The Dot Net Factory, LLC dba EmpowerID statement on privacy and status of EU-US data transfers post-Schrems II

Posted by Bradford Mandell on Sat, Aug 01, 2020

Summary

Context: The Court of Justice of the European Union (CJEU) struck down the EU-US Privacy Shield (Privacy Shield) as a valid mechanism to comply with EU data protection requirements when transferring personal data from the EU to the US. The CJEU continues to view standard contractual clauses (SCCs) as a valid mechanism in the abstract, though this may be challenged on a case-by-case basis if the circumstances surrounding the transfer impinge on the adequate level of protection afforded by the SCCs.

The Dot Net Factory, LLC dba EmpowerID action: In light of the CJEU’s ruling, The Dot Net Factory, LLC dba EmpowerID updated our Data Processing Addendum to, among other things, incorporate SCCs where required for the transfer of personal data outside of the EU or the UK. We are also continuing to monitor for further guidance from the EU supervisory authorities, including on any supplementary measures that we may undertake as a data importer.

Ongoing commitments: The Dot Net Factory, LLC dba EmpowerID upholds high standards of privacy and security for customer data. As such, we reiterate our commitment to provide for increased customer control over where their cloud data is stored and restrict access to such data, and to never sell customer data. In addition, we aim to be transparent with our customers about government requests that we receive for their data.


Background on changes to legal mechanisms for EU-US data transfer

On July 16, 2020, the CJEU invalidated Privacy Shield in the Schrems II case (also known as Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems). Privacy Shield was a voluntary program developed to enable companies to self-certify adherence to certain privacy protections for the transfer of personal data from the EU to the US. It was implemented to replace the Safe Harbor framework, which was struck down by the CJEU in 2015 and has since been operated by the US Dept. of Commerce. The recent CJEU decision echoes that of the 2015 ruling, concluding that US national security surveillance laws and programs are in conflict with Europeans’ fundamental right to privacy, and that the Privacy Shield did not provide an adequate level of protection or remedy to EU data subjects.

Although the CJEU invalidated Privacy Shield, the CJEU concluded that the SCCs, issued by the European Commission, continue to be a valid mechanism for companies to transfer personal data outside the EU, but may be challenged on a case-by-case basis, especially where national security laws conflict with the guarantees provided by the data importer in such clauses. As such, the CJEU noted that it’s the primary responsibility of the data exporter and data importer to assess whether supplemental measures are necessary to ensure an adequate level of protection, but did not specify what such supplemental measures could be. The European Data Protection Board recently also issued a statement that it’s analyzing the CJEU’s decision and expects to issue further guidance on what those supplemental measures could consist of.

 

The Dot Net Factory, LLC dba EmpowerID actions in the wake of Schrems II

Since this landmark ruling, The Dot Net Factory, LLC dba EmpowerID has taken immediate steps to ensure minimum disruption for our customers, including updating our Data Processing Addendum to incorporate SCCs to the extent required under applicable data protection law. The Data Processing Addendum also enumerates our commitments to security, confidentiality of processing, limitations on international transfers of personal data, cooperation with data subjects’ rights, notice of security incidents, and more.

Over the coming months, we anticipate the EU supervisory authorities to issue additional guidance on how to comply with the new legal landscape after the Schrems II decision, including what the supplementary measures could consist of. In addition, the current form of the SCCs were written before GDPR went into effect and may be due for an official revision; we continue to keep a close eye on forthcoming guidance to stay up to date.

In the meantime, we continue to uphold our obligations and commitments to our customers under our contracts, under GDPR, and under the Privacy Shield framework for the data we collected and transferred under that framework.

 

The Dot Net Factory, LLC dba EmpowerID’s ongoing commitment to privacy and security

While the CJEU’s ruling on the Privacy Shield complicates EU-US data transfers, it changes little regarding the paramount importance The Dot Net Factory, LLC dba EmpowerID places on the privacy and security of our customers’ data. The Dot Net Factory, LLC dba EmpowerID maintains a robust security and privacy program that is outlined in detail on our Trust page.

Importantly, The Dot Net Factory, LLC dba EmpowerID does not sell, rent, or trade customers’ personal data. When The Dot Net Factory, LLC dba EmpowerID accesses data hosted in the EU, it is in service to our customers, such as: to provide our customers 24/7 technical support for their most critical issues, to deliver the right security solutions or to optimize their experience. The Dot Net Factory, LLC dba EmpowerID also gives customers control over where their cloud data is stored regionally. In addition, The Dot Net Factory, LLC dba EmpowerID redirects to the customer any government requests for their data that we may receive, and contractually commits to providing advance written notice of any compulsory requests to access their data unless prohibited by law from doing so.

The Dot Net Factory, LLC dba EmpowerID remains committed to maintaining the highest levels of privacy and security for our customers, and will continue to drive enhancements to our data protection safeguards. For more information about our security and privacy program, please email privacy@empowerid.com.

Tags: GDPR, Privacy Shield, Privacy and EU-US Data Transfers

Cyber Attacks: What You Need to Know and Do

Posted by Patrick Parker on Fri, Oct 25, 2019

photo-1510915228340-29c85a43dcfe

Unsurprisingly, Verizon’s 2019 Data Breach Investigations Report doesn’t make for comfortable reading.

In 2018:

  • 43% of security breaches involved small businesses
  • 52% involved hacking (69% of the attacks proved to be the work of outsiders)
  • 33% were through social media
  • 28% involved malware.

(Verizon, 2019)

What’s also important to note is that C-level executives were 12 times more likely to be the target of a social engineering incident and nine times more likely to be the target in a breach caused by social engineering. Given this much higher target rate, it’s clear that modern cybercrime organizations are deducing that there’s higher value in a more targeted, high level attack (Barth, 2019).

Unfortunately, for many businesses, and despite the increased risks and chances of hacking, they are still using outdated methods and approaches. What’s worse is that some are even following the same approach to cyber security today as they were a decade or so ago.

As we mention in our Anatomy of a Cyber Attack white paper, that’s simply not going to work in today’s business theater. So much so that

Businesses Should Assume They Have Already Been Hacked and Are Currently Under-Siege

Seriously, that is the best, easiest, and most practical way to look at your security efforts to date.

Suffice it to say that, if information security is something you’ve been lackadaisical with up to now, today’s the day… [you need to change that]. You need to get wise to what’s happening. Before it’s too late.

Yes, there is a lot of information out there (much of it false), and though not having enough information can be fatal, the opposite is also true.  Either one can lead to 3 critical issues:

  • ineffective planning
  • insufficient mitigation of risks
  • inability to recover quickly following a breach.

With that last point, above, you don’t need us to tell you how important your customers are to your business.

In terms of numbers, Bryan Littlefield, CISO of Aviva, said that following a customer data breach, research suggests that of those customers who are thinking of cancelling their account with you, 50% of them actually will (Out-law News, 2015).

That long-standing relationship you’ve been building… destroyed.

That trust level you hold so dear to your heart and have painstakingly nurtured… gone, In an instant.

Cyber Security is Not Something That Only Others Do

Moreover, the days where security was considered to be extraneous or a separate arm of the business are long gone. Indeed, security must work as a  “…flexible and smart strategic asset that constantly delivers to the businesses, and impacts the bottom line.” (Sartin as quoted in Guta, 2019)

We do have more information on cyber-attacks (and you can download our paper at the bottom of this page), but for now we advise you to take this approach:

  1. Assume you’re already under-siege. You need to fight back.
  2. Work inside out. Adopt a defensive posture, start from the core, and ‘clear and secure your lines’, all the way to the external perimeter of your organization.
  3. All the while, rethinking your security approach and how you’re going to make it as hard as possible for the hacker/attacker in the future.

That’s what you need to do.

Naturally, you’re here on our webpage, on our site, so we’re going to offer advice on what works for us (‘us’ being our clients, customers, and partners) and what we ourselves recommend.

Identity Access Management and Zero Trust

We recommend Identity Access Management. In particular, what we call Zero Trust.

Zero Trust follows the 3 fundamental principles of never trust, always verify, and always enforce least privilege. (We have a white paper called Identity is the New Perimeter: Zero Trust is its Firewall where we talk more about that.)

In its simplest form, Zero Trust involves an identity verification and authentication portion. If these are incorrect then the rest fails.

With that in mind, let’s take a closer look at the anatomy of a cyber-attack (if you want to jump straight to the white paper, click here).

Caveat: before we go any further, we’re not for 1 second suggesting that you haven’t been taking security seriously. It’s just that as someone for whom this is our ‘meat and potatoes’ (or bread-and-butter, if you’re British), we know full well how overwhelming security can be.

Not least because of the rate with which the tech is changing, but also because of the myriad of terms and definitions, and all the rest of it.

That’s one of the main reasons we created this white paper. Others include helping you to cut through all that noise, to eliminate that chaff, so you get an easy to read, understand and digest picture off what’s going on.

The Anatomy of a Cyber Attack

The Anatomy of a Cyber Attack white paper covers the following:

  • An overview of cyberattacks and how the landscape is changing. One of the problems of today is that “As businesses embrace new digital ways of working, many are unaware of the new security risks to which they may be exposed” (Sartin, 2019).
  • The architecture of the modern attack, including phishing and social Engineering
  • The danger of local admin privileges and cached passwords
  • Attacks to Kerberos and Active Directory
  • The consumerization of hacking
  • Can we keep the hackers out?
  • Assume breach – now what?
  • Other tips to discourage hackers. These include preventing users from being local admins, avoid group nesting, and use dedicated secure admin workstations for admin tasks, etc.

Understanding what constitutes a cyber-attack is just 1 weapon that you will need in your arsenal: it’s only one of the steps you must take. I hope you’re like me and, when you see people reminiscing on or about the good old days, you smile. I’m happy for them–seriously happy. From my own perspective, life outside of cyber security must seem a trifle mundane. Admittedly, I don’t dwell long, because what we’re seeing and experiencing in cyber security now is unprecedented. Sure, today might be a great day, but let’s use that time wisely and prepare for tomorrow, too.

Click on the link below to download the white paper:

Download the White Paper\

 

References:

Barth, B. (2019, May 9). Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018. Retrieved August 19, 2019, from SC Magazine: https://www.scmagazine.com/home/security-news/verizon-breach-report-attacks-on-top-executives-and-cloud-based-email-services-increased-in-2018/

Guta, M. (2019, May 22). 43% of Cyber Attacks Still Target Small Business while Ransomware Stays On the Rise. Retrieved August 19, 2019, from Small Business Trends: https://smallbiztrends.com/2019/05/2019-small-business-cyber-attack-statistics.html

Out-law News. (2015, July 3). Info security professionals are business brand preservationists, says Aviva security chief. Retrieved from Pinsent Masons: https://www.pinsentmasons.com/out-law/news/info-security-professionals-are-business-brand-preservationists-says-aviva-security-chief

Sartin, B. (2019, May 5). C-Suite Beware: You are the latest targets of cybercrime, warns Verizon 2019 Data Breach Investigations Report. Retrieved August 19, 2019, from Verizon: https://www.verizon.com/about/news/verizon-2019-data-breach-investigations

Verizon. (2019). 2019 Data Breach Investigations Report. Retrieved August 22, 2019, from https://enterprise.verizon.com/resources/reports/dbir/

Tags: Data Governance, Identity and Access Management (IAM), Access Governance

Cybersecurity and Why You Cannot Rely on Yesterday’s Tactics

Posted by Patrick Parker on Fri, Oct 25, 2019

RustedLock

“They came on in the same old way – and we defeated them in the same old way.”

Though it could easily be used today, that quote does have rather more deep-rooted origins. The speaker was Arthur Wellesley (though you may know him by his more common titles of The Duke of Wellington and, later, Prime Minister of Great Britain). He spoke those words after his and Field Marshall Blucher’s combined Allied forces had just defeated Napoleon at the Battle of Waterloo.

Without going into the details of the battle itself, the outcome was quite significant in several ways:

  • Napoleon’s tactics at Waterloo were both out of date and inflexible
  • His battle plan lacked finesse, consisting only of repeated ‘in your face’ brute force attacks
  • The outcome of this helped shape the future of Europe for almost 100-years
  • Given ‘The Battle of Waterloo’ was in 1815, it does, in fact, predate the on-going debate about RBAC v ABAC which still persists today.

Okay, that last point is stretching a little white lie (a hint of a joke, as it were). But If you’ll permit me, I’ll tell you 2 specific reasons why it does fall flat on its face:

  • The RBAC v ABAC debate is now in its 22nd year (yes, it began in 1997)
  • Like Napoleon at Waterloo, if you honestly expect to win today’s battle with yesterday’s tactics then you’re going to lose.

Unfortunately, and we know this firsthand, some companies still are using old systems, old methods, and old tactics.

(Please tell us this isn’t you, though?)

Your Attacker is Getting Cleverer

One glance at the news tells you that your attacker is getting cleverer. (It might also be a concern to know that there are a lot more attackers out there since hacker tools became more commercialized. If you want to learn more, then click here to get our The Anatomy of a Cyber Attack white paper.

Make no bones about it, your attacker is getting cleverer, more devious, and increasingly skillful–they’re evolving. And though steam rolling in with brute force methods might be just one part of their plan, unlike Napoleon on that fateful day, we both know they’ll adapt and move on to other means as soon as necessary.

This isn’t hyperbole, either.

You’ve likely seen or heard all of the scare tactics, the dire threats, the ‘end of the earth as we know it’ (if you haven’t, let us know and we’re more than happy to fire some your way).

But here at EmpowerID, where cybersecurity, RBAC and ABAC, and your security is concerned, we prefer to stay a little more grounded. A little more pragmatic.

The Cyber Threats Are Real

But make no mistake…

Don’t think for a minute that the threats aren’t real–because they are.

You and I both know, full well, that your attackers’ plans are evolving continuously.

Unfortunately, the very nature of cybersecurity is that they’re likely to be evolving far faster than you or any of us can ever react.

However, it isn’t all 1-way and isn’t all doom and gloom. There are steps we can take to mitigate this. To limit the chances of them being successful.

We can’t stop them from selecting us as their target, but our goal here, of course, is to make it so difficult that they move onto easier pickings. They turn their attentions and efforts elsewhere.

Let’s not get ahead of ourselves just yet, though…

What Is Your Battle Plan?

A question for you:

When the attackers’ beady little eyes do eventually turn to and focus on you, what exactly is your battle plan?

At Waterloo, Wellington had surveyed that ground years 2 or 3 years before.

We both know we’ll never ever have that luxury.

Then what?

“But we’ll be okay,” said every single security consultant or manager in the world ever. (All the while secretly praying that they’re okay.)

And then they weren’t, of course (okay, that is).

Reading this, you, may very well think that we’re wrong.

If that’s the case, then tune into the media and watch or listen. Turn on your TV or radio, or tune in via your PC, whatever it is you use.

Because if the next security breach is not all over the news today, then it’ll be tomorrow or next week.

It’s only a matter of time.

As realists, we both know it’s coming.

We sincerely hope they’re not talking about you.

White Paper: Identity is the New Perimeter: Zero Trust is its Firewall

To learn more about constructing your organization’s defenses and laying out your battle plans, we have a white paper called ‘’Identity is the New Perimeter: Zero Trust is its Firewall.

In it, we talk about how identity and Zero Trust are where the 21st century battle will occur. Zero Trust is founded on 3 fundamental principles:

  • never trust
  • always verify
  • always enforce least privilege.

Quite simply, when a user attempts to access to your system, they have to verify and authenticate themselves. If they fail either, then they’re denied access.

Click here to download the Identity is the New Perimeter: Zero Trust is its Firewall white paper

 

Tags: Data Governance, Identity and Access Management (IAM), Access Governance

KuppingerCole Names EmpowerID as a Leader in Identity as a Service (IDaaS)

Posted by Bradford Mandell on Thu, Aug 17, 2017

9e58b0526a1a7b1ef541768df7d7.pngKuppingerCole, a respected global analyst focused on Information Security, examined 24 vendors in the Identity as a Service, Business to Enterprise market (IDaaS B2E) market.  EmpowerID was named as a Product Leader, a category which ranks vendors by functional strength and completeness of solution.  KuppingerCole stated in the report that EmpowerID "delivers a very broad feature set for Identity and Access Management, going well beyond Identity Provisioning but with tight integration to these core features."

KuppingerCole further recognized EmpowerID as an Innovation Leader, a measure of the platform's support for "leading-edge new features which deliver emerging customer requirements," and finally as an Overall Leader which measures leadership across all the factors they evaluate.

KuppingerCole noted that EmpowerID "takes a unique approach to IAM/IAG. It is built from scratch on a Business Process Management/Workflow platform" and the ability to modify and create visually designed workflows, "allows for great flexibility, while the product also delivers a broad set of out-of-the-box features."

Among top product leaders, EmpowerID differentiates itself by its innovative "everything is a workflow" approach to Identity and Access Management. Of EmpowerID, KuppingerCole stated "EmpowerID is a very interesting and innovative solution. It provides a well thought-out and flexible approach for Cloud IAM/IAG with strong Identity Federation and authentication support."

KuppingerCole also assigned EmpowerID the strongest ratings possible for the security, interoperability and usability subcategories of the Leadership Compass report.

The strength of EmpowerID's industry leading Identity and Access Management, Governance and Privileged Access Management feature set is derived from its all-in-one approach. It uses a single codebase, a common management console, and modern HTML5 adaptive user interfaces to combine high scalability and performance into a superior user experience. EmpowerID offers an Identity Warehouse to manage employee, partner, and consumer identities which are automated and secured by an Adaptive Authentication Engine, a powerful RBAC/ABAC engine, and over 750 out of the box workflows.

The breadth of EmpowerID's platform allows enterprises around the globe to extend their boundaries and to manage internal and client identities in on-premise, Cloud and hybrid environments.



To learn more about EmpowerID's strong, unique offering for business to employee IDaaS needs, read the full report: http://info.empowerid.com/download-the-free-kuppingercole-idaas-b2e-report-www

Tags: IAM, Federation, Identity and Access Management (IAM), IDaaS

Turkey citizenship database leak highlights need for full database encryption

Posted by Chris Hayes on Tue, Apr 05, 2016

Screen_Shot_04-04-16_at_09.08_AM.png

Citizens of Turkey woke up Monday with the knowledge that a Citizenship Database has been publicly dumped for anyone in the world to download and view.

The dumped database included:

  • National Identifier (TC Kimlik No)Screen_Shot_04-04-16_at_09.06_AM.png
  • First Name
  • Last Name
  • Mother's First Name
  • Father's First Name
  • Gender
  • City of Birth
  • Date of Birth
  • ID Registration City and District
  • Full Address

 

 

This database leak underlines why it is important to encrypt data at rest.  Most IAM projects implement 443 for access to the product, secure DMZ firewalls and Role Based Access Controls but neglect to implement encryption for the identity warehouse.  EmpowerID fully supports encryption of information in our identity warehouse and has been able to validate our latest release 2016 using these same encryption methods.

Notes from the database leaker

EmpowerID utilizes transparent data encryption (TDE) which provides full database-level encryption. TDE is the optimal choice for bulk encryption to meet regulatory compliance or corporate data security standards. TDE works at the file level, which is similar to two Windows® features: the Encrypting File System (EFS) and BitLocker™ Drive Encryption, the new volume-level encryption introduced in Windows Vista®, both of which also encrypt data on the hard drive.  This means that the identity and attribute information stored within EmpowerID will stay secure even if someone gets access to a backup of the database or gets access to the flat files from a server.

