Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Ten must-have features of an Enterprise Identity & Access Management Solution

May 2024 by My1Login

My1Login is well placed to equip enterprises to safeguard their employee credentials against phishing.

Passwords are undoubtedly the number one target for the maliciously minded. Criminals understand that by securing one valid set of employee credentials, this often provides them with limitless access into corporate networks where they can steal data or execute ransomware.

The problem is heightened by the huge volume of passwords employees must manage every day, plus the sophistication of AI-generated phishing scams means these malicious emails are more challenging than ever to spot.

One of the best ways to counter password-phishing is through Identity and Access Management (IAM) tools, which can automate the removal of passwords from the hands of employees.

My1Login is a multi-award-winning provider of IAM. Its solution helps organisations eliminate phishing risks and provides the most robust defence against this attack vector.

The platform does this by removing passwords from the hands of users, so they never see, know or manage them. Instead, the platform works seamlessly in the background, granting application access to authorised users, without the need to manage passwords. This means employees can’t be tricked into handing over their passwords to phishing scammers, because they simply don’t know them.

So, what key features does My1Login recommend enterprises look for when selecting an IAM provider?

1. Zero Sign-in to Reduce User Friction
One purpose of an IAM solution is to make things easier for employees, not to give them yet another password to remember. An IAM that integrates with your corporate directory (e.g. Entra ID, Active Directory etc) means no sign-in is required to the IAM solution itself. This creates a frictionless user experience and guarantees user adoption since the user does not have to take any action to engage with the enterprise password manager.

Impact of Not Having This Feature:
If the IAM platform requires the user to manually log in or authenticate with it, this creates a barrier to usage and adoption. This reduces the effectiveness of the solution and leaves the organisation exposed to cyber security risks as the user adoption cannot be guaranteed.

2. Zero User Interface
For widespread enterprise use, choose an IAM solution that can be configured to run silently in the background providing users with Single Sign-On access to the applications and passwords they need, at the time when they need them.

Impact of Not Having This Feature
If the password manager requires the user to interact with it via a user interface, this typically involves training. If users need to be trained on a system this creates a further barrier to usage and adoption and many will revert to their previous way of working i.e. relying on passwords being stored in documents or making passwords simple and easy to remember.

3. Password Policy Enforcement to Eliminate Phishing Risks
Organisations should make sure their IAM solution includes a feature to enforce password policies on external applications. This should automate the ability to generate strong, random passwords, which can be updated on the external applications without needing an API. For the greatest security benefits, this feature should also enable administrators to configure a policy that hides the newly updated password from the end user, meaning they do not know it and therefore cannot be phished for it.

Impact of Not Having This Feature
Without this feature, organisations will be exposed to the risks phishing attacks and the risks associated with the workforce setting, simple, easy-to remember passwords that could be easy to guess, brute force, or discover if they are used on another application, all of which leaves the firm at increased risk of a data breach.

4. Application Discovery and Learning of Credentials to Manage Shadow IT Risks
IAM solutions that can discover the applications being used by the workforce, and automatically learn the credentials for these to enable Single Sign-On, enables the enterprise to expedite time-to-value by minimising deployment effort. This also delivers the additional benefit of significantly mitigating corporate data breach risks by detecting Shadow-IT and integrating these identities with the IAM solution.

Impact of Not Having This Feature
Without this feature, organisations are likely to be exposed to additional cyber security risks as a result of the workforce using non-core, external web applications to store corporate data that the IT team are unaware of.

5. Compatibility with Web and Windows Desktop Apps to Maximise Risk Mitigation

Ensure the IAM solution has maximum compatibility with applications and the ability to integrate Single Sign-On with:
 Windows desktop executable applications
 Virtualised/thin-client applications running on the desktop
 Web Applications that use authentication protocols (e.g. SAML, OIDC)
 Web Applications that use credentials (e.g. usernames and passwords)

This range of compatibility will future-proof an organisation’s investment, while offering the maximum level of risk mitigation.

Impact of Not Having This Feature
Without this feature, shadow IT could impact an organisation’s security and mean not all the applications it uses would be compatible with the IAM platform.

6. Zero Knowledge Encryption for Greatest Security
Zero Knowledge Encryption means that no-one outside your enterprise can access your stored passwords – not even the vendor of the IAM solution that stores them. This is crucial in giving your organisation complete control and eliminating a potential security risk – ask the vendor of the IAM where the encryption takes places and if they have any access to the keys that protect your data.

Impact of Not Having This Feature
Without this feature, the passwords your workforce store can potentially be accessed by the vendor of your IAM solution. This also creates a single point of failure since if the vendor is compromised your passwords can be accessed.

7. Support Multiple Credentials for Specific Applications to Maximise Compatibility
Frequently, employees may need to access multiple accounts for the same application. An IAM solution that facilitates easy switching between multiple identities used for a single-application is essential to cater for broader use-cases that exist within departments such as finance and IT.

Impact of Not Having This Feature
If your IAM solution does not support the ability for users to easily switch between multiple accounts on applications and services, this will create significant user friction and potentially lead them to favour less secure, more user-friendly ways of addressing this issue leading to additional cyber security risks.

8. Provides Single Sign-On for Apps with Passwords Hidden to Eliminate Phishing Risks
Allowing easy, one-click access to apps by automatically filling login forms completes the journey towards an unobtrusive user experience, making the need for copying and pasting of credentials unnecessary. This eliminates user friction and increases productivity.

Impact of Not Having This Feature
Without Single Sign-On, the organisation will not benefit from the efficiencies associated with a frictionless user experience. In addition, users will be able to view the passwords for applications and services creating a vulnerability to phishing attacks since users could potentially disclose passwords to malicious, spoofed websites. Furthermore, when leavers exit the firm, they will potentially retain the passwords to corporate services.

9. Policy Based Step-up Authentication
Credentials for some critical applications and systems will potentially have a higher risk profile that necessitates additional security before they are made available to users. The IAM solution should provide the capability to apply application-specific policies for step-up and Multi-Factor Authentication before releasing credentials or access to specific systems for users.

Impact of Not Having This Feature
Without this feature, organisations may not be able to meet compliance obligations that stipulate the use of Multi-Factor Authentication before accessing specific systems. In addition, there would be no higher level of authentication required when the workforce access applications that contain more sensitive data.

10. Full Audit Trail and Integration with Security Information and Event Management (SIEM) Solutions
Any effective IAM solution should be able to provide a full audit trail of who accessed what system and when to help support compliance and any retrospective investigation following a security incident.

Impact of Not Having This Feature
Without this feature, organisations could be faced with compliance issues because of being unable to provide a clear audit trail of who accessed which system at any time.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts