Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

3 ways to use Identity & Access Management software for audits

March 2014 by Paul Baas, French Country Manager for Tools4ever

HIPAA, Basel II, SOx… and the list goes one. Organisations are evaluated for their compliance with various standards, legislations and regulations. These evaluations are called audits and sooner or later, your organisation will be faced with one.

If you are an IT manager and faced with an audit, you should be able to demonstrate you have your IT fully under control. Among other things, this means that you:
 1. must be able to demonstrate at any time who is allowed to do what in the network, and when network actions have been performed (authorisations and reporting). For instance, you should be able to indicate which employees are allowed to approve and pay invoices and who has reset employee X’s password and when.
 2. must implement a strong password policy.

The Identity & Access Management (IAM) solutions by Tools4ever provide you with additional support in legislative and regulatory compliance, to wit:

1. Who can do what?

Role Based Access Control (RBAC) is a technique for setting up authorisation management in an organisation and for providing insight into the questions of ‘who is allowed to do what in the network’ and especially ‘who is not allowed to do so’. With RBAC, authorisations are not assigned to individual staff members but to RBAC roles, which in turn comprise the employee’s department, title, location and cost centre. RBAC reduces the chance of error because network actions and changes can only be performed by people who are authorised to do so based on their role/title.

Many organisations already use RBAC to a greater or lesser extent: discovery, project, implementation, population or management. Tools4ever assists dozens of organisations in setting up an RBAC authorisation matrix. This is a hugely labour-intensive, complex and costly process. Tools4ever’s smart software makes it possible to automate the majority of the population of the RBAC authorisation matrix.

Using UMRA, the so-called organisational roles (the way in which employees are figured in the HRM system, particularly in terms of their title, department and cost centre) are matched against the technical roles (applications and folders) present across the organisation. Tools4ever can help organisations match their HRM system and network, as well as analyse the current authorisations for each organisational role. This allows the organisation to decide which HR attributes should be used for each organisational role.

The result of this alignment could be, say, that 90% of a particular organisational role (e.g. the role of nurse at the Cardiology department) involves particular authorisations. The logical step would then be to automatically assign all (new) employees in this role the same authorisations. By letting the occupancy rate govern the assignment of authorisations, a first step can be made towards populating the RBAC matrix in a very simple way. This approach can save you a great amount of time and money.

Would you like to take your first step with RBAC? Or do you need assistance with the population of your authorisation matrix? Then do not hesitate to contact us.

2. Strong password policy

Many laws and regulations require the implementation of a strong password policy (strong authorisation). To achieve this, it is possible to activate the complexity rules in Windows Active Directory. However, you should first ask yourself whether this complexity is desirable for your organisation, as this may have major consequences for your end users.

The default Windows Active Directory password complexity rules are often insufficient. Systems administrators need a more flexible solution that, among other things, makes it possible to determine individually, which rules are applied and when. For this type of scenario, Tools4ever offers Password Complexity Manager (PCM). PCM makes it possible to implement different security levels for different types of end users, based on their organisational roles and titles.

As mentioned, earlier, implementing a stricter password policy has major implications for end users as well as the organisation as a whole. End users will need to remember more complex passwords and since most of them will have trouble in doing so, the helpdesk is bound to receive more password reset calls.

To reduce the number of password reset calls, Tools4ever offers SSRPM (Self Service Reset Password Management), which lets end users reset their passwords independently by providing answers to a series of simple, predefined questions.

A stricter password policy also has consequences for the productivity of employees. They will have to remember more complex passwords for all of their applications, and will be far from happy with the situation. For this reason, many organisations choose to implement a SSO solution to cater for the needs of their end users.

Our SSO solution E-SSOM (Enterprise Single Sign On Manager) allows end users to log in once, after which they are automatically assigned access to all applications and resources across the network, without having to log in again. E-SSOM functions as an additional software layer that handles all login processes and automatically enters the required credentials (automatic login). E-SSOM also ensures that, in addition to Active Directory, a strong password is automatically used for all the underlying applications.

For organisations that do not use SSO but nevertheless want to make sure their end users are less hindered by a stricter password policy, Password Synchronization Manager (PSM) is an eminently suitable solution. It allows end users to use a single password for each system or application. When an end user’s Active Directory password is reset, PSM ensures that all linked systems and applications receive and use the new password.

Two-factor authentication
When implementing a strong password policy is insufficient in itself (e.g. because end users end up jotting down their passwords), it is possible to use strong (two-factor) authentication. Rather than entering their user name and password, users will log in by holding a card against a card reader and entering a PIN code. This results in strong authentication, as two-factor authentication is based on something the user has (the card) and knows (the PIN code). In this set-up, the card ID is linked to the user’s Active Directory credentials.

It is also possible to implement strong authentication without having to purchase additional hardware. In this scenario, the use of smartphones takes on an important role. This is because smartphones offer various authentication capabilities, such as facial recognition (using the camera), voice recognition (using sound recordings) and geographical positioning (using GPS). This type of Low Cost Authentication is the latest trend in the field of authentication.

Would you like to implement a strong password policy and cater for the login needs of your staff by implementing Single Sign On or Self Service Reset Password? Then do not hesitate to contact us.

3. Automated logging

The solutions by Tools4ever ensure that all processes leave an audit trail. For each action, the system automatically logs who has performed which management activity at which moment. In this way, the organisation can verify previous processes at any time and evaluate these retroactively. This is indispensible, as sound registration is a precondition for a successful audit.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts