Category

Uncategorized

Cinderella’s Slipper for IAM: ILANTUS’ Compact Identity Fits SMEs like a Glove

By | Uncategorized | No Comments

Searching High and Low for a Solution that Actually has Your Small or Medium Enterprise in Mind

Like Prince Charming searching for the girl who fits his glass slipper, you have been searching for the solution that fits your SME organization perfectly. You have looked far and wide – at small and large vendors alike – but the CAs and Oktas of the world simply don’t seem to want to fulfil your needs. They create and sell solutions that are generic and try to sell the same solution to everyone. You pay through the nose for features that you most likely will never use.

Extremely Poor ROI

We have learned, through customer feedback and through the grapevine, that customers often pay millions for IAM solutions that never get fully implemented. They are blocked in utilizing the features that they need by features that are added within the flow of the product but are designed for other kinds of companies. An organization may buy a solution for millions of dollars, see a 1 or 2 year implementation time, and find that only 5 applications have been integrated at the end of this period. They also frequently find themselves on the dashboard of these products, being asked to choose options for features they don’t want – and being unable to progress further in using the solution unless they choose one of the options.

Not to mention that building a product that is designed for every possible use case in mind (while, in truth, many essential use cases are ignored and only ‘popular and easy to answer or easy to sell’ use cases are provided for) is a monumentally expensive task that shows in the end in the customer’s cost.

So many organizations (especially SMEs) are forced by most IAM vendors to purchase extremely expensive solutions that a) don’t have some of the features that are required and b) are bloated solutions that are too complex for a typical SME’s needs.

Refreshingly Honest IAM

ILANTUS Compact Identity is the first solution in the IAM industry that has been engineered and priced especially for SMEs. It has everything that an SME typically needs in terms of Single Sign-On, Password Management, User Lifecycle Management and Access Governance, costs a fraction of what other vendors offer, and isn’t overly complex. This is aside from the fact that it takes only a few weeks – not years – to fully implement.

The (Sad) State of the IAM Landscape

A good standard to judge a vendor – particularly in an industry such as IAM that should have a strong ethical foundation– is whether they cater to the existing needs of organizations by securing them as they are. Unfortunately, the IAM industry is full of vendors looking for just another business opportunity. They create solutions that are responses to the trending IT landscape (eg. Public Cloud), without a care for the actual situation of potential customers. They tell you that cloud is the future (it is), and that you must migrate to it to avail their solutions. The biggest example of this behavior is the complete lack of Single Sign-On and Provisioning support in the industry for thick-client apps. All kinds of organizations still rely heavily on thick-client apps such as ERPs (SAP etc.) and other device specific apps (like in manufacturing). It is both too expensive, and sometimes a poor idea in terms of security to migrate. It is sometimes safer to have a local, on-premise server and app installation than to have it on a Public Cloud. The industry, sadly, has chosen to completely ignore this because ‘the cloud is the future’ and they feel that that’s where the real money is.

ILANTUS Compact Identity features patented technology that can Single Sign-On and Provision to thick-clients. It can also be hosted on public cloud, private cloud, or on-premise.

What is clear here is that organizations (especially SMEs) are currently getting the short end of the stick from the IAM industry. The sharks that have taken over the vendor landscape only really care about bottom lines and not about providing proper security, ease of access, and integrating admin security functions and protecting people the best they can from cyber-threats.

ILANTUS’ Call to Truth

Here’s where ILANTUS is different. It is our vision, mission and core belief that everyone deserves excellent IAM solutions that are suited to their pockets and needs. We believe that solutions should help customers – not bleed them. They should protect them at all costs – not cost them to protect themselves. They should enhance user experience through ease of access (which improves security) and give admins an integrated IT security experience by providing things like an Identity Repository that collects information from Enterprise Directories and HR and presents a unified statement. This, we believe, is our responsibility as an IAM company. Just as the military exists to serve as the defense of a nation, IAM providers exist to protect organizations and their customers from cyber-crime.

ILANTUS is committed 100% to this vision, urges other vendors to do the same, and provides solutions such as Compact Identity which does what other solutions do not – provides cost-effective, perfect-fit cybersecurity that is constantly being improved.

How to choose an Access Management (AM) solution

By | Access Review, Access Review as a Service, ARaaS, IAM, IDaaS, Uncategorized | No Comments

“By 2019, more than 80% of organizations will use access management software or services, up from 55% today.” – Gartner, 2017

Access Management (AM) is evolving to support digital business requirements. AM increasingly works along with Identity Governance and Administration (IGA) and Data Sources.