To learn more about how EmpowerID can utilize a fully encrypted database just click below.

Request a Demo

 

Tags: Data Governance, Identity and Access Management (IAM), Access Governance

Identity Spring Cleaning Tools from EmpowerID

Posted by Chris Hayes on Wed, Mar 09, 2016

Screen_Shot_03-09-16_at_09.52_AM.png

Tackling the cleaning up of Active Directory can be a cumbersome chore to say the least.  Without the proper tools you can easily get stuck searching for expired accounts, groups with no members and even worse, users with access to resources that should have been removed.

EmpowerID 2016 connects and inventories all of your systems providing a unique platform to easily manage a spring cleanup.  Allowing your team to easily identify risky access, out of date users, groups with no members or even users with access they should not have it is the fastest way to get control of your current environment or even an environment that you are bringing on board.  Best of all EmpowerID enpowers your helpdesk and business users to manage things like password resets, group and application access and more.

Directory Cleanup Check List

Active Directory Cleanup:

EmpowerID continuously inventories and monitors your systems for changes.  This produces a large amount of actionable intelligence that can be used to clean up your directories. Common candidates for cleanup include:

  • Dormant Accounts - EmpowerID can help you identify user accounts that have not been used in a while and apply automated clean-up tasks such as removing group memberships.
  • Groups with No Owners – Groups without owners represent an audit risk and can often be old groups that are no longer used. EmpowerID assists with identifying owners and provides processes to assign ownership.
  • Groups with No Members - Groups with no members can be a potential security risk and are often an easy choice for cleanup.

Screen_Shot_03-09-16_at_09.05_AM.png

Delegated Administration:

This creates an immense group management challenge for IT security departments as each system is a new security island with its own set of users and groups to manage. EmpowerID solves this security challenge by applying a single security model to replace security administration tools and removes the requirement to grant native permissions in order to perform identity administration. Group admins can manage groups in any system, on-premise and Cloud in a single web-based console with laborious multi-step processes automated by visually-designed workflows. The workload is further reduced by enabling business users the ability to manage access to the groups they own in a non-technical interface.

Screen_Shot_03-09-16_at_09.09_AM.png

Dynamic Group Automation:

Automating the bulk of your group management tasks is the key to lowering management costs and keeping users happy and productive with shorter wait times. EmpowerID’s Dynamic Hierarchies engine is like auto-pilot for the most common security and distribution groups most organizations need. It automatically creates, manages the membership and retires groups based on the most common criteria (manager, department, location, etc.).

Manage On-Premise and Cloud Groups:

EmpowerID manages your groups wherever they might be. A huge library of connectors allows for rapid onboarding of commercial Cloud and on-premise applications. The most popular systems are fully supported with in-depth functionality for managing groups and roles in systems such as Office 365, Google Apps, Amazon AWS, SalesForce.com, AD, LDAP, AS/400, Box.com, local groups on Windows Servers, SharePoint, and others. Custom-developed applications can be easily accommodated using the EmpowerID Universal Connector.

Screen_Shot_03-09-16_at_09.12_AM.png

Compliance and Recertification:

EmpowerID will become the key tool allowing your directory security team to breeze through audits, saving time and money. The modern organization, has groups scattered across a wide mix of on-premise and Cloud applications and directories. This highly fragmented and siloed environment is a huge headache when it comes to producing the data required for periodic group membership recertification. This process becomes almost automatic as EmpowerID continuously monitors and inventories your on-premise and Cloud directories detecting groups memberships and any changes. EmpowerID handles the entire group lifecycle so when it comes around to audit time there already exists a complete audit trail for all group centered activities from self-service to delegated administration. Built-in attestation policies allow for rapid periodic recertification of group membership by their owners to eliminate the hassle of auditing this critical infrastructure. Risk-based separation of duties policies allow for toxic combinations of access to be defined, detected, and remediated if discovered.

