Data protection and data privacy are so closely linked that people (and sometimes even organizations) tend to think of them as synonyms. However, understanding the difference between the two is crucial to ensuring that both protection and privacy are maintained. Continue reading Data Protection & Data Privacy – A difference that matters
Healthcare Data, HIPAA Compliance, and Akku
The Health Insurance Portability and Accountability Act (HIPAA) has been effective in the USA since 1996.
The Act actually has five different section titles, namely Health Insurance Reform, Administrative Simplification, Tax-Related Health Provisions, Application and Enforcement of Group Health Plan Requirements, and Revenue Offsets – however, the mention of ‘HIPAA Compliance’ most often refers to compliance to the second title – Administration Simplification.
This is the most challenging aspect of the HIPAA Act, as it comes with strict regulations on protecting the data of patients in an industry that is often a major target for data breaches and malicious activity. Identity and access management across applications used in a healthcare facility, therefore, becomes critical to HIPAA compliance.
Here’s how Akku can help in ensuring data privacy and preventing both outsider and insider attacks on patient data, and, ultimately, compliance to HIPAA’s stringent regulations.
Protecting your data
- Akku strengthens security around the login process by allowing you to set up and enforce a strong password policy as well as multi-factor authentication to reinforce password-based security
- It also employs a custom salted-hash encryption methodology – a combination of salting and hashing techniques – for user credentials and data
Preventing unauthorized access
- Akku allows you to exercise tight control over which users have access to what applications and data, so that access is not available to users who may not require it
- It prevents accidental and malicious data breaches by allowing access to applications only from whitelisted network IP addresses and devices
- The system also automatically blocks suspicious access attempts at abnormal times or from unexpected locations, and also enables the set up of time-based and location-based restrictions
Ensuring privacy and accountability
- Every Akku implementation is set up independently in a separate server instance, so privacy on the cloud is ensured
- Akku provides administrators with complete visibility by maintaining detailed logs maintained for every activity taking place across the apps and in the server
Beyond HIPAA
In addition to helping your healthcare facility become HIPAA compliant, Akku also makes it easy to set up integrations across your Hospital Information System (HIS), Lab Information System (LIS), Patient Management System (PMS) and more. This, in turn, improves collaboration between various departments and enhances overall productivity.
To know more about Akku’s complete set of features and their specific benefits to your facility, contact us today!
What is Continuous Authentication?
Technology users today are spoilt for choice when it comes to the types of devices and the variety of platforms through which they can stay connected to work and social groups. They can access their accounts from simply anywhere and at any time, as long as they can authenticate their identities.
However, the process of authentication as we know it has remained largely static – the user provides the system with their credentials at the time of access, the system matches it against its database of user data and provides the user access to the network on successfully validating their credentials.
Continuous authentication brings in a new approach to network security, and the reception it has received goes to show the importance companies attach to their security today. Continuous authentication can help your organization protect itself from ‘session imposters’ who try to take over sessions which are open even after the employee is done using them. It also helps you protect your network from credential stuffing attacks and phishing.
What is Continuous Authentication?
In continuous authentication, users are rated based on ‘authentication scores’ which aim to determine, based on user behavior, if the user is actually who he/she is claiming to be. With advanced algorithms which are fast becoming smart enough to understand human behavior, networks can essentially monitor user behavior to determine a user’s authenticity.
For example, in a banking application, if the security solution detects an anomaly in user behavior, it can prompt a logout or request for additional information like fingerprint or password to ensure that the account is used only by the designated person.
Continuous authentication has become powerful enough to analyze information from the various sensors of smartphones and other devices to monitor the pressure on the keypad, the amount of time being spent on an application etc.
With certain continuous authentication solutions, organizations can also assign restrictions based on tolerable risk by specifying the minimum confidence score and factors like a user’s location or time of the access request.
When you implement a continuous authentication solution, think in terms of acceptable risk and context – certain applications in your network might need lower authentication scores than other, more critical, applications.
While planning to deploy a continuous authentication system, it is also important to ensure that it is compatible with your existing security solution and covers all the areas of your organization’s network.
We understand that cybersecurity is becoming more fluid and security solutions are becoming more powerful and customizable. Akku’s DNS filtering and geolocation features can be used to score your users, and this information can be used to continuously authenticate them. To know more about how we can help you, get in touch with us now.
Akku Vs. Okta – Understand Before you Choose
Akku and Okta are both highly efficient cloud security solutions that strive to help companies manage and secure user authentication on applications in their network, and to transform their customer experiences. Here are a few key differences between the features of Akku and Okta.
Single Sign-on
Akku’s requires only a one-click login for universal login access for all applications. This ensures both high security and productivity.
Okta’s one-click authentication has made user login process 50 times faster. This user-friendly and customizable feature uses OTP to access to 5,500 pre-installed applications, ensuring direct navigation.
Multi-factor Authentication (MFA)
Akku’s MFA is simple, inexpensive, and easy-to-use. It provides multiple layers of security to the sign-in process using Time-based OTP (TOTP) and push notification. The former generates passwords every 30 seconds while the latter generates notifications to authorize login attempts.
Okta’s MFA is secure, simple, and intelligent. It verifies access using user’s knowledge, possession, and biometric factors instead of passwords. It also generates security questions, OTPs, and push notifications for a user’s authentication.
Content Filtering
Akku offers a customizable content filtering feature that ensures high productivity across your organization while improving network security. This functionality prevents employees from accessing and browsing irrelevant websites during office hours and prevents distractions and aids in providing secure network access.
Akku prevents your employees from accessing irrelevant YouTube videos which can affect employee productivity and blacklists their personal email id from being accessed using your network or systems.
Okta, unlike Akku, does not provide any content filtering features.
Time- and Location-based Restriction
While providing access to users anytime from anywhere is necessary, it is important to make sure that this feature does not compromise on security. With Akku’s time- and location-based restriction feature, security will always be on guard to restrict unusual user activities. It also restricts access to your network from specific geo-locations to prevent potential security breaches.
Okta does not offer standard products that provide time- and location-based restriction capabilities.
Password Policy Management
Through this feature, Akku allows you to set a minimum requirement for password standardization. This prevents anyone in your organization from possibly setting weak or easy-to-hack passwords. This also allows for password consistency across your organization.
Okta comes with a password policy standardizer which is similar to Akku’s.
Internal Communications
This feature ensures end-to-end communication between the management and the employees. This feature sends push notifications to the employees for each announcement. These notifications appear as soon as a user logs in, to ensure he does not miss any information. To ensure a response from the employee’s side, it restricts action until he has read and replied to the message. This also helps you in ensuring standards compliance across your organization without any gaps.
Okta does not have a well-structured internal communications system like that of Akku.
Akku, a product by CloudNow Technologies, is a robust identity and access management solution that helps improve data security and productivity and ensures transparency and control in tandem. For the modern organization, it is crucial to maximize security, compliance and productivity across your organization and Akku’s features are specifically built around that purpose. Contact us today to know more about how Akku can help you secure your network.
All the information presented in this article is accurate as of May 5th, 2019.
Akku’s Agentless AD Connector For Improved Security
The AD connector which comes with Akku, allows organizations to use either their on-prem AD or Azure AD as the data source for authentication. Akku’s AD is agentless, which means that no additional software is installed in the client environment. Continue reading Akku’s Agentless AD Connector For Improved Security
Agent-based Cloud Security Solution? No thanks!
If your organization relies on the cloud for a majority of its operations, you may want to look closer at the type of architecture your security solution uses – whether it is agent-based or agentless. While some might say that it is irrelevant and that you should focus only on the security solution’s efficiency, we beg to differ. Picking the right kind of cloud security solution can drastically affect your organization’s day-to-day operations and how much ownership you can take over the security solution. Continue reading Agent-based Cloud Security Solution? No thanks!
A How-to Guide to Privileged Identity Management
Privileged Identity Management (PIM) refers to the control and monitoring of access and activity involving privileged user identities within an organization. Privileged identities include those of superusers or super control users such as Chief Executive Officer (CEO), Chief Information Officer (CIO), Database Administrator (DBA), and other top management officials.
Usually, such accounts are given access to all applications and data within an organization, along with the highest levels of permissions. However, many times, such unlimited access has been the cause for data breaches. When an organization’s data is compromised from a privileged user or their account, it is known as Privilege Abuse or Privileged User Abuse. Continue reading A How-to Guide to Privileged Identity Management
What is advanced server access?
Advanced Server Access is a relatively new aspect of identity and access management system for the cloud. In fact, it fits better under the umbrella of privileged access management (PAM). PAM is built on top of IdPs and ADs, which are crucial for identity and access management for on-prem networks. By being used in conjunction with ADs, PAM has been able to successfully provide enhanced control over identity for administrators and other privileged users.
What is PAM?
Privileged access management helps to secure and control privileged access to critical assets on an on-premise network. With PAM, the credentials of admin accounts are placed inside a virtual vault to isolate the accounts from any risk. Once the credentials are placed in the repository, admins are required to go through the PAM system every time they need access to the critical areas of a network. For every single login, their footprint is logged and authenticated. After every cycle, the credentials are reset, ensuring that admins have to create a new log for every access request. Continue reading What is advanced server access?
Is Social Login a Secure Login?
Social login is a form of single sign-on, where users are allowed to log into an application or website using one of their existing social media account credentials. A social login, therefore, eliminates the need for users to register on yet another online platform – saving them the need to remember yet another set of credentials.
