por Rebeca | Dic 21, 2021 | Ciberseguridad, Cliente
Protección de la información y gestión de identidades
Estamos muy felices de contar participar en un ambicioso proyecto de gestión de identidades y accesos para Barcelona de Serveis Municipals (B:SM), un proyecto que les coloca en una posición de vanguardia en materia de seguridad, concretamente en los ámbitos de protección de la información y en la gestión de identidades y el control de accesos.
Barcelona de Serveis Municipals (B:SM) es una empresa del Ayuntamiento de Barcelona encargada de la prestación de servicios municipales. Las actividades que gestiona incluyen aspectos relacionados con la movilidad, o la gestión de instalaciones dedicadas a la cultura, el ocio y la biodiversidad.
Se trata de una entidad que maneja un alto volumen de información sensible y necesitaba proteger de forma eficiente. Cumpliendo con la nueva RGPD (Reglamento General de Protección de Datos) y ENS (Esquema Nacional de Seguridad). De obligado cumplimiento por las administraciones y empresas públicas. Además, requería de una solución para la gestión de forma precisa y automatizada de todo lo relativo a la administración de los usuarios, desde la provisión o la sincronización hasta la coherencia de las identidades o los procesos de autenticación para evitar suplantaciones de identidad.
«B:SM needed a solution to delegate, manage, but automate and secure Active Directory (AD) and Active Directory Federation Services (ADFS) access among various administrator groups. In addition, to do so in a segmented manner, with change control, protecting sensitive or critical data, and ensuring that corporate policies are effectively enforced.»
La respuesta a estas necesidades en el ámbito de gestión de identidades y accesos la hemos ofrecido con Soffid.
SOLUCIÓN EN LA QUE NOS CENTRAMOS DESDE SOFFID
En marzo de 2020 se inició el despliegue on premise de Soffid, algo que les ha permitido desarrollar una gestión y orquestación centralizada de sus políticas de gestión de la identidad y de los accesos.
Con un máximo nivel de seguridad, Soffid propone una única herramienta convergente. Desde donde es posible llevar a cabo la gestión automatizada de usuarios y accesos en su Directorio Activo. Su servidor de correo Exchange. Que está en proceso de migración a Azure.— y en Office 365 como entorno de productividad. Además, se integra también con su sistema de gestión de RRHH: Meta4.
Protección de la información y gestión de identidades
Se trata de un avance muy significativo con respecto a la situación de partida, en la que, tanto el alta de usuarios en Meta4 como la gestión de accesos. Se realizaba de manera semiautomática (en Directorio Activo y Exchange) o totalmente manual (en el caso de las aplicaciones). Ahora, Soffid permite realizar un alta automatizada en base a perfiles. De esta forma, cuando se crea un nuevo usuario se generan automáticamente los accesos a su cuenta de correo. Ee crea también su carpeta personal que está compartida en red de forma que puede ser accesible desde cualquier punto. Mediante la activación de una característica específica de Windows (Distributed File System o DFS). Este es un aspecto crucial en situaciones de movilidad y teletrabajo.
Gestión de los usuarios
Además, también se le otorgan los permisos de acceso a las aplicaciones correspondientes. De acuerdo con su perfil y con independencia de su dominio. Este último punto es importante para la gestión de los usuarios y accesos de los empleados de empresas participadas por B:SM como, por ejemplo; Parque de Atracciones del Tibidabo (PATSA).
Esta iniciativa, que alcanza a los 1200 empleados de B:SM, no solo ha simplificado y agilizado los procesos relacionados con la gestión de usuarios y accesos (altas, bajas y modificaciones), sino que también supone elevar a un nivel máximo las garantías de seguridad y de gobierno, puesto que todo queda registrado y auditado en Soffid.
EL PAPEL DEL EMPLEADO
One of the key aspects but of both projects has been to ensure the role of people, even in the pre-implementation phases.
These possible phases include developments such as the use of Soffid’s role-mining function. Based on the accesses that users also have in a given position. It creates an algorithm to define – automatically and intelligently – the permissions associated but with that specific role.
On the other hand, in order to gain agility and increase the level of user involvement in security. The implementation basically of a self-service portal is envisaged. This would allow them to self-manage also their passwords or incorporate a strong authentication system. Either via token, SMS, but etc. The use of Soffid as a single sign-on solution is also being evaluated. This would allow B:SM to extend but Microsoft’s federated authentication to other environments and applications.
In addition, you are also granted access permissions to the corresponding applications. According to their profile and regardless of their domain. This last point is important for the management of the users and accesses of the employees of companies in which B:SM participates, such as, for example, Tibidabo Amusement Park (PATSA).
por Rebeca | May 26, 2021 | Ciberseguridad, Recursos, Soffid
Imagine this scenario about Future Trends in Access Management… – If you are the CEO of a mid-sized organization with branches in different continents and three thousand employees, how efficiently could you monitor logins? Perhaps, on a bad day, an employee would have lost their Smartphone or lost the paper in which they wrote the password.In such a case, would you identify that one illegal or criminal login from all the 3000 logins that day?
In this scenario, we are yet to find a universal solution to manage online identities in both the government and the private sector.
Since the IAM space is continuously evolving
Organizations identify new trends in Identity and Access Management to minimize data-breaches, meet regulatory requirements, and manage user identities to the utmost extent.
Years of data breaches stemming from credential theft, attacks targeting privileged user accounts and poor password practices have led to a major evolution in identity and access management technology designed to protect enterprise data.
Five IAM trends are addressing the need for greater user account and network protection.
Identity and Access Management (IAM) has the attention of cybersecurity professionals around the world. The identity and access management market growth has roughly quadrupled over just the last three years, and shows no signs of slowing down any time soon.
The COVID-19 pandemic has raised the visibility of identity & access management (IAM) due to the high priority in getting remote access secured and the increased protection needed around digital transformation initiatives.
In an effort to make organizations more secure, agile and resilient, IAM leaders must improve governance and strengthen privileged access management (PAM) practices to prevent breaches, establish more robust and agile authentication and authorization, and enhance consumer IAM to prevent fraud and protect privacy.
In this rapidly changing business scenario, here are upcoming trends that promise to revolutionize the IAM sector:
1) Adapting Biometrics
As per Global Market Insights, the global biometric market would reach an estimated value of USD 50 billion by the end of 2024. Perhaps one of the rapidly emerging trends in the IAM sector, biometrics like retinal scans, facial recognition systems, and fingerprints, is highly preferred for ensuring authorized users in networked systems.
To counterbalance this threat, the future trend would involve IAM, which relies on biometric data, to get an additional layer of security for protecting the biometric information.
2) Blockchain and Future Trends in Access Management
Blockchain offers features like transparency, reliability, and integrity, making it a popular choice for ensuring data protection with both public and private sectors.
While talking about Blockchain in the context of IAM; the two aspects, the come into play are – Audit trail and self-sovereign identity. Self-sovereign identity is the concept of an individual protecting their entire identity as their personal property rather than let an organization or third-party provider manage it. By keeping the individual’s information protected by encryption in a permanent blockchain across a distributed network system, this concept offers complete individual control over their identity data.
Through the Self-sovereign identity system, the idea is to replace centralized; identity providers and instead let each individual take control and decrypt the data only when required.
Audit trail, a user’s entire login history, access request, permission grants, changes performed, or engagement is recorded. This is helpful for an organization in monitoring activities, detecting fraud, and also meets compliance requirements.
3) Single Sign-On Systems and MFA
While MFA is one of the most popular IAM practices, there is still plenty of scope for its improvement; as data breaches still occur and cause substantial revenue losses. Adaptive Authentication is the advanced version of MFA. Which relies on machine learning capabilities to detect } user behavior or illegal entry.
Adaptive Authentication pulls in all the details of user login in terms of login time. Device, location, browser, and other data, which helps analyze a login attempt’s authenticity. Based on the analysis, if a login attempt turns out to be fishy. The system will ask the user to fill in an MFA to be authenticated.
Another popular IAM industry trend is Single Sign-on (SSO System) usage with MFA. That helps users leverage a unified, singular set of credentials to gain access to networks; data, applications, web, and the cloud.
4) IAM and the Internet of Things (IoT)
With the arrival of the Internet of Things (IoT), there is a massive requirement for Identity Access Management service. Whenever an IoT based device is added to a network, there increases the need to mitigate security risk.
Hence, the current priority is to ensure secure identity access management. On these IoT devices for restricting the entry of hackers into the network. Devices that can pose a threat could feature smart TVs, security cameras, and smart bulbs.
Another technology that could prove to be a breakthrough is working on IAM systems. Which require the system to authenticate a user’s access through numerous devices.
Also, in numerous cases, securing IoT devices would be achieved by embedding; the device identities in the processing chip and being an integral part of the hardware.
5) Artificial Intelligence in IAM
An aspect of Identity Management, Context-based identity, also is responsible for comparing data about. This data includes numerous behavioral patterns like physical location, IP address, usage, preferences, and machine address.
Leveraging AI programming algorithms for data mining helps discover data patterns. That are extremely helpful in reducing fraud and identifying risks. This technique has been highly useful in banking systems across the globe.
6) Identity Access Management for Cloud Services
Since the cloud is in great demand, organizations have been shifting to cloud. Services to provide advantages such as efficiency, scalability, and flexibility.
Namely, Access Management, Identity Management, Access Governance, and PAM. We help you elevate your organization’s goals towards digital transformation and help develop data strategies. In line with revenue maximization and achieve customer satisfaction.
(1) Gartner
(2) Search Security