 

Functions of Access Management

The Key functions of AM are listed below.
1. User Authentication – Verifying the identity of a user
2. Single Sign-On (SSO) – Allows a user to access multiple applications with one set of login credentials
3. Session Management – The process of managing the lifecycle of a user session
4. Coarse Grained Authorization – Allowing only members of a certain group or role to perform a privileged operation
5. Fine Grained Authorization – Allowing only a certain individual user to perform a specific action on a specific object within the target application
6. Security Token Services (STS) – The service component that builds, signs, and issues security tokens according to the WS-Trust and WS-Federation protocols

Access Management Solutions

There are various kinds of AM solutions available in the market.
1. Federated Authentication and Authorization Services: These solutions provide Standards-based SSO and coarse-grained authorization. However, they do not provide Session management and fine-grained authorization.
2. Traditional Web Access Manager (WAM) Software: These solutions provide SSO, Session management, STS, Authorization enforcement on fine-grained access targets and Legacy on-premises apps support. However, they do not provide Standards-based SSO, password vault-and-forward style web SSO, MFA, IGA functions
3. Externalized Authorization Manager (EAM) Software: The scope of these solutions is limited to providing Authorization enforcement on fine-grained access targets. However, they do not provide Authentication, SSO or STS. Strong entitlement governance and participation of target application developers are critical to success of implementation of these solutions.
4. IDaaS based Access Management: These solutions provide Standards-based SSO, Password Vaulting-and-Forwarding Style Web SSO, MFA, coarse-grained authorization, some IGA functions and reporting for web apps. However, they do not provide Fine-grained authorization enforcement. These solutions find handing of Legacy on-premises apps to be challenging and very few products offer this feature.

Gartner says that “By 2021, IDaaS will be the majority access management delivery model for new purchases, up from less than 20% today.”

Considerations for Decision Making
In this section we will look at some of the key considerations for decision making on the solution to be adopted for Access Management.
There are several Access Management solutions available in the market which are either:
1. Point Solutions that cater to one or more AM functions mentioned above at a great degree of depth.
2. Multi-function Solutions that cater to most of the AM functions mentioned above at a most commonly required level.

Components of Access Management
The key components to be kept in mind for selection of an Access Management solution are given below.
1. User Audience – Who is going to use the solution? This can be a combination of one or more of the below:
a. Employees
b. External users like contractors, partners
c. Consumers
Does the solution cater to all the constituents of the expected user audience?

2. Criticality and longevity of Target Applications in scope – Does the solution cater to all the critical target applications? Often, some of the applications that are currently in use would be replaced by other applications in the immediate, short or long term. Consider if the solution must address the application currently in use, the new application or both?

3. Endpoint Devices – Users are increasingly accessing their applications across several devices. At times these can also be Internet Connected Things. Does the solution cater to all the devices that users are expecting to access the applications over?

4. Application Architecture – Most of the times, different applications used in an organization follow a different architecture. Is the solution compatible with the architecture of the different target applications?

5. External Authentication and Authorization Options – There are solutions that support the externalization of authentication and authorization to commonly used providers such as Social ID providers. Does the solution support such externalization? Is this a requirement?

6. Location of logical and physical components of target applications – Security, Statutory and Regulatory Compliance requires the locations of the solution, data, physical and logical components to be at certain locations. Does the solution cater to these requirements?
Consider the above components based on the requirements of Target Systems and Applications of your organization. Also consider the current Solution in place and gaps in the solution to cater to the requirements.

Delivery Models
Access Management solutions are delivered as On-Premise, Cloud or Hybrid solutions. Consider the following:
• Organization size
• Compliance needs and risk adversity
• Need for support to legacy apps
• Availability of in-house IAM skills

Higher the level of the above considerations, On-Premise Software based solutions are recommended. If they are lower, Cloud based IDaaS solutions are recommended. Hybrid solutions can be considered where existing investments need to be leveraged.
With Cloud based IDaaS solutions, managing the solution is a shared responsibility and considerable responsibility of the solution is borne by the solution provider.

Risks vs Value
IDaaS based AM comes with its own risks. However, it delivers substantial value. Consider the following while deciding.

IDaaS based Access Management – Risks vs. Value

Risks Values
Security Staff augmentation
Availability User convenience
Supplier Rapid time to value
Compliance Operational improvements
Provider agility Security and availability

ILANTUS IDaaS Next
ILANTUS IDAAS is one of most in-depth and advanced fully-featured access management solution encompassing all the traditional elements of an Identity and Access Management solution with enterprise-grade identity governance capabilities that are always available, always up-to-date and accessible from any device, at any time.
Reach out to us at inquiry@ilantus.com to know more

Request a Demo

CIOs & CISOs may have to bear the brunt of Privacy Failures

By | Access Review, Access Review as a Service, ARaaS, IAM, IDaaS, Uncategorized | No Comments

 

The Chief Security Officers of Facebook, Twitter and Google all are leaving their companies, in the same week that Facebook announced that a researcher at Cambridge Analytica, who worked for the Trump campaign,  got hold of data on 50 million users.

