by Rebeca | Jan 5, 2022 | cybersecurity, soffid
Throughout 2021, global news seemed to ricochet between the rapid spread of new iterations of COVID-19 and cyber criminality — both becoming increasingly creative and disruptive as they mutate in a battle for survival; both interlinked as cybercriminals profit from rapid digitalization forced by COVID-19 lockdowns. In a recent interview, a prominent cybersecurity executive pointed out that alongside birth, death and taxes, the only other guarantee in our current lives is the exponential growth of digital threats.
Because security is not built into new technology from the ground up, cyber criminals quickly get a foothold and cause untold damage before we can catch up.
Much has been said about the cybersecurity skills shortage. Millions of cybersecurity positions are unfilled, and this is causing serious problems at many organizations. But the magnitude of the skills shortage is based on a specific model of doing security. This model is reactive rather than proactive and takes a labor-intensive, “brute force” approach to threat response. We need more bodies in cybersecurity because our methodology is to “throw more bodies at the problem.”
For example, rather than doing threat modeling and building strong, proactive controls as they develop an application, organizations scan for vulnerabilities, manually analyze the scans and manually remediate the problems — or else let the vulnerabilities accumulate. This consumes a lot of resources and ultimately does not leave an organization significantly safer than if it had done nothing.
Moving Beyond Brute Force
While most people may see the logic in moving beyond this scattershot approach, it has an incredibly strong gravitational pull. IT governance policies at many organizations require the use of antiquated security technology and processes when other approaches would provide better protection using fewer resources. At the same time, the rapidly evolving marketplace means that development teams face continual pressure to crank out applications even faster than they do today. This makes it easy to rush into development rather than taking the time to architect an application to be secure before coding even begins.
But what if we were to break from the gravitational pull of reactive security and refocus on what really matters? We could build security into new technologies as they are developed, rather than adding it as an afterthought. We could become consistent, prioritized, focused, structured and strategic in the use of people, processes and tools. We could help developers learn to write safer code by providing real-time feedback.
At the same time, we need to be making security more visible. If users had an idea which software was safer and which was less safe, they would choose accordingly. The White House issued an executive order in May that can potentially move us in this direction. For example, it requires software vendors to provide a “Software Bill of Materials,” something of an “ingredients list” for an application. We need dramatically more information about why we should believe something is secure before we trust it with important things — like elections, finances and healthcare, for example.
Proactive cybersecurity strategies aggregate a multitude of perspectives, which brings the benefit of innovation, problem-solving and consensus-building.
From the growing adoption of distributed cloud to the proven benefits of remote mobile workforces, the attack surface for bad actors is ever-widening. This means the requirements for network security have also evolved with the growing threats of increasingly distributed systems.
Security should not take a backseat to innovation in digital businesses. Of course, innovation and speed will require businesses to build secure systems, which means we can no longer afford to implement security only at the service level. We need to apply adaptable solutions from the architecture level that will change with digital business requirements.
See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world. Let us know how we can help you
Sources:
(1) Forbes
(2) Information Week
by Rebeca | Dec 29, 2021 | cybersecurity, soffid
Organizations start asking how they could defend their systems and people differently.
The changed world we’ve found ourselves living in since the global pandemic struck in 2020 has been particularly helpful to cybercriminals.
Homeworking, the ongoing digitization of society, and the increasingly online nature of our lives mean opportunities about for phishers, hackers, scammers, and extortionists. As we head into 2022, there is, unfortunately, no sign of this letting up. This is why it’s essential for individuals and businesses to be aware of the ever-growing avenues of attack as well as what can be done to mitigate the risks!
While the covid-19 pandemic upended workplaces and ushered in rapid digital transformation, the turmoil around cybercrime has remained constant: attackers are always changing tactics to evade detection. Flexible, customer-first solutions have emerged to meet ever-changing circumstances to keep organizations secure and confident against cyber threats. In the new year and beyond, as technology and workplace trends evolve and laws and regulations change, cybersecurity forecasts are emerging.
Enterprise spending on cybersecurity is expected to hold steady in 2022, as studies show that nearly all CISOs are getting a budget increase or level funding in the new year—only a small fraction of security chiefs will see their budgets fall.
