Identity and Access MIS-Management
A former CIO who has grown a small MSP, moved to the enterprise and now focused on the growing MSP/MME international market. Having spent many years (and millions of dollars) in the enterprise working with some of the top technologies in the financial industry and seen the ups and downs, through the investments, growth, and eventual retrench--all to have it cycle again. X-CIO has a passion for business, a keen view on technology, and in the end, sometimes a different view on the every changing business of IT. If you remember floppies, saving to tape, RSA tokens, and one-way pagers with month long battery life or if you’re new to the game (being happy if your battery makes it through the day), he would love to hear from you.
When it comes to Security - Identity and Access Management (IAM) is a hot topic. In short, the ability to manage your digital identity for things that matter. While you can put a lot of technical jargon around the topic - the slightly longer version is: You want to STOP UNTRUSTED people from gaining access to your (or your customers) data through the use of "trusted" accounts. How do they get in - the typical, weak password, shared password, easily guessed password or the ever popular "stolen <pause for effect> password". There is also a damn good Gmail phishing attack going around - read about it here. As an IT professional - does it really matter how this UNTRUSTED person got it - they got it, get over it, it's done, keep moving forward and do your job. Users have been, are, and will be the weakest link - this is the one constant in security.
Most people have had at least one of their many (I have north of 127) accounts hacked. Those emails that say "We are so sorry but can you please reset you password (again) because someone may have your information (again)". Those emails often go ignored. Most users are lazy (IT Admins are not too far behind, which is why we like tools, things automated and remote controls) and will have the same ID and password for multiple services. Throw in some cloud services, and "Hey I just wanted to work on some files over the weekend..."and voila - at some point someone will get to your data.
So what can be done about it. While nothing is 100%, there is SOMETHING you can do about it. It is called Two Factor Authentication (2FA).
By the way, if you don't care about security, choose to ignore the benefits of 2FA, or find it easier to stick your head in the sand, - then stop reading. I can't help you. If you actually CARE about protecting your desktops, servers, networks, routers, VPNs, cloud applications, Citrix, and yada yada yada - read on.
So really, what is it - in short: something you know (your password) and something you have (like a mobile phone). Your <fill in popular service that has probably been hacked> has it ready to go. Your banks, cloud services, file storage, code repositories, gaming sites, healthcare, remote access, and the list goes on, have it...click here for a nice list.
Let's pick a popular service, Yahoo...since 1 BILLION accounts were hacked - that's a good example to use.
1. Log into your Yahoo Email account
2. Click on your ID/Name in the upper right and go to your "Account Info"
3. On the left - click on Account security
4. Slide the Two-step Verification to the right
5. You should get a pop-up to enter your mobile number
Note: Yahoo will not accept a VoIP phone number
6. You will be asked to enter a verification code:
7. and you are done...
8. When you login from a new device/location you will get a pop up asking you to select a method to verify your ID (e.g. phone, email, etc.)
9. Enter the code from your phone and you are in...
It's not that hard to do and you'll start feeling better.
For WORK I highly recommend a complete Identity Access Management (IAM) solution. This will make it easier for people to combine 2FA w/ Single Sign On (SSO) and you will be safer as well as make it easier for your users. You want a product that removes your password headaches (aka EASIER for an IT admin to increase security). Look for one that has MFA (multi-factor authentication), SSO (Single Sign On) and Password Auditing. Stay secure my friends...