Dear Customer and/or Partner,

The coronavirus (COVID-19) pandemic is affecting people all over the world and forces businesses to far-reaching health and safety measures. We want to assure you we remain committed to providing the best possible service despite the challenges we all currently face.

At SecurIT, our people are the heart of our business. This means that we take no risks concerning the health and wellbeing of our people, customers, their families, and society at large. We shall, therefore, fully comply with all relevant measures that we are asked to take by government officials and health experts.

We have taken several measures to minimize the risk of infection with the COVID19 Virus for both our personnel and third parties.

Below some of the measures:

· We have closed our offices in Amsterdam and Greenville, and all our employees work from home.

. Our support organization can be contacted as usual.

· All (physical) internal and external meetings and appointments have been canceled. Where possible, we meet and get in touch through electronic means.

 We strive to continue to serve our customers as usual and to ensure that the service for your customers will continue optimally.

Take care and stay safe.

SecurIT

In light of recent news surrounding COVID-19, the disease caused by the novel coronavirus, many employees may suddenly need to work from home. If employees can’t access applications and information securely from remote locations, their productivity will decrease and the security of key corporate assets will be at risk. Together with our partner Ping Identity, we are prepared to help IT organizations with the following immediate steps to ensure employees can be productive anywhere in the world.

1	Put multi-factor authentication everywhere 52% of data breaches are due to hacking, and of those, 80% are due to weak or compromised passwords.1 Multi-factor authentication (MFA) can reduce password risk by 99.9%.2 Putting MFA everywhere is a no-brainer, especially on VPN connections and for employees that use personal devices (BYOD) when they work from home.
2	Leverage intelligence so that added security doesn’t add friction As more employees work outside the corporate network, intelligent authentication helps you make better decisions about who should have access to resources. Continuously evaluate risk scores based on user behavior and location to better understand when to grant access, when to step-up authentication or when to deny access—all without impacting employees’ productivity.
3	Being on the network shouldn’t automatically grant access Organizations enable VPNs for remote access, but this often allows employees to access more than they need. Since 23% of sensitive data breaches are caused by internal employees,3 someone shouldn’t have access to everything just because they’re on the network. To mitigate risk, enforce least-privileged access and establish Zero Trust security for apps, APIs and data.
4	One password is not only more secure, but it’s also more productive On average, employees spend 10.93 hours per year entering and resetting passwords.4 This slows down remote employees as they sign on to applications to get their work done, like collaboration apps for instant messaging and video conferencing. Federated single sign-on (SSO) and self-service password reset gives employees back all those hours and lets them get back to work. Better yet, strong authentication methods, such as biometrics and FIDO2 keys, can make passwords a thing of the past.
5	Put digital business resources at workers’ fingertips There’s a streamlined app for just about every business task. But employees may struggle to find all these tools—or just forget to use them now that they’re not in their usual work environment. They may also find them difficult to access, since some are on-prem and some are in the cloud. With a dock for SSO to all digital resources in one place, employees can easily find, access and use apps to get more work done from anywhere.

We want to help you get your work-from-home workforce secure and productive, right now. Get fast, free, cloud SSO and MFA for unlimited apps and unlimited identities. 

1 Verizon 2019 Data Breach Investigations Report
2 Microsoft Security Intelligence Report, 2018
3 Forrester Analytics Global Business Technographics Security Survey, 2019
4 Ponemon 2019 State of Password and Authentication Security Behaviors Report

The trend toward a mobile, distributed workforce, including working from home, has been underway for many years. Unfortunately, sudden events like COVID-19, the disease caused by Coronavirus, can shine a harsh spotlight on the need to provide more comprehensive workforce access and productivity solution than what many companies have in place currently. Organizations like Google, Microsoft and Amazon have already encouraged employees to work from home. And JPMorgan Chase, as a precautionary measure for contingency planning, asked 10% of its entire workforce to work from home to test their global remote access capabilities.

---

Working from home is no longer just a perk to offer employees, but a critical alternative to keep your business running. 

---

To fully enable a productive remote workforce, organizations need to make working from home seamless. They need to offer a smooth user experience while making sure that systems and data remain secure. In order to evaluate whether your remote working procedures are effective, here are a few questions to consider:

• Is your organization moving towards an enterprise-wide Zero Trust strategy, or are you still relying on your network as your main security perimeter?
• Does your organization have strong, intelligent authentication mechanisms in place beyond passwords?
• Is your organization prepared for a majority of your workforce to work remotely? Can they use their own devices?
• Can your organization control access beyond the network to the application, data and API layers?