CSO’s 2021 Security Priorities Study found that 44% of security leaders expect their budgets to increase in the upcoming 12 months; that’s a slight bump-up from the 41% who saw their budgets increase in 2021 over 2020. Fifty-four percent of respondents say they expect their budgets to remain the same over the next 12 months. Only 2% said they’re expecting a decrease—a much smaller figure than the 6% who saw their spending drop from 2020 to 2021.
According to PwC’s 2022 Global Digital Trust Insights report, “investments continue to pour into cybersecurity” with 69% of responding organizations predicting a rise in their cyber spending for 2022. Some even expect a surge in spending, with 26% saying they anticipate a 10% or higher spike in cyber spending for the upcoming year.
Meanwhile, tech research and advisory firm Gartner estimated that spending on information security and risk management will total $172 billion in 2022, up from $155 billion in 2021 and $137 billion the year before.
Firstly, it’s worth knowing that Gartner’s predictions come from Gartner IT Symposium/Xpo Americas, which ran virtually in October 2021.
The key theme of discussion this year was to explore the lessons learned from the ongoing disruption and uncertainty. On their page, Gartner states that they revealed their top strategic predictions for 2022 and beyond. These are:
- By 2024, 30% of corporate teams will be without a boss due to the self-directed and hybrid nature of work.
- By 2025, synthetic data will reduce personal customer data collection, avoiding 70% of privacy violation sanctions.
- By 2024, 80% of CIOs surveyed will list modular business redesign, through composability, as a top 5 reason for accelerated business performance.
- By 2025, 75% of companies will “break up” with poor-fit customers as the cost of retaining them eclipses good-fit customer acquisition costs.
- By 2026, a 30% increase in developer talent across Africa will help transform IT into a world-leading start-up ecosystem, rivaling Asia in venture fund growth.
- By 2026, non-fungible token (NFT) gamification will propel an enterprise into the top 10 highest-valued companies.
- By 2027, low orbit satellites will extend internet coverage to an additional billion of the world’s poorest people, raising 50% of them out of poverty.
- By 2027, a quarter of the Fortune 20 companies will be supplanted by companies that neuromine and influence subconscious behavior at scale.
- By 2024, a cyberattack will so damage critical infrastructure that a member of the G20 will reciprocate with a declared physical attack.
Conclusion
There is no such thing as the perfect plan, and many believe the future is unpredictable. However, if this were true, we wouldn’t have weather forecasts, and we wouldn’t have the list above along with the countless lists by other cybersecurity specialists and specialist companies.
The future is predictable (to some extent) by looking at the past and making some basic assumptions about what the future may hold for us. The time is right to take stock of what has gone before and make some reasonable assumptions and predictions about what our future holds, for there is no doubt that change is coming.
by Rebeca | Dec 22, 2021 | soffid
This holiday season, we would like to take advantage to express our gratitude and appreciation to you for doing business with us.
News are coming in 2022 and we are looking to share all the best with you during the upcoming year.
Wishing you a year full of Happiness and Success.
by Rebeca | Dec 21, 2021 | Customer
We are very happy to have participating in an ambitious identity and access management project for Barcelona by Serveis Municipals (B: SM), a project that places them at the forefront in terms of security, specifically in the areas of protection of the information and in identity management and access control.
Barcelona de Serveis Municipals (B: SM) is a company of the Barcelona City Council in charge of providing municipal services. The activities it manages include aspects related to mobility, or the management of facilities dedicated to culture, leisure and biodiversity.
It is an entity that handles a high volume of sensitive information and needed to protect efficiently, complying with the new RGPD (General Data Protection Regulation) and ENS (National Security Scheme), which are mandatory for administrations and companies. public. In addition, it required a solution for the precise and automated management of everything related to user administration, from provisioning or synchronization to identity consistency or authentication processes to avoid identity theft.
“B: SM needed a solution to delegate, manage, automate and secure access to Active Directory (AD) and ADFS (Active Directory Federation Services) among various administrator groups. Also, do it in a segmented way, with change control, protecting sensitive or critical data, and ensuring that corporate policies are effectively complied with ”.
We have offered the answer to these needs in the field of identity and access management with Soffid.