Screen_Shot_03-09-16_at_09.15_AM.png

Reporting and Alerting:

EmpowerID brings intelligence and in-depth visibility to assist with managing your Cloud and on-premise groups. All systems are continuously inventoried and monitored for changes. This includes the creation of new groups, group membership changes, and deletion of groups. All changes are logged and the source of the change is noted. Alerts can notify group owners and administrators when membership changes in sensitive groups. These changes can also be rolled back automatically if desired. Hundreds of statistics and metrics are displayed in friendly dashboards allowing visibility into how your environment is changing and a large list of out of the box reports keeps everyone up to date.

Screen_Shot_03-09-16_at_09.22_AM.png

Please contact us to find out how we have helped hundreds of organizations get a handle of their identity landscape and how we can help you. 

Request a Demo

IAM Role Mining Powered by Machine Learning Algorithms

Posted by Chris Hayes on Mon, Feb 01, 2016

Screen_Shot_01-29-16_at_08.37_AM.png

One of the largest issues facing an organizations identity and access management project is the task of creating appropriate management and business roles and the access those roles should provide.  We can all take a look at the structure of a company and say they should have an IT role, a Sales role, an HR role and Executive roles but what about trying to map out the permissions that large groups of people already have?

EmpowerID is excited to introduce Role Mining Campaigns powered by our unique machine learning algorithms.  EmpowerID simply inventories your systems allowing you to pick the data to include in the role campaign.  We then pull in the relevant entitlement data based on what you are targeting for the campaign, this can be user information, group membership, NTFS & folder permission, SharePoint rights and more.

The next step is to create Runs, these runs simply output optimized candidate roles based on all parameters (called bottom up role mining).  We then create a clustered entitlement map with ranked candidate roles allowing you to visualize this data on the map looking at overlap for roles as seen below.

Screen_Shot_02-01-16_at_08.36_AM.png

As seen above, you can just at the current pockets of access assignments and create it as a possible candidate role!  This process not only saves so much time but also ensures you are taking a holistic look at the current rights.


Screen_Shot_01-29-16_at_08.06_AM_001.png

We also allow you to see if this will possibly create a Separation of Duties policy violation before you create it as seen above.

Or maybe you'd like to hand pick your roles?  Below you can see we've just hand selected our roles and can now publish them.  This easily allows you to promote them to management roles or business roles while still optimizing to remove all of the direct assignments that the role grants.

Screen_Shot_02-01-16_at_08.10_AM.png



With full support for both top down and bottom up role mining, EmpowerID continues to deliver the best product in the IAM space, saving you time and money!  Reach out today to learn more!

Request a Demo

EmpowerID Rings in 2016 with free Office 365 Manager Licenses

Posted by Chris Hayes on Wed, Jan 06, 2016

2016.jpgFree Office 365 Manager license with every User/Group Manager purchase!

EmpowerID is excited to announce starting Friday January 1, 2016 through Thursday March 31, 2016 we will be including our Office 365 Manager for free with every User Manager, Group Manager, or Exchange Manager purchase!  To receive this special deal, contact EmpowerID Sales today.

EmpowerID's New Year’s resolution is to help customers eliminate the user login hassle with SSO and unburden IT admins from repetitive Identity and Access administration tasks.  The EmpowerID Office 365 Manager allows organizations to securely administrate all aspects of Microsoft's Office 365 environment.  

Office 365 Manager extends the capabilities of EmpowerID User Manager and Group Manager to Microsoft’s Office 365 platform by providing these capabilities:

  • Single Sign-On (SSO)
  • Role-Based Delegated Administration (RBAC)
  • Automated Provisioning and Sync
  • Dynamic Group Management of Security and Distribution Groups
  • Multi-Factor Authentication
  • Access Recertification and Audit Reporting
  • Mailbox and Folder Permission Audit, Management, and Self-Service
  • Provides broader management functionality than Microsoft’s standalone admin tools

Not only can the EmpowerID platform consolidate all of your Office 365 management tasks, it can also provide a single set of friendly web and mobile interfaces for all of your Cloud and on-premise systems, including Active Directory, LDAP and enterprise applications.

