Top Six Things to Consider with an Identity-as-a-Service (IDaaS) Solution – Blog 5 of 6

5. Robust Access Policies and Multi-factor Authentication (MFA)


Centrify LogoToday you live with the risks of users accessing many more services outside the corporate network perimeter as well as users carrying many more devices to access these services. Users have too many passwords and the passwords are inherently weak. In fact passwords have become more of an impediment to users than they are protection from hackers and other malevolent individuals and organizations. In short, in many cases, passwords alone cannot be trusted to properly and securely identify users.

Consequently, you need a better solution that incorporates strong authentication and one that delivers a common multi-factor experience across all your apps — SaaS, cloud, mobile, and onpremises. The solution also needs to have access policies that take into account the complete context of the access request and helps to overcome these new security risks. In addition, you need the capability to establish flexible access policies for each app for more granular and adaptive control. For example, if a user is accessing a common app from a trusted device on the corporate network from his home country during business hours ,then simply allow him silent SSO access to the apps. But if that same user is accessing an app outside the corporate network from a device that is not trusted, outside of business hours, and from a foreign country then deny them access — or at least require additional factors of authentication.

Specifically, you need an IDaaS solution that ensures security authentication by combining multi-factor authentication (MFA) and rich, flexible per-app authentication policies.

Multifactor authentication methods should include at least:

• Soft token with one-button authentication to simplify the experience
• One Time Passcode (OTP) over SMS text or email
• Interactive Phone Call to the user’s mobile device and requirement for a confirmation before authentication can proceed
• User configurable security question to act as a second password

Per-app authentication policies should allow, deny or step up authentication based on a rich understanding of the context of the request based on any combination of:

• Time of day, work hours
• Inside/Outside corporate network
• User role or attributes
• Device attributes (type, management status)
• Location of request or location of user’s other devices
• App client attributes
• Custom logic based on specific organizational needs

We have the coolest security technology partners!

Recent press supports our direction on selecting leading edge security technology partners. Not long ago, NetWitness found the most invasive Netbot in recent history.

Now our cloud-based monitoring solution partner, Alert Logic, discovered a serious bug with Facebook.

IDG reported “Facebook is fixing a Web programming bug that could have allowed hackers to alter profile pages or make restricted information public.

The flaw was discovered last week and reported to Facebook by M.J. Keith, a senior security analyst with security firm Alert Logic. Read more

Security as a Service (SaaS) Model?

For clients who have limit capital expense budgets, we’ve created a suite of services to help clients meet the challenge of limited budget and need to maximum security solution benefit. With services in log management, threat management, file integrity management, vulnerability management, wireless devices security management and 24/7 monitoring, we’ve effectively resolved eight of the most challenging Payment Card Industry (PCI) requirements.

Instead of spending several hundred thousand dollars and even more in additional personnel, and equipment rack space among other things to launch these products yourself, why not consider our SaaS model where for just a few thousand dollars per month, you get the benefits of a latest technology, reduced work for your personnel, and greatly improved security operations server.

In traditional outsourcing models, the customer gives up visibility and control to their inner operations. Not in our model! You can have as much access, full control, and visibility to everything that our Security Operations Center sees. We’ll just handle it around the clock!

Welcome to PathMaker Group (new people, new services, new website, new blog)

In addition to some new faces joining PathMaker Group, we’ve added a number of exciting services to our company that complement our already-stellar reputation in Identity Management solutions and service. And, we’ve already added these fully-functional services into our marketing materials and website. We’ve also embraced social media in a big way by adding this neat blog, PathMaker Group TV (youtube), a Twitter page, as well as Linkedin, and Facebook pages. The links to these are all available on our website. In addition to blogging about relevant and fun topics, we envision posting our presentations, demos, and videos online to continue to evangelize Information Security and share with you our successes as well as some info about what works and what doesn’t.

As many of you already know, or experience first-hand as customers, PathMaker Group is well known for its quality and commitment to excellence that has been instrumental in many hugely successful identity management solution implementations. Now this is a tough act to follow!

First, I’m privileged to be part of this outstanding organization. The company, its leadership, its employees are all a truly pleasure to work with and I want to learn from them and incorporate their great ideas into the services and methods that we’ll develop. Read more