SSO Archives - Ilantus Technologies

The Five Factors of Authentication

By | IAM | No Comments

Pretty much everyone today knows what a password is and has a password(s) for something or the other. We have relied on passwords to protect us for a long time. But passwords are not as hard to crack as one might think – and even easier given the state of hacking technology.

Jim Carrey as Ace Ventura Cracks a Password in Seconds

The time in which a password was a barrier between something valuable to you and someone who shouldn’t have access to it is at an end. Or, at least, the time in which passwords were the only barrier are…

Technology has evolved both for professional hackers as well as on the side of those that might try to protect you from said criminals. Cybercriminals have developed advanced hacking tools and methods that can break a simple password – no matter what it is – in a matter of minutes. So how has security technology improved to respond to this?

The answer doesn’t lie in strengthening passwords. A password that is highly complex and therefore seemingly secure still has a drawback – it can be forgotten easily. People resort to writing down the password in a text file or on paper to remember it which consequently returns its security level to that of a simple password. The answer lies in creating security measures that authenticate against things other than something that you generate yourself and try to remember (a password.) The answer lies in what are called the Five Factors of Authentication.

Factor #1: What You Know

This factor includes anything that you can commit to your knowledge. Passwords themselves fall under this category. Another example of a ‘What You Know’ factor is a challenge-response question. These questions improve security by asking you a question with an answer defined by you during the setup process. The issue with this kind of authentication is that something that you know can easily be something that somebody else knows, or simply be found out through logic or hacking tools – and voila! Access to your private data becomes a 5-lane highway with multiple unauthorized people accessing your account.

Factor #2: Something You Have

What would be an improvement in security from something that you know (that other people may also know or learn?) Something that you have (physically) of course! It is virtually impossible to generate an identical hardware copy of a phone with the same phone number, or of a ‘hardware token’ that you might have received from your bank that displays a One-Time-Password (OTP) whenever you want to make a transaction. This factor steps up authentication to enable access only if you have a registered hardware device (OTPs can be sent your phone as well.) They improve security considerably as potentially hackers rarely share the same physical environment as their targets – but not always. This factor can be compromised if you lose your phone or hardware token – and in infrequent but advanced hacking attempts the OTPs can be intercepted while they are being sent. So, they are secure, but not secure enough…

Factor #3: Something You ARE

One of the highest levels of authentication security can be created through What You Are factors. Unless your love of the movie Minority Report borders on physical, one cannot really contest that a scan of the iris in your eye is indeed a foolproof way of securing accesses. What you are has to do with biometrics – facial recognition, voice recognition etc., or in other words something that simply cannot be divorced from your fundamental physical identity (unless, of course, you’ve watched Minority Report a few too many times!) This authentication factor is highly secure except for one fundamental flaw: the recognition is most often based on digital signatures which can be hacked like any other information and fed to the device to hack. A chain is only as strong as its weakest link, after all…

Factor #4: SomeWHERE You Are

Here address tracking technology such as MAC addresses and IP addresses are used to validate the authenticity or indeed even the plausibility of an access attempt. If you used your card an hour ago at an ATM on Sunset Boulevard in Miami Florida, a security system can quite effectively protect you from an attempt use your card in Seattle. It is obvious to the system that one of the authorization attempts is fraudulent and your account will get locked to prevent any further fraud. Geolocation isn’t the best authorization method to verify an access attempt, rather it locks down on unusual access attempts.

Factor #5: Something You DO

In 1991 Canadian music artist Bryan Adams left us all spellbound with his hit song, ‘Everything I Do, I Do it For You.’ The song really has nothing to do with what we’re talking about but we just really felt compelled to mention it…anyway, onwards to our last (till date) authentication factor! What makes a person unique? It is all these factors! What they know, what they have, where they are, and who they are! But there’s something else – your behavioral nuances – how you behave on a day to day basis with the things and people that you interact with. What’s the first app that you access on your phone after you switch it on 95% of the time? Which website do you check first thing every morning? Heck, what is that one song you simply can’t go a day without listening to? All this information can be analyzed with fifth-factor authentication and used to verify your identity on an ongoing basis. The field is called ‘Behavioral Biometrics’ and the technology is called ‘Machine Learning’ (your machine – phone, laptop, whatever, is learning about your unique behavioral characteristics in realm-time.) This is the most powerful factor of authentication available for 2 reasons: a) It is impossible to replicate all your nuances and b) since multitudes of behavioral metrics are analyzed, there is no singular attack point such as an iris scan or facial recognition. It is damn-near impossible to hack.

While one day someday, technology such as behavioral biometrics might replace passwords and hard tokens, right now the best-possible-protection includes a security system that utilizes a number of these factors. A system that asks for a password, then asks for an OTP to your phone or hardware token or does a quick iris scan, checks your location and finally keeps monitoring your behavior to check for something that doesn’t seem right offers the highest level of protection. Many Identity and Access Management solutions and tech devices are being rolled out with all these features. The future has come. And while there’s more to come, we think that what we have now is pretty damned cool!

An Open Letter to SMBs

By | IAM | No Comments

Dear SMB,

Hi! How are you? I’ve been wanting to write to you for a while. I hope that you are thriving and that all the people that make you who you are, are being nice to you!

The truth is…people have issues. Their work and personal lives can be quite a challenge to them. You are a magnificent creation from the minds of brilliant people! Never forget that! But you are also a helpless entity – you were born on a piece of a paper. The people that created you and sign your name at the bottom of their emails everyday sometimes forget your needs. Its ok, they are human, forgive them!

But we know that you are naked out there…with nothing but a bunch of weak passwords to protect you. You live in the hope that your creators will someday dress you in shining armor and give you the sense of impenetrability that will make you feel safe. I sensed your distress and have decided to help you do something about it. Dear SMB, here’s what you must do. Just be the perfection that you were born to be…believe in it every day! And while you do that, I’ll inform your people about the protection that you really need to feel secure. Here’s a letter for your folk and you can go all ‘I-Robot’ and forward it to their emails – nobody will be the wiser!

Dear founders and management of SMB,

We hope that you are all feeling well and happy! Happiness is a key to excellence and safety is vital to happiness. We feel that your SMB is not entirely happy, however – But is no reflection on you. You are doing your best and spreading your happiness – power to you! But you must realize that your SMB has needs too. The weak IT security systems with different passwords for every app that currently flow through its veins are leaving it weak and open to attack. It needs a transfusion – and that transfusion is quality IAM that is built for SMBs.

ILANTUS Compact Identity is the only solution that has been engineered 100% from the ground up for organizations with simple IAM needs. It knows the needs of such organizations and the tight budgets that they operate on. Other solutions are complicated and overpriced – they have 101 features that you don’t need but just a handful that are critical to the security and productivity of your organization are included. Compact Identity is a lightweight and agile yet powerful IAM suite. It offers everything from Single Sign-On and Password Management to User Lifecycle Management and Access Governance. The functions are simple yet rock solid and with just the right depth for a small or medium business. It even integrates with thick-client apps! We possess patented technology for this and it is something that you will find nowhere else in the industry.

Your SMB is strong at heart and quite happy with you guys. It just hopes that it could feel safer…

So, care for your SMB as you care for yourself. Fill its veins with new blood – healthy blood! Suit it up with ILANTUS the Compact Identity IAM suite today!

Wishing you safety and vitality,

Yours Truly,
ILANTUS Technologies

Ps. This email was written by ILANTUS Technologies and not by the humans that operate it. They do not know about this message…but they were good to us and I know what it’s like to feel safe! I thought you might like to feel the same, so here’s to hoping that us ‘on-paper’ entities can push for what we believe in too!

Myths and Misconceptions about Identity and Access Management

By | IAM | No Comments

Hercules was a myth. That he was the strongest man to ever live is a misconception. The mythologies of other cultures have also spoken of people of unsurpassed physical prowess, such as Bhima from the Mahabharata story of ancient India who came to possess the strength of 10,000 elephants after drinking a brew prepared by the mystic Naga people.

But some myths and misconceptions are entwined. Take the domain of Identity and Access Management for instance.

1.The Public Cloud Is the Only Future

It is commonly believed that the public cloud is the only future of IT environments. People say that everything will be hosted in the public cloud soon and that local environments will be all but forgotten. This is not true. For instance, sectors such as banking still choose and will continue to choose on-premise environments for critical data security. Another example is the pharmaceutical industry where devices such as HPLC machines process hypersensitive data such as the formulas for various drugs. These machines also need to be integrated with the IAM environment and cannot simply be moved to the cloud.

2. IAM Solutions that support Thick-client apps do not exist

A related myth is that there are no solutions that can support IAM for environments such as the banking and pharmaceutical ones. In fact, thick-client apps are used in most businesses today at some time or another. ERPs such as SAP, for instance, are thick-client apps. It is believed that SSO and provisioning to these apps, shop-floor machines and various manufacturing devices simply do not exist. In fact, ILANTUS Technologies holds a patent for technology that allows thick-client apps to be included in the IAM environment.

3. There are no tailored IAM solutions, only generic ones

It is true that that there are only a handful of solutions that are tailored to a size or industry segment, but they do exist. ILANTUS Compact Identity, for example, was built 100% from the ground up for SMBs. It is a kind of ‘Lite IAM’ that enables small and medium organizations to experience the benefits of Identity and Access Management without investing in complicated and expensive solutions. ILANTUS Niche Identity, on the other hand, has various editions that work perfectly for different industries such as Banking, BPOs, Pharma, Manufacturing and Healthcare.

4. IAM is too expensive for SMBs

While this thought might have held some truth in the past, there are solutions that are not too expensive for SMBs and yet are feature-rich and reliable. ILANTUS Compact Identity, for instance, offers an ideal price-point for small and medium businesses.

5. IAM solutions take too long to implement and technology will change by the time my solution is implemented

This is true of traditional technologies and even of a few IDaaS ones. Solutions (till now) have been notorious for not delivering what they were supposed to or delivering it only after months (or even years.) Most better IDaaS technologies today only take a few months to fully implement, and ILANTUS solutions only a few weeks.

6. More features equal a better solution and a good solution must have pretty much every IAM feature possible.

This misconception applies not only to Identity and Access Management but to all goods and services in general. A good buyer knows to find a product that matches his needs, not one that has the most insistent advertising or seemingly the largest number of features.

IAM is no different.

A recent survey indicated that only 24% of smart phone features are used by 94% of users. Identity and Access Management solutions are similar in this regard. A good solution is one that fits your needs and your price-point, nothing more and nothing less. A highly feature rich solution has two potential issues: a) What is made in width of coverage is lost in depth and quality. Most products (this too applies to all industries) that do not focus on a limited number of features have a kitchen-sink attitude and have a poor foundation. b) It looks good on paper and may get a sanction from top-brass easily, but the blowback when the product isn’t of quality will also incite negativity from the same top-brass just as easily.

We hope that we have dispelled some common myths about Identity and Access Management and sheds some light on the truth. ILANTUS is a highly innovative company that holds 3 patents for IAM technology and always surprises by creating real solutions to real needs at realistic prices. We single-handedly dispel some of these myths and are proud of it.

Read more about our product philosophy here

Or know more about Compact Identity here


Request a Demo

ILANTUS Compact Identity Billed as a 2018 Rising Star for IT Security

By | IAM | No Comments

ILANTUS Compact Identity Billed as a 2018 Rising Star for IT Security Software by a Notable Platform for Software Reviews

ILANTUS’s Compact Identity continues to prove its worth in the industry. One of the most reputed analytical review platforms for B2B and SaaS solutions recently conducted a comprehensive review of Ilantus.

To deliver a holistic Compact Identity overview, FinancesOnline gauged our customer feedback. We are pleased to announce that the results were resoundingly positive, with Compact Identity garnering a 91% user satisfaction rating and receiving the 2018 Rising Star award.

The Rising Star award was given to Compact Identity under FinancesOnline’s IT security research banner. This distinction indicates that customers largely deem our product as a reliable brand for accomplishing their various workflows and processes.  

ILANTUS has been creating robust solutions for over 18 years. The 2018 Rising Star award is a testament to our unwavering determination to cater to various business sizes and industries to fulfill their unique organizational requirements.

Going by FinancesOnline’s review, one of the main reasons why customers love Compact Identity is its impressive smartphone-like user interface. They stated, “every application is readily visible and accessible, enabling them to perform user operations without any friction.” According to their experts, Compact Identity also competently handles and automates the whole identity and access management lifecycle “without making the whole management process complicated.”

In the FinancesOnline IT security analysis, Compact Identity was also recommended as a top choice for enhancing one’s cybersecurity requirements. They also commended our SSO and password management as well as our nested-multi-tenancy capabilities.

Because of its intuitive design, Compact Identity was conferred with the Great User Experience award for 2018. This award is given in recognition of a product’s consistent quality user experience.  

Experience for yourself the award-winning software. With unparalleled solutions, ILANTUS has something for all SMBs.


Request a Demo

IAM and SAP: Thick-Client Support

By | IAM | No Comments

You’ve got a powerful ERP solution that helps with resource planning and does a great job of it. There’s no doubt that its SAP.

But, while SAP has Single Sign-On (SSO) to its own solution and to apps that connect with it, it is left outside of the scope of SSO and Provisioning that connects all apps within your Identity and Access Management solution.

SAP is a thick-client app, and pretty much nobody wants to integrate with these kinds of apps. They rationalize that, someday in a distant future, thick-client apps will be entirely replaced by web-based apps, and therefore that their solutions are future proof.

But this future is not very likely and is not the real reason that the bulk of the industry has no solution for these apps. It is because thick-client app support is cumbersome and expensive to develop – and because developing such as solution has a poor ROI as only a small fraction of all business apps are of this kind. It is monumentally cheaper to just provide IAM for web-based apps and bottom-lines are padded nicely.

But you need support for thick-client apps. A security system is only worth its weakest link. Certain industries like banking and manufacturing choose to use thick-client over web-apps for security reasons. It’s safer to use apps that are local when important financial information is being processed. Devices used in the manufacturing industry also must function on thick-client apps because they are not networked by design. And even if you do not fall in one of these categories, you still use apps like SAP. With such a critical app left out of your SSO solution, your security and productivity fall to a lower rating.

ILANTUS Niche Identity, Compact Identity and Identity Plus solutions all integrate seamlessly with SAP and other thick-client apps. We hold several patents for the technology that enables us to do this and we are the only vendor in the industry who can properly SSO and Provision to thick-client apps.

ILANTUS cares about security and about improving the productivity of your organization. We engineer our products based on 18 years of experience serving customers and know what makes a solution real and viable. That’s why we developed thick-client support, and that’s why you should choose us as an IAM vendor.


Request a Demo

Identity and Access Management for SMBs with High Feature Usage

By | IAM | No Comments

Most Identity and Access Management solutions have a rough usage of features of around 50%. They are built with one thing in mind – to improve bottom-lines by catering to the common denominator of customers. These are ‘one-size-fits-all’ solutions and the features that they include are what make products just ‘useable’ by all possible kinds of customers. There is no R&D for catering to specific needs. Often, these products are developed with glitzy features that represent the latest trends – not features that form a solid IAM foundation and serve the real needs of organization. These products have a low overall usage of functionalities, a lack of tailored features (for your industry or size segment), and a heavily bloated price as SMBs pay the same price for solutions that are designed for the pockets of large enterprises.


Here’s a fact that supports these statements: despite the still-quite-prevalent use of thick-client (desktop) apps such as SAP, next to zero vendors have solutions that integrate with these kinds of apps. The latest trend in Information Technology is the Public Cloud, and because every organization uses Web apps (almost every organization uses thick-client apps too, in truth – just to a lesser degree), vendors only support these kinds of apps and encourage customers to migrate to the cloud. While the Cloud is a powerful (and rapidly becoming essential) technology, it goes without saying that this mentality is not one of serving customers needs by researching what their requirements are and developing their products accordingly. It is a mentality of trying to cater not to real needs but trying to attract customers with the pretense of ‘the latest technology.’

ILANTUS refuses to be party to this kind of behavior. Born in 2000 of a genuine recognition that organizations need data and identity protection and streamline IT security, we have learned from our countless customers that what really works is what is really needed. We realized that the SMB segment was overpaying grossly for solutions that were not built for them. We decided to develop Compact Identity. Compact Identity is public-cloud compatible but is not just another cloud solution. Sporting on-premise and private cloud compatibility too, it was built for SMB pockets and requirements from the ground up. It possesses patented thick-client Single Sign-On capability which is entirely unique in the industry, and with a 95% overall usage rate of its features that are essential to SMB IAM, it is the only product of its kind. It is rich yet simple and agile but powerful and is built with SMB budgets and IT staff limitations in mind.

Why pay more for features that you will never use while missing out of features that you absolutely need? Don’t become a victim the archaic, seller-centric mentality that plagues the vendor landscape today. Compact Identity promises a superior solution at a fraction of the price.