Unify-Administrative-Experience.png

Ready to learn more?

Request a Demo

Tags: Office 365

Encryption of IAM Data

Posted by Chris Hayes on Thu, Dec 17, 2015

 

2015 was a rough year for Identity and Access Management news.  Digital toymaker VTech lost 6.4 million children's names, birthdates, parents' email, mailing addresses and more.  Ashley Madison's data was exposed including email addresses, chat message data and more.  AT&T just agreed to pay $25 million as a result of 275,000 exposed customer names and other information.  Customer and employee identity data is extremely valuable.

Here at EmpowerID we've been working diligently to support an easy to use method of encryption for data stored in our Identity Warehouse.  We are now excited to fully support encryption of all data we inventory and store.  This means if someone gets access to data files on a server or to backups, your data is still protected!

By encrypting data at rest we can now prevent malicious parties from getting the database files and restoring them onto a system and browsing personally identifiable information (PII).  Identity data is encrypted using AES256 which also ensures compliance with many laws, regulations, and guidelines in different industries.

Below, encryption hierarchy with dotted lines representing the encryption used by TDE, courtesy of Microsoft

IC51741.gif

 

Supporting real-time I/O encryption of the EmpowerID 2016 Identity Warehouse means that the data is encrypted before even being written to disk and only decrypted when read into memory.  Verification is easy enough once the process is complete

 Below we can easily verify that the encryption process is complete.

Screen_Shot_12-17-15_at_05.46_PM.png

Once encryption is complete you can look through backups to verify the data is encrypted.  Below on the left you can easily see unencrypted data containing PII, following encryption you can see a backup of the same database is now fully encrypted and unreadable.

Screen_Shot_12-17-15_at_05.28_PM.png

If someone were able to get the Identity Warehouse database they would be unable to load it up to recover the data as you can see below.

3E50DC91.png

So make 2016 the year you commit to encrypting employee and consumer data and the year you lower your exposure to data leaks!  Give us a call or click the link below for a quick demo of the EmpowerID difference.

Request a Demo

Enterprise IAM Controls for Resources in Amazon Web Services

Posted by Chris Hayes on Mon, Oct 19, 2015

Deploying servers out in AWS is great for a number of reasons; saving money, elastic capacity, increased speed.  There is a host of reasons that we won't even get into here.  One of the most important aspects of utilizing AWS is remembering the "Shared Responsibility Model" which basically says that you, the customer, are their partner when it comes to security and access controls for resources hosted in AWS.  

Amazon goes on to state that, "While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks, no differently than they would for applications in an on-site datacenter."

 

shared_responsibility

All of that basically boils down to the cold, hard fact that you, the Amazon customer, need a comprehensive Identity and Access Management tool deployed to secure your resources in AWS.  EmpowerID customers have asked for a better solution for this emerging paradigm and our development team has delivered in the form of our EmpowerID AWS Manager.

aws-diagram

Built from the ground up to deliver functionality not typically seen in an Identity and Access Management suite, our team has packed the AWS Manager with a lot of functionality.  Securing and managing RDP access, setting server uptime policies, even having the ability to directly start and stop servers in AWS directly from a dashboard ensures that you have total command over all aspects of your AWS environment.

Also included in the AWS Manager from EmpowerID is the ability to publish into our award winning IT Shop.  Business users can now find and request access to these resources.  Once requested, EmpowerID will send that request to an access owner who can approve it or reject it, and the user will be notified of the results!

Screen_Shot_10-16-15_at_09.20_AM

 

The EmpowerID team is very excited about this new offering and will be hosting a webinar on October 29th at 1:00 pm Eastern, please follow the link and register today.

Topics will include:

  • Managing RDP access with enterprise policies
  • Managing uptime policies and time constraints for Servers hosted in AWS
  • Managing Privileged Vaulted Credentials
  • Reviewing Audit Logs

Give us a call or click the link below for a quick demo of the EmpowerID difference.

Request a Demo