If you are a business, you may have noticed that a social login option on your online platform has had a positive effect on the number of registrations you receive. If you are an individual user, you may have found the option to either “Sign up” or “Login with Facebook/Google” and felt relieved that you were able to access the platform in just a few seconds by choosing the latter. But have you ever thought of how secure this method of login really is?
Let us look at the various aspects that affect the security of social login.
Social networks invest more on security
Social login is, by and large, considered to be a secure login method. This is because social media platforms including Google and Facebook are huge, powerful corporations in the online world with more potential than the original business (to whose website/application you are logging into) to set up strong security measures.
One compromised credential = multiple compromised accounts
On the other hand, if a hacker does manage to crack the social account – either due to a weak password or through a brute-force attack, this puts not only a user’s social media profile under threat but all of the applications and websites in which the user has used a social login option. The problem is only made worse with advanced threats like credential stuffing.
Similarly, if an individual’s phone is stolen and unlocked, with a Facebook or Google account that is still logged in, more than just one account is again compromised.
Third-party tracking scripts continue to threaten
Research conducted by Princeton’s Center for Information Technology Policy revealed that, when you log in to a website or application using social login, a third party might be able to place tracking scripts on the website or application. These tracking scripts have the ability to steal information that you have shared with the website or application during the social login – and sometimes even more than just that!
Although Facebook has announced, post publication of this study, that it would address this loophole in their universal login API, experts say that the issue may be deeper and more complicated than that. It is a harsh reality that a number of companies today create software and tracking tools that can be used to scoop, steal and sell information from such platforms.
So, what is the solution?
While the ease and convenience of social login is undeniable, it is also becoming increasingly difficult to ignore the potential threats of using such a feature. The next time you are thinking about a social login, keep these points in mind:
- Enable multi-factor authentication and risk-based adaptive authentication features that are provided by your social media network. A number of social network providers have set up these built-in security enhancement features, but they may not be enabled by default. Make sure to check your account/privacy settings and make the appropriate changes. This way, an additional layer of security will back you up even in case that your username/password are compromised.
- Check what permissions are being asked of you by the website or application that you are registering to using a social login. There will be a request to access your name, public profile and a few other details sometimes. Provide only information that you think is relevant to the site and deny all others. It might also help if you go back to your social media account and check what all is part of your public profile, and change those settings in order to limit the information you are allowing someone else to access.
- Use the social login feature selectively. If you are wary of a website or application, or if you are sure you will not be using it too ofteis n (and hence will not need a quick login method), then avoid logging in to them using your social media credentials. We suggest creating an email ID only for such occasional-use sign ups and using that to register instead.
If you are a business offering social login, you could offer your users with more security by integrating your application or service with an identity and access management solution (IAM) like Akku which comes with advanced features like multi-factor authentication, location-based restrictions, and suspicious login prevention. We also recommend that you speak to a cloud specialist on other cloud security measures that you can implement.
The Key to Data Security: WebAuthn
What is WebAuthn?
WebAuthn (Web Authentication API) is a global standard specification for secure authentication on the Web, formulated in 2018 by the World Wide Web Consortium (W3C).
This browser-based API allows user authentication on web applications through the creation of strong “credentials” and user-agent-mediated access to authenticators. This could be either in the form of hardware tokens (like U2F security keys) or in-built modules (biometric readers like Google Hello, Apple Touch ID) in the platform. Web Authn has garnered the support of all leading browsers like Chrome, Firefox, and Edge, and is compatible with all leading platforms.
How does WebAuthn Work?
With WebAuthn, a relying party (such as web service) can integrate a strong layer of authentication into applications with a choice of authenticators. It replaces the need for a password with the generation of a private-public key pair (credential) created for a website. While the private key is stored on the user’s device, the public key is generated randomly and shared with the server. The server then uses the public key to confirm the user’s identity.
The following steps are involved in WebAuthn:
- The user opens a website using their device
- On the request of the web service (replying party) through the Credential Manager API, the browser generates a new credential, specifying the user’s device capabilities.
- During the registration process, the user is offered multiple authentication options. This may vary from external authenticators to biometric authenticators like fingerprint analysis or facial recognition.
- Choosing any of the authenticators offered, the user completes the registration process.
- The authenticator generates a key pair (a public and a private key) – the public key is forwarded to the server, the private key is stored in the user’s device
Why use WebAuthn?
The public key and private key, both need to be used in conjunction. Therefore, by eliminating the need for a “secret” such as a password, WebAuthn drastically improves data security and prevents data breaches. Even if the public key is hacked, it will not function without the private key – which is stored in the user’s device – and becomes useless.
These are some of the scenarios in which WebAuthn can be useful:
- Setting up two-factor authentication (with or without passwords) that is resistant to friction and phishing
- Using biometric authorization that eliminates the need for passwords
- Recovering lost or stolen devices and bootstrapping of new devices
Find out how you can improve data security and prevent data breaches with Akku. Get in touch with us for a free demo today!