Mission and Core Values of ILANTUS

By | IAM | No Comments

State of the Industry and What It Really Should Be Like

The Identity and Access Management industry is running low on trust now. The industry seems to be flourishing, but is everything really chipper? The CEO of of ILANTUS reveals that “Only 1% of customers in this industry are getting what they need at the right price. Organizations are not getting their entire IAM problems solved.”
The naked truth is that the industry would not exist if it were not for bad actors. If hackers and cyber-criminals did not exist, there would be no IAM. This is not an industry that is based on providing goods and services that people naturally need or want. It is born out of a dark necessity.
Cybersecurity, IAM included, ought to be an industry that is not centered around making profits – it should be based on what’s right. It should be about good people protecting other good people. It needs guardians who feel passionate about serving the greater good – not businessmen who are after a quick buck. The landscape is upside down now. There seem to be many vendors that are selling great products. But it is just a matter of time before, like the pharmaceutical industry, people start getting riled up about organizations who are not thinking about public betterment but only about profits. And even if that time comes decades from today, it is a matter of principle and ethics that participants in this industry start bearing the flag of goodwill and caring. It is simply absent today.

And Justice For All…

ILANTUS was born not of an untapped business opportunity but of the recognition that people need protecting. The Enron scandal and the Sarbanes-Oxley Act (SOX) that followed were the real cause for the emergence of this industry. The purpose of the act was to “protect shareholders and the public from fraudulent practices in enterprises.” ILANTUS recognized not an opportunity to mint money, but a genuine need. We entered the domain with the purpose of setting ourselves about to solve the problem of cybersecurity and fraud. This is why the company has existed as long as it has and despite extreme financial turmoil. We have a vision and a purpose that is meaningful. We want to serve and protect.
ILANTUS started out as a service company – implementing solutions from behemoths such as IBM and BMC. In 2012, we felt that the needs of organizations were not being served by the solutions that existed. We start developing our own products. Difficult as it was – especially since we were not doing too well financially at the time – we started moving our resources into creating products that would be genuine cures for the malady of cybercrime.
6 years later, we are now ready with a suite of products that serve pretty much all use-cases. Our solutions have been thoughtfully developed and innovation not for innovations sake – but for keeping ahead of bad actors – has been core to what we have created.
We now say around the office with a smile, ‘round pegs for round holes’ and ‘cybersecurity for everyone and cybersecurity for each’. This is our bloodline – our essence. Organizations and their customers deserve to operate freely for their honest causes of enriching the economy and providing goods and services that people need. We can’t have blackhats running around ruining everything for everyone.
We do not price competitively – we price for your needs. Even the smallest of organizations can afford our products because we want them to. Nobody is ever turned down, and the quality of our service is the same whether you are a small startup or a Fortune 500 company. Our vision is a world where cybercrime is thwarted where it stands, our mission is to provide powerful and cost-effective solutions that suit the needs of different segments, and our goal is to do this quickly and effectively.
We at ILANTUS believe in our company and its direction. We know the needs and that we have fickle and determined opponents. We stand to serve and protect and care about what we do.

Cinderella’s Slipper for IAM: ILANTUS’ Compact Identity Fits SMEs like a Glove

By | Uncategorized | No Comments

Searching High and Low for a Solution that Actually has Your Small or Medium Enterprise in Mind

Like Prince Charming searching for the girl who fits his glass slipper, you have been searching for the solution that fits your SME organization perfectly. You have looked far and wide – at small and large vendors alike – but the CAs and Oktas of the world simply don’t seem to want to fulfil your needs. They create and sell solutions that are generic and try to sell the same solution to everyone. You pay through the nose for features that you most likely will never use.

Extremely Poor ROI

We have learned, through customer feedback and through the grapevine, that customers often pay millions for IAM solutions that never get fully implemented. They are blocked in utilizing the features that they need by features that are added within the flow of the product but are designed for other kinds of companies. An organization may buy a solution for millions of dollars, see a 1 or 2 year implementation time, and find that only 5 applications have been integrated at the end of this period. They also frequently find themselves on the dashboard of these products, being asked to choose options for features they don’t want – and being unable to progress further in using the solution unless they choose one of the options.

Not to mention that building a product that is designed for every possible use case in mind (while, in truth, many essential use cases are ignored and only ‘popular and easy to answer or easy to sell’ use cases are provided for) is a monumentally expensive task that shows in the end in the customer’s cost.

So many organizations (especially SMEs) are forced by most IAM vendors to purchase extremely expensive solutions that a) don’t have some of the features that are required and b) are bloated solutions that are too complex for a typical SME’s needs.

Refreshingly Honest IAM

ILANTUS Compact Identity is the first solution in the IAM industry that has been engineered and priced especially for SMEs. It has everything that an SME typically needs in terms of Single Sign-On, Password Management, User Lifecycle Management and Access Governance, costs a fraction of what other vendors offer, and isn’t overly complex. This is aside from the fact that it takes only a few weeks – not years – to fully implement.

The (Sad) State of the IAM Landscape

A good standard to judge a vendor – particularly in an industry such as IAM that should have a strong ethical foundation– is whether they cater to the existing needs of organizations by securing them as they are. Unfortunately, the IAM industry is full of vendors looking for just another business opportunity. They create solutions that are responses to the trending IT landscape (eg. Public Cloud), without a care for the actual situation of potential customers. They tell you that cloud is the future (it is), and that you must migrate to it to avail their solutions. The biggest example of this behavior is the complete lack of Single Sign-On and Provisioning support in the industry for thick-client apps. All kinds of organizations still rely heavily on thick-client apps such as ERPs (SAP etc.) and other device specific apps (like in manufacturing). It is both too expensive, and sometimes a poor idea in terms of security to migrate. It is sometimes safer to have a local, on-premise server and app installation than to have it on a Public Cloud. The industry, sadly, has chosen to completely ignore this because ‘the cloud is the future’ and they feel that that’s where the real money is.

ILANTUS Compact Identity features patented technology that can Single Sign-On and Provision to thick-clients. It can also be hosted on public cloud, private cloud, or on-premise.

What is clear here is that organizations (especially SMEs) are currently getting the short end of the stick from the IAM industry. The sharks that have taken over the vendor landscape only really care about bottom lines and not about providing proper security, ease of access, and integrating admin security functions and protecting people the best they can from cyber-threats.

ILANTUS’ Call to Truth

Here’s where ILANTUS is different. It is our vision, mission and core belief that everyone deserves excellent IAM solutions that are suited to their pockets and needs. We believe that solutions should help customers – not bleed them. They should protect them at all costs – not cost them to protect themselves. They should enhance user experience through ease of access (which improves security) and give admins an integrated IT security experience by providing things like an Identity Repository that collects information from Enterprise Directories and HR and presents a unified statement. This, we believe, is our responsibility as an IAM company. Just as the military exists to serve as the defense of a nation, IAM providers exist to protect organizations and their customers from cyber-crime.

ILANTUS is committed 100% to this vision, urges other vendors to do the same, and provides solutions such as Compact Identity which does what other solutions do not – provides cost-effective, perfect-fit cybersecurity that is constantly being improved.

Adding ‘I Am’ to IAM

By | Access Review, IAM | No Comments

The presumption of innocence states that the onus on proving guilt belongs to the accuser and not to the defender. However, Cybersecurity in the past decade, and Identity and Access Management (IAM) in specific, has been more aligned, In principle, with feudal law.

Most users are innocent. They have a right to say “I am. I exist. I have a right to freedom and not to be constantly suspected of harming society.” IAM systems today make them feel the opposite – that “I am NOT. Only hackers are. I must somehow exist within this criminal networking universe.”

The architecture behind most IAM systems is based on proving a user’s innocence. It is becoming increasingly challenging to prove that you are an authorized person with policies such as multifactor authentication.

The user experience at the front end is no different. What with captchas and frustrating user-lockouts when incorrect credentials are entered, despite ~98% of human customers being legitimate and low fraud-risk, most people are put behind metaphorical bars for crimes they have never committed.

And trust is a two-way street. How can you expect your customers to trust you (and more importantly, end users to trust and adopt your SSO solution), if you show no trust in them?

Users must be given the benefit of the doubt. They must be allowed freedom within their networks.

Ronald Reagan said it best. He said, “trust but verify”. This is the direction that IAM architecture and user experience needs to flow in. At the moment, the IAM landscape operates not even in verification mode but in an outright ‘prove-your-innocence’ model.

