investments need to be leveraged.
With Cloud based IDaaS solutions, managing the solution is a shared responsibility and considerable responsibility of the solution is borne by the solution provider.

Risks vs Value
IDaaS based AM comes with its own risks. However, it delivers substantial value. Consider the following while deciding.

IDaaS based Access Management – Risks vs. Value

Risks Values
Security Staff augmentation
Availability User convenience
Supplier Rapid time to value
Compliance Operational improvements
Provider agility Security and availability

ILANTUS IDaaS Next
ILANTUS IDAAS is one of most in-depth and advanced fully-featured access management solution encompassing all the traditional elements of an Identity and Access Management solution with enterprise-grade identity governance capabilities that are always available, always up-to-date and accessible from any device, at any time.
Reach out to us at inquiry@ilantus.com to know more

Request a Demo

CIOs & CISOs may have to bear the brunt of Privacy Failures

By | Access Review, Access Review as a Service, ARaaS, IAM, IDaaS, Uncategorized | No Comments

 

The Chief Security Officers of Facebook, Twitter and Google all are leaving their companies, in the same week that Facebook announced that a researcher at Cambridge Analytica, who worked for the Trump campaign,  got hold of data on 50 million users.

The job of CISOs and CIOs is becoming more critical and risky. The Security vulnerability due to internal employee and company data being compromised is increasing at an alarming rate. More and more personal information going on internet and to service providers has been used by consumer product and service companies, sometimes with no limits. For example: Companies that are in the business of giving out loans are openly obtaining data from your mobile phones about your credits, salaries and other private data.

All these have helped companies in reducing risks of doing business and increasing sales. Unfortunately all  predictions are that the negative fallout of all this is around the corner. While Europe is bringing in GDPR and other Western Countries are getting to control data privacy, developing economies like India are in a pathetic situation with little action has been initiated so far.

The impact of the incoming fallout unfortunately will be borne by CIOs & CISOs. As it is, they are struggling with being given not enough listening and budgets.

 

 

Think 360 Degree: User Experience Optimized

By | IDaaS | No Comments

 

Think_360_Degree_User_Experience_Interface_Optimized

To stay at the forefront of your field, it’s fundamental to stay current – to read about the latest developments in human-centered design; to allow the best of the best to inspire and inject creativity into your own designs; to read, discuss and debate various points, merits, and opinions in the field of UX and UI.

The universe of user experience (UX) and user interface (UI) design has taken front and center stage: everyone seems to know the buzzwords, and your boss and/or clients want to know what you can do to improve not the hardware but customer experience. The field moves quickly as usability, accessibility, interaction, and visual design continue to advance.

When companies execute Digital/Infrastructure Transformation strategies, a typical goal is to move faster than the competition – Introduce new products faster. Service customers faster. Adapt to market change faster.

*The faster users can access their applications, the faster they execute.

Therefore, one should take a hard look at its user experience when talking about Single Sign-On specifically. It’s something that users access many times a day. It can be a bottleneck or a bullet train, depending on its usability — or lack thereof. In fact, a University of California study found that knowledge workers shift “working spheres” about every ten minutes. Since each of these shifts may involve a different set of apps, it helps to make single sign-on (SSO) as frictionless as possible.

Few of the common mistakes that companies commit when building a customer friendly UI is not treating Flexible Application Access and Access Experience parallelly. One needs to consider that every customer experience is supported by 3 major pillars: Flexible Access (any device), Unified Experience (Similar login experience across devices) and Easy to Adopt (by the customer) example, auto save changes, frequent used apps, mouse overs etc. though keeping in mind all to be achieved with as minimum clicks as possible.

With this in mind, ILANTUS has rebuilt the SSO login experience from the ground up to make accessing apps incredibly fast, convenient and delightful. Now enjoy iPhone like experience with all 3 pillars affecting customer experience on one single platform (ILANTUS SSO) for Androids, iOS, Desktops, Laptops and all other devices one can imagine.

You Gotta See It to Believe It.

[styled_button title=”Request a Demo” href=”https://www.ilantus.com/single-sign-on/request-a-demo/” link_target=”_blank” title_align=”text-center” display=”inline” button_height=”” text_size=”25″ letter_spacing=”” font_weight=”300″ text_color=”text-white” style=”style-2″ bg_color=”bg-second” icon=”” icon_size=”30″ icon_style=”” icon_color=”icon-color-white” border_width=”3″ border_style=”solid” border_radius=”5″ border_color=”border-color-second”]
 

By Sourav Tibrewal
Account Manager
Ilantus Technologies

What is Identity as a Service (IDaaS)?

By | IDaaS | No Comments

 

Experience the Difference

 

Identity as a Service (IDaaS) delivers identity management tools on demand via the internet in a simple and efficient way. However, are companies truly delivering tools specifically designed with the benefits of a cloud deployment or are vendors jumping on the cloud bandwagon and delivering “old wine in a new bottle?” One giant IT software provider is repackaging their decade-old solution to replicate the look and feel of the cloud service. Another company is delivering a cookie cutter approach: deliver 50% of the easy stuff while ignoring the more complex aspects of the software that would require a larger effort to deliver with smaller return on their investment. After five long years of development, IDaaS still touches only the tip of the iceberg without fulfilling the real needs.

For instance, Single Sign-On can only reach web/cloud applications; User Life Cycle management techniques cannot map more than 80% of processes and all the non-web complex applications; Governance that is truly yet to begin. To add to all this, the promise of delivering in a manner for users has not been fulfilled at all not to mention the ever increasing price points. This is not true IDaaS. ILANTUS’s latest development, “IDaaS 4U,” promises to offer true IDaaS that will fulfill the “real needs” rather than the hyped ones created by vendors.

 

[styled_button title=”Request a Demo” href=”https://www.ilantus.com/single-sign-on/request-a-demo/” link_target=”_blank” title_align=”text-center” display=”inline” button_height=”” text_size=”25″ letter_spacing=”” font_weight=”300″ text_color=”text-white” style=”style-2″ bg_color=”bg-second” icon=”” icon_size=”30″ icon_style=”” icon_color=”icon-color-white” border_width=”3″ border_style=”solid” border_radius=”5″ border_color=”border-color-second”]

   What is IDaaS Next

IDaaS> is an integrated solution that helps you manage, like never before, Identities within your organization; easily, economically and comprehensively.

Easy: For the first time users will be able to get experience that aligns with smart phones such as iPhone. The experience will be also identical across devices. This will make users continue with their existing experience rather that getting used to a new one.

Comprehensive: There will be few exclusion from more comprehensive but traditional IAM solutions. One can manage any application including Thick Client. One will be able to provision and deprovision application of any type, while mapping to many of their unique processes. For the first time, one will be able to have Access Governance solution and features that will help solve Audit & Compliance issue quickly.

Economical: The cost of the solution is less than 50% of solutions that are being sold today. This is true both for initial and recurring cost.

Many organizations look for a comprehensive Password Management system as resetting forgotten passwords is not all they want. ILANTUS has a comprehensive “Enterprise Password Management System” that has features only comparable to just a handful of products in the Industry.
“IDAAS 4U” is a journey, ILANTUS will deliver features and functions that will provide users with serious features while keeping the delivery quick and simple.

The ABC of Enterprise Mobile Management (EMM)

By | IDaaS | No Comments

Mobile Device Management (MDM) has rapidly expanded into EMM (Enterprise Mobile Management). The rapid growth and all pervasiveness of mobile devices has led to a significant expansion of domain.

EMM comprises of:

Mobile Device Management (MDM) has a user configuration profile & OS level controls – MDM has highly used device lifecycle management that can ensure remote wipe offs along with Endpoint Management.

Mobile Content Management deals with file level protection and secure content access – It has a content container and content push feature. It not only has app analytics but also can support the volume purchase and license management of apps.

Mobile Identity SSO, Certificate management, user access and trusted device assurance – Mobile Identity has user and device certificate management. App code signing is a must too.

Mobile App Management (MAM) Pre-configured apps, app level control. – Mobile App Management has support for OS extensions along with the enterprise app store.

VMware, MobileIron, IBM and Blackberry are the vendors that lead the market. It is interesting to note that none of the leaders have all the attributes in a satisfactory manner as the technology a market is still evolving. Microsoft is another vendor to watch as it is gaining rapid market share.

Tips Gartner’s Magic quadrant (MQ) vs Critical Capabilities Matrix in Access Management

By | IDaaS | No Comments

  1. Critical Capabilities matrix rather than MQ should be looked upon first if you are shortlisting a technology.
  2. MQ vendors may not be great in certain areas (Example: Geography like Asia-Pacific, less than 5000 employees etc)
  3. Legacy application coverage is a differentiator.
  4. Banking & Govt. are finally just about beginning to adopt cloud single sign-on & Access Management.
  5. MQ is almost old by the time it is published. It takes 6 – 9 months to prepare it, relative position of technology providers changes by then, sometimes quite significantly.

Enterprise Mobile Management

By | IDaaS | No Comments

As we are all aware Mobile Device Management (MDM) has rapidly grown into Enterprise Mobility Management (EMM). It comprises of MDM, MAM (Mobile Application Management) MCM (Mobile Content Management) and mobile Identity (to ensure trusted device/user Access, Certificate Management and SSO).

Some quick facts about vendors:

  • CISCO: a low-cost solution
  • Nation Sky: a relatively unknown name, #1 in China
  • SOTI: Industrial, rugged solution
  • Sophos: Good for SMB
  • Mobile Iron: A comprehensive but somewhat complex solution
  • IBM: Good support and service, sizeable SMB customers before acquisition
  • Blackberry: High security, not so great usability
  • Microsoft: Now has a single unified console, Growing rapidly
  • Vmware: Best solution, largest installed base
  • Citrix: With 2 CEO changes & other reasons has to find its feet

Zero Password for Signing On to Applications

By | IDaaS | No Comments

Accessing all enterprise assets and applications without a password? It is possible.

IDaaS Next offers zero password access to all enterprise assets and applications without any code changes on the target applications and yet create individual user sessions for each application access.

Let’s see how it is possible without compromising the security:

There are multiple scenarios where users need to user their passwords to get access to their assets & applications:

  1. Accessing Laptop/Desktop/Mobile
  2. Accessing various applications
  3. Changing the passwords on a regular interval

Now we see, how users can eliminate their passwords completely with the help of IDaaS Next solution:

Request a Demo

As a first step, users can access their domain-joined machines by swiping their fingers and get authenticated against AD. Once they authenticate with AD successfully, the IDaaS Next App Launcher Utility (ALU) gets invoked automatically and users are able to view the ALU launchpad with the applications that they can access, on their laptop/desktop. ALU leverages features “Integrated Windows Authentication” (IWA) feature to create the IDaaS Next session for the user who logged in to that machine with domain credentials.

Users can now access any of their authorized applications by just clicking on the application icon on the ALU launchpad. ALU launches the applications with the user’s session. ILANTUS can classify the applications that can be integrated with IDaaS Next in to any of the following three categories:

  1. Applications that support federation protocols
  2. Application that supports Web Authentication Security
  3. Thick-Client Applications

Thus users can access their assets and application without any passwords: yea, really Zero Password.

But this is not the end! IDaaS Next also offers automatic password changes. With this feature, IDaaS Next will generate random password (as per the enterprise password policies) for a user and changes his/her AD credential password and synchronize the same password to all other target applications that this user is authorized to access. With this, the user’s passwords for all assets and applications are getting changed on regular intervals thus ensuring the security. User can access the applications without keying in of any password.

4200 Kilometers of IDaaS Next

By | IDaaS | No Comments

 

I recently made a trip of Europe to take the message of IDaas Next (The break through identity management technology ILANTUS has launched) to customers and partners. The difference in this trip was: I decided to drive all the way. In a span of 7 days I covered 4200 kilometers. While this will not be any world record it was for me. It was literally living out of suitcase. One would hit the road at 4 am, travelling 500-600 kms, have business meetings from around noon till dinner, checking into a new hotel only to repeat the cycle next day. I covered UK, Netherlands, Germany, Poland & Czech Republic, to finally head back from Netherlands.

                                    

I have travelled all my life, more than most people. This visit however had its own uniqueness, I visited Poland & Czech Republic for the first time. Krakov in Poland was astonishing. My friends in Cap Gemini, Specially Bart & Greg had a great sense of pride in describing its history, they having being born these. KraKov has the largest town medivial square amongst any city in Europe. A lone woman with a beautiful voice in a misty night singing at the square was an experience never to forget. The salt mines at Krakov (The first ever site to be adopted by UNESCO) is fascinating. Prague is an another city I would like to visit as many times as possible. Declared by TIME magazine as the “most beautiful city on earth” its beauty is mesmerizing. There is something that puts it apart from any other city in the world. The fun on driving on Autobhan in Germany, with no upper speed limit, was like getting passport to freedom! Amsterdam has always had a special place in my heart. Being profoundly moved by Vincent Vorn Gogh, I have often visited his museum, It was my sixth travel to the place. His paintings have always moved me beyond expression, visiting this museum is no less than a pilgrimage for me.

Visiting my friends at Cap Gemini, some of them for the first time, was fun. In my heart I have rarely differentiated between a business and personal meeting. I believe we take our business objectives too seriously that leads to less rather them more results. Even in a business meeting we met the same human beings that have a heart beating inside. Yes, people can more gaurded in business meetings; it mostly gets dropping gourds first some of my best friends in life have come as an out come to business meetings. Made some good new friends at Capgemini, Deloite, DXEx and APG. I wish I could spend some more time with them.

Life is a journey. We travel for many decades on different roads, meet many people, experience the outer & inner worlds, go though varying emotions & finally complete the journey, only to begin one more at some point & time in the future. I feel these short travels of mine are micro examples of the macro journey of this lifetime. That’s why I love travelling!