SOLUTION WE FOCUS ON FROM SOFFID
In March 2020, the on-premise deployment of Soffid began, something that has allowed them to develop a centralized management and orchestration of their identity and access management policies.With a maximum level of security, Soffid proposes a single convergent tool from where it is possible to carry out automated management of users and accesses in your Active Directory, your Exchange mail server – which is in the process of migration to Azure – and in Office 365 as a productivity environment. In addition, it also integrates with your HR management system: Meta4.
This is a very significant advance with respect to the starting situation, in which both the registration of users in Meta4 and the access management were carried out semi-automatically (in Active Directory and Exchange) or totally manually (in the case of applications).
Now, Soffid allows automated registration based on profiles. In this way, when a new user is created, accesses to their email account are automatically generated and their personal folder is also created, which is shared on the network so that it can be accessible from any point by activating a specific feature of Windows (Distributed File System or DFS). This is a crucial aspect in mobility and telework situations.In addition, you are also granted access permissions to the corresponding applications according to your profile and regardless of your domain.
This last point is important for the management of users and accesses of employees of companies in which B: SM has a stake, such as the Tibidabo Amusement Park (PATSA).This initiative, which reaches 1,200 B: SM employees, has not only simplified and streamlined the processes related to user and access management (additions, deletions and modifications), but also involves raising the guarantees of access to a maximum level. security and government, since everything is registered and audited in Soffid.
THE ROLE OF THE EMPLOYEE
One of the aspects that has been key in both projects has been to ensure the role that people play, even in the phases prior to implementation.Advances such as the use of Soffid’s role-mining function are contemplated in these possible phases, which, based on the accesses that users have in a certain position, creates an algorithm to define – automatically and intelligently – the permissions associated with that specific role.
On the other hand, and in order to gain agility and increase the level of user involvement in security, the implementation of a self-service portal is being considered.
This would allow them to self-manage their passwords or incorporate a strong two-factor authentication system, either via token, SMS, etc. The use of Soffid as a single sign-on solution is also being evaluated, which would allow B: SM to extend Microsoft’s federated authentication to other environments and applications.
by Rebeca | Dec 15, 2021 | cybersecurity, News, Resources, Single Sign On
The sheer number of tasks we do online grows every year as we create and discover new opportunities to digitize our world. This is true within the workplace as well, but as we find more processes to automate using cloud-based technology and new apps to improve efficiency, we add more risk to the organization. Each tool added to the technology toolbelt, each interface users enter a password on, each app that we connect to via different networks and devices — they all add to our existing attack surface and present bad actors with seemingly unlimited avenues to cause harm if left unchecked.
This is where a secure, single sign-on solution comes into play — using one reinforced set of credentials to access all of these tools and resources provides quite a few different benefits to modern organizations. SSO reduces the number of attack vectors your organization has, and SSO layered with multi-factor authentication (MFA) creates useful security and compliance controls. So, how do you find a solution that provides these capabilities and more? The answer is simple — look for an integrated, holistic directory platform that focuses on security and productivity.
Implementing an integrated directory solution provides organizations with a single source of truth for identity management and user authentication while providing built-in SSO and MFA capabilities and more. This is an important step to take to mitigate the risk that is inherent when users have to create and input different credentials across a wide variety of tools and resources, thus creating many unnecessary new attack vectors ripe for the taking.
How do businesses ensure they benefit from the convenience of single sign-on without compromising security?
The risk in SSO exists only if you see SSO as a means to gain access. But by recognizing the inherent security gaps that exist, and compensating by implementing additional controls in the form of multi-factor authentication, contextual access security and session management, you effectively reduce SSO risk, making it a source of elevated productivity and security.
Working in IT is a constant battle to find the perfect balance of security and productivity. This is no better personified than in the need for Active Directory (AD) users to access multiple systems through the use of Single Sign-On (SSO).
SSO solutions eliminate the need for users to remember a unique, complex password for each application and platform they access, replacing it with a single logon facilitating access to multiple systems and applications.
Offering faster access times to applications, with reduced password requirements (usually, one), it’s a no-brainer technology that reduces administrative overhead and support costs, while being a non-disruptive technology with a high adoption rate.
It also does come with some security benefits: Since SSO only utilizes a single credential it often equates to requiring a very complex single password. Additionally, the act of disabling access enterprise-wide becomes as simple as disabling the initial account. But, as with any technology designed to improve productivity, there are often losses on the security side. And in the case of SSO, there are some implied security risks.