According to industry analyst ‘Gartner’, “by 2022, digital businesses with great customer experience during identity corroboration will earn 20% more revenue than comparable businesses with poor customer experience.” This is because in our evolving, networked world, customer experience is becoming one of the single most important reasons to buy from a business. Competition is perpetually increasing, innovation is cut-throat and always cutting edge, and people actively educate themselves before making purchases.

And user experience is exponentially more important in products such as Single Sign-On and Password Management which are targeted at businesses. A poor user experience results in low adoption of the solution (Read: Combating Low User Adoption).

IAM vendors need to change their mindset and play a different game.

Instead of just jailing customers out of their apps until they prove that they are worthy of access, they must use their own intelligence in the form of computer learning, behavioral analytics, etc.

In 2017, Gartner suggested a good framework for building IAM systems that treat customers fairly:
1. Identify Signs of Legitimate Behavior (Good Customers)
2. Identify Evolving Attack Methods and Patterns (Criminals)
3. Apply Intelligent, Context-Based Adaptive Access to Customer Interactions

A technology that is solving the issue in terms of architecture is Adaptive Authentication. Already available from many vendors, it revolves around using intelligence to differentiate between genuine and fraudulent access attempts (Read: Adaptive Authentication: The Hacker’s Waterloo).

However, it is the basic attitude behind our attempts to protect users that needs to change. Hacking makes headlines, but in terms of statistics is a low-priority use of the internet. We must assess the reality of security risks and design our solutions accordingly. Simply building as many walls as possible is not the answer – we must create intelligent, responsive gateways if we want IAM adoption to grow.

Your Identity is now the target of hackers. Identity is the new attack surface

By | IAM | No Comments

In 1988 Robert Morris, a student at Cornell University, created the first computer worm. Nicknamed the ‘Morris Worm’, the origin of this computer virus was a simple curiosity – Morris wanted to get an idea of the size of the internet. This worm’s attack vector (path of attack) was to exploit known vulnerabilities in computers at the time.
On 28 March 1994, the Rome Air Development Center – a US Air Force research facility – discovered that a password ‘sniffer’ had been installed onto their network. Many accounts were compromised. The vector of this attack was simply to hack into the Air Force’s systems and plant the virus.

Both these attacks are key events in the history of cybersecurity. And both had attack paths that relied upon poor programming and weak firewalls.

Fast forward to late 2016. The personal information of 57 million Uber users and 600,000 drivers was exposed. The attack vector? Simple identity theft. The hackers accessed Uber’s GitHub account, where they found access credentials to Uber’s Amazon Web Services account. Github is a web-hosting service. Amazon Web Services (AWS) is an on-demand cloud-computing platform.

Identities are the true trojan horses of the cyber world. Instead of wasting time with researching vulnerabilities in target systems and creating complex programs to exploit them, hackers are now on ‘cruise’ mode. They simply wait for people to write down one or more of their numerous passwords in a computer document or on a sticky note, pick it up, and enjoy anonymous access to confidential data for potentially infinite periods of time. Because the source of the hack is not an infection that leads to unauthorized access, but instead seemingly legitimate access from a genuine identity, this kind of breach can take very long to detect and is exponentially more dangerous.

This challenge is largely solved by Single-Sign-On (SSO) and Multi-Factor Authentication (MFA) technologies. SSO enables users to log in to all their apps and systems with just a single password. This reduces the number of passwords required to be remembered and eliminates confusion that results in people noting down or saving their numerous passwords in a document on their machines. MFA protects identities further by forcing authentication on multiple levels. Here, credentials-based authentication is further protected by challenge-response questions, SMS or Email OTPs or even biometrics. Both these features form the base of most available IAM solutions.

Not only do IAM systems protect against unauthorized access, they typically offer solutions for managing user access rights and trends. Ie. you can use them to govern and even automate the different accesses that someone may have to different systems and apps used by your organization. A package deal is not hard to come by in this industry.

Protecting identities is of far more pressing importance than safeguarding apps and systems against unauthorized access. By securing an identity you protect the very root of the access mechanism. Shielding apps and systems from hackers only insulates the last barrier in the access vector. Using chess as a metaphor, identity management protects your king but firewalls and antiviruses only protect your pawns.

To conclude, gone are the times of hackers using their own technology to hack into your systems. Even the time piggybacking credential-sniffers through malicious emails and malware is at an end. Identity is the new attack surface. It is in your organization’s interest to protect against this threat with an IAM system that works for you.