The job of CISOs and CIOs is becoming more critical and risky. The Security vulnerability due to internal employee and company data being compromised is increasing at an alarming rate. More and more personal information going on internet and to service providers has been used by consumer product and service companies, sometimes with no limits. For example: Companies that are in the business of giving out loans are openly obtaining data from your mobile phones about your credits, salaries and other private data.

All these have helped companies in reducing risks of doing business and increasing sales. Unfortunately all  predictions are that the negative fallout of all this is around the corner. While Europe is bringing in GDPR and other Western Countries are getting to control data privacy, developing economies like India are in a pathetic situation with little action has been initiated so far.

The impact of the incoming fallout unfortunately will be borne by CIOs & CISOs. As it is, they are struggling with being given not enough listening and budgets.

 

 

Passwords have been eating our brains

By | IAM, Uncategorized | No Comments

Passwords

In the last twenty years authentication is based primarily on three factors: something a person “knows”, “has” and “is”. This led to the emergence of authentication based on (passwords, PINs, images, pattern), devices (smartcard & USB tokens, OTP etc) and biometric traits (biological and behavioral based systems).

Last five years have seen the emergence of a fourth factor. “Risk-based authentication”. This can take into account a number of factors, user and network information, positive device identification, user profiling etc. Based on the status & information of these factors a risk score is calculated by the authentication system. If the risk score exceeds a threshold the level of authentication is elevated. Else access with minimum authentication is allowed.

FIDO Alliance (Fast Identity Online)  is a consortium launched in 2013 to address the issues caused by lack of inter-operability among authentication devices and problems faced with password management. This technology is being increasingly used in Risk-Based Authentication.

With major advances in authentication technology, the password-less world is finally knocking at our doors!

[styled_button title=”Request a Demo” href=”https://www.ilantus.com/xpress-password-manager/request-a-demo/” link_target=”_blank” title_align=”text-center” display=”inline” button_height=”” text_size=”25″ letter_spacing=”” font_weight=”300″ text_color=”text-white” style=”style-2″ bg_color=”bg-second” icon=”” icon_size=”30″ icon_style=”” icon_color=”icon-color-white” border_width=”3″ border_style=”solid” border_radius=”5″ border_color=”border-color-second”]

Success Begins with User Adoption

By | IAM, Uncategorized | No Comments

More than half of all IT project implementations fail to get adopted in organizations worldwide. These
failures are seldom because of the technology used or the product implemented. Frequently, it is a
problem with an insufficient understanding of the business’ goal and users’ needs. A successful system
that is not adopted is as good as a failed system.

At ILANTUS, user adoption is a vital discussion point from the phase of requirement gathering. With over
16 years of experience in IDAM solution implementations, ILANTUS has assisted multiple businesses in
putting together a comprehensive adoption plan and there by has helped steer them towards a
successful implementation with contended users. Various aspects impact user adoption and these
should be carefully managed.

Know the User and the Need
Understanding the end user landscape and fulfilling their needs are key aspects to the success of any
solution implementation. The reason why an organization is looking for a single sign on or password
management solution must be clearly understood. The solution being implemented should constitute all
use cases that the end users are looking forward to. Adoption starts when the user has a convincing
reason to interact with the system.

Anticipate Resistance
Human beings are naturally averse to change, and a technology implementation is no different. This is
the reason why end user training is of paramount importance. The user should be educated about the
new solution and how he will benefit by it. The training sessions should help build affinity and
awareness of the new system and in return a desire to use it. These training sessions should be relevant
and tailored to the specific audience. ILANTUS products have many niche features that help users get
accustomed to the system faster without hassle.

Market to the End User
Most organizations need assistance and advice while getting started on the new system. Social mediums
and venues like lunch rooms, clubs, intranet sites and enterprise social solutions are all powerful tools to
reach the user. Developing a marketing plan and a promotional strategy have always yielded good
results. Utilizing a combination of mediums triggers user eagerness and demonstrate the importance of
the initiative.

Identify Ambassadors and Reward Users
Each team or unit that gets introduced in the system should have an ambassador. The ambassadors
should have enough knowledge on the system and should be able to guide their colleagues. Rewarding a
user who starts using the system actively will encourage every other user in the team.
Implementing an effective adoption program is not easy and needs lot of time and effort. With the
poorsuccess rates seen worldwide, it is obvious that organizations need to invest wisely in adoption
programs. Adoption activities should start from inception, continue through the implementation phase,
and follow the user always.

[styled_button title=”Request a Demo” href=”https://www.ilantus.com/single-sign-on/request-a-demo/” link_target=”_blank” title_align=”text-center” display=”inline” button_height=”” text_size=”25″ letter_spacing=”” font_weight=”300″ text_color=”text-white” style=”style-2″ bg_color=”bg-second” icon=”” icon_size=”30″ icon_style=”” icon_color=”icon-color-white” border_width=”3″ border_style=”solid” border_radius=”5″ border_color=”border-color-second”]
 

By Karamchand Ramachandran
Technical Manager
Ilantus Technologies

How Ilantus embedded AI helps improve User Experience

By | Uncategorized | No Comments

Companies are making a move towards global access and faster technologies to serve their customers faster, better and more efficiently than the competition. Service to customers is about speed and accuracy and none can be compromised.

Introducing Ilantus IDaaS Next with AI driven Single Sign On portal inspired by a “Smartphone First” approach; as part of our constant endeavor to improve upon our user experience, Ilantus has done one better with the introduction of artificial intelligence in our portal and delivering some industry leading capabilities.

Keeping in mind every users experience is unique in its own way; yet it all has to meet the companies objective of fast and accurate customer service, our SSO portal offers its users the convenience and personalization they deserve and still drives home the organization goal.

Typically, users are tuned to working more on certain apps and less on some. With Ilantus AI, our portal technology can understand this user behavior and move up in the application icons launchpad which are most commonly used and where they are easily accessible instantly when you log in to Ilantus SSO platform saving valuable time for the user.

Our new platform enables the functionality of application search at all levels making far more convenient for any user to reach its target application. With just a few character types, the Ilantus SSO search box is able to pull up and display the application name for the user click and access.

With most of us having access to smartphones, the mobile way of working is the new normal for doing business. Ilantus SSO portal with its “Smartphone First” design philosophy is now able to deliver to its users a seamless “consistent” experience across all access platform from Laptops, Desktop, tablets and Mobiles. Everything from aligning applications icons as per our usage to changing background wallpaper to creating folders, the new normal is now the smartphone and Ilantus is committed in delivering this to our customers.

We at Ilantus are committed to deliver to our customers the User Experience which will completely revolutionize this industry and set new benchmarks for our peers and competition.

Read Whitepaper

UBER got hacked

By | Uncategorized | No Comments

Ride-sharing technology company Uber, concealed a hack that affected 57 million customers and drivers. The hack took place in 2016 and then-CEO Travis Kalanick reportedly was privy to the fact.

The hack was carried out by two perpetrators who were able to access a private GitHub coding site used by Uber software engineers. The hackers then accessed data stored on an Amazon Web Services account that handled computing tasks for the company. This, they were able to accomplish with login credentials they were able to obtain. These hackers then found an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company. The hackers were able to get 57 million names, email addresses and mobile phone numbers. The names and driver’s license numbers of around 600,000 drivers in the United States were also compromised.

What is coming out from many of the recent hacks is that the hacking happens in a chain of events. A person (mostly an employee of the company that gets hacked) also has accounts in other places that may not be so secure. The hacker picks up the login details, passwords and other credentials from those places and tries it out in the company account to get vital information. Hillary Clinton’s campaign hacking also happened that way where the hackers first got information from the gmail accounts which obviously were not so secure. The recent hacking at Onelogin had a similar Modus Operandi followed by the hackers.

 This points at two things. First, it is the Management of Identity of the person that is more important than just securing his company account. Second, hackers attack the weakest link in the chain to get vital clues that are then used to attack important accounts. In any case it is important to secure the vital accounts thru MFA (Multi Factor Authentication) and strong Password Management.

ILANTUS ARaaS Solutions

By | Uncategorized | No Comments

The ILANTUS ARaaS cloud-based solution offers enterprises the ability to address complex business challenges – access governance, user administration and provisioning, password management, single sign-on – without any need for costly and complex on-premise systems and in-house skillsets. Built on industry leading and proprietary technologies, hosted ARaaS offers a comprehensive suite of features and options that enable organizations to take control over user management and compliance challenges cost-effectively, quickly, and with ease. Hosted ARaaS provides:

  • Quick Time to Value – Engineered to eliminate 70% to 80% of traditional deployment timelines.
  • Support – Minimize the complexity of solution management and support.
  • Choice – Eliminate the gaps in your current Identity solution with ILANTUS options.
  • Flexible – Choose the modules you want, when you want.
  • Secure – Compliant with industry certifications: SSAE 16 SOC1, SOC2 and ISO 27001