Single sign-on is an authentication process that allows users to securely access multiple related applications or systems using just one set of credentials. Ideally, once SSO has been set up, employees or customers can sign on just once to gain access to all authorized apps, websites and data from an organization or a connected group of organizations.
SSO works based on a trust relationship established between the party that holds the identity information and can authenticate the user, called the identity provider (IdP), and the service or application the user wants to access, called the service provider (SP). Rather than sending sensitive passwords back and forth across the internet, the IdP passes an assertion to authenticate the user for the SP.
Your trust and data security are our priority
Our focus is on delivering value to our customers through high quality software which is robust, scalable, secure and ready for use 24/7. Soffid will never compromise on the privacy of our users and the security of our platform and product suite. Our team are technology purists who believe in strong encryption, tight and robust privacy controls. We believe in our software so much, we use it ourselves.
Single sign-on (SSO) has been prevalent in many organizations for years, but its importance is often overlooked and underappreciated. With many enterprises moving to the cloud and taking advantage of third-party services, seamless access to multiple applications from anywhere and on any device is essential for maintaining business efficiency and a seamless customer experience.
What is the Purpose of SSO?
Single sign-on’s main purpose is to give users the ability to log in to individual apps and resources within a trusted group using a single set of credentials. This makes it much easier for the user, who doesn’t have to sign on multiple times, and more secure for the business, since there are less opportunities for a password to be lost, stolen or reused.
What are the Benefits of SSO?
Your employees and customers probably don’t like memorizing many different credentials for multiple applications. And if your IT team has to support multiple apps, setting up, switching and resetting passwords for users requires countless hours, IT resources and money that could be spent elsewhere.
Increased Productivity
Single sign-on increases employee productivity by reducing the time they must spend signing on and dealing with passwords. Employees need access to many apps throughout their workday, and they have to spend time logging in to each of them, plus trying to remember which password goes to which, plus changing and resetting passwords when one is forgotten. The wasted time adds up.
Users with just one password to access all of their apps can skip all that extra time spent logging in. They also won’t need password support as often, and SSO solutions often give them access to a handy dock where all their apps are at their fingertips.
Improved Security
with good practices, SSO significantly decreases the likelihood of a password-related hack. Since users only need to remember one password for all their applications, they are more likely to create solid, complex and hard-to-guess passphrases. They are also less likely to reuse passwords or write them down, which reduces the risk of theft.
An excellent strategy to provide an additional layer of security is to combine SSO with multi-factor authentication (MFA). MFA requires that a user provide at least two pieces of evidence to prove their identity during sign-on, such as a password and a code delivered to their phone.
Risk-based authentication (RBA) is another good security feature, in which your security team uses tools to monitor user behavior and context to detect any unusual behavior that may indicate an unauthorized user or cyberattack. For example, if you notice multiple login failures or wrong IPs, you can require MFA or block the user completely.
Decreased IT Costs
A recent study by Gartner reveals over 50 percent of all help desk calls are due to password issues. Another study by Forrester reveals password resets cost organizations upward of $70 per fix. The more passwords a user has, the greater the chance of forgetting them, so SSO drives down help desk costs by reducing the number of required passwords to just one.
And some organizations have been implementing specific password requirements like length and special characters that may make passwords more difficult for users to remember—a trade off of more secure passwords for more password resets. SSO can help alleviate some of those costs.
Improved Job Satisfaction for Employees
Employees are using more and more apps at the workplace to get their jobs done, and each third-party service requires a separate username and password. This places a lot of burden on workers and can be frustrating. Notably, an average of 68 percent of employees have to switch between ten apps every hour. Only having to sign on once improves employee productivity, as discussed above, but it also enhances their job satisfaction by allowing them to work without interruption, quickly access everything they need, and take advantage of all the useful third-party apps that make their jobs easier. Easy access is particularly valuable for employees that are in the field or working from multiple devices.
Sources:
(1) Solution Review
(2) IT News
(3) GovInfoSecurity
Picture: <a href=’https://www.freepik.es/fotos/tecnologia’>Foto de Tecnología creado por DCStudio – www.freepik.es</a>