Think Beyond Network Perimeters

For many years, virtual private networks (VPNs) have been the default solution for enabling remote access to work resources. However, the notion that a VPN should legitimize employee access to all of a company’s resources is outdated. In fact, VPNs have been the source of some high profile hacks and were even the subject of an NSA advisory.

Instead of solely relying on VPNs, organizations need a strong identity foundation. That means implementing Zero Trust principles, where by default no network traffic is trusted. Instead, everyone and everything must be verified via centralized authentication services relying on capabilities like single sign-on (SSO) and multi-factor authentication (MFA). By implementing strong, centralized authentication, organizations are less susceptible to the inherent weaknesses of VPNs. In addition, with an identity foundation based on Zero Trust, organizations can control access beyond the network to assets like applications, data and APIs.

---

---

Reduce Passwords Wherever Possible

In terms of security, strong authentication becomes even more critical when your employees are working from home. Passwords alone are not enough, it’s time to augment or replace them with smarter, more secure authentication factors. Using other factors can also result in increased productivity. For example, location tracking can be done in the background and continuously verify employees without interrupting their work.

Multi-factor authentication can mitigate many of the security and productivity issues that come with employees accessing critical business resources from home. It does this by layering various combinations of authentication factors:

• Knowledge: Something you know (e.g., password, security questions, etc.)
• Possession: Something you have (e.g., Yubikey, smart card, etc.)
• Biometric: Something you are (e.g., fingerprint with TouchID, facial recognition with FaceID, etc.)
• Behavioral: Something you do (e.g., how you type, hold your phone, etc.).

Leveraging easier, more secure factors than passwords gives enterprises the option of reducing password use or going completely passwordless. To reduce password use, organizations often extend the length of user sessions from days to weeks, only requiring password entry during this extended session when a new device is used to sign-on. Organizations can also implement rules around longer sessions, such as only extending session length for users logged in from known locations like a corporate office. 

The next stage of maturity is passwordless login, where an alternative factor (fingerprint, authenticator app, security token, etc.) becomes the primary method of authentication. Further down the path of maturity is a bypass of both the username and password in a “zero login” scenario, enabled by storing a cookie on the employee’s device.

When talking about passwordless authentication, we would be remiss if we didn’t also mention Fast Identity Online (FIDO), a global alliance committed to solving the world’s password problem. By design, the FIDO standard for authentication does not allow passwords to be used under any circumstances. FIDO authentication methods includes device biometrics, security keys, and Windows Hello to increase resistance to advanced phishing attacks, password theft and replay attacks for web authentication.

Examine Your BYOD Strategy

Companies that are shifting to remote work out of necessity may not have the budget or time to issue employees trusted, pre-configured corporate devices. Allowing employees to bring their own devices (commonly known as BYOD) is not only a growing trend but perhaps the only option available in the short term. In order to make BYOD a reality and ensure employee productivity, enterprises require central authentication services that can easily integrate with and leverage signals from mobile device management systems (MDMs).

The integration of your user base and applications with your MDM can be accomplished with a strong identity foundation. Ensure that your central authentication services include easy admin set-up and quick user adoption. From there you can implement MFA to realize the benefits of user-friendly authentication methods (fingerprint, facial recognition) and contextual identifiers (detecting jailbroken devices, user location).

Implement Smarter, Adaptive Access Policies

Network, password and device security are crucial aspects of employee access, but there’s still more to secure. Organizations may be using outdated web access management tools to manage authorization policies for critical legacy or mainframe applications, but they struggle to secure modern resources like single-page apps (SPAs), mobile apps and SaaS. They also may not be giving enough consideration to securing the data or API layers. Enabling adaptive access security is crucial to ensuring your workforce has the right access without introducing unnecessary friction.

The first step toward adaptive access security is to create a centralized authentication service that can extend across all your resources, whether they live in the cloud or on-premises. Once those centralized authentication and authorization policies are in place, you can introduce fine-grained authorization at the data level and analyze API traffic to learn, detect and block potential threats. But this shouldn’t come at the cost of productivity. Smart policies based on dynamic risk scoring can grant access to a user, require step-up authentication if necessary or deny access altogether.

Embrace Identity Intelligence

For a majority of organizations that have embraced the cloud, mobile and “as-a-service” products, the days when the network was the security perimeter are in the past. Organizations need an identity solution that can operate at the speed and scale they’re used to. They also need a solution that can integrate with their existing technology stack and support open standards to future-proof their investments in new technologies.

Identity intelligence enables this vision by connecting all the resources within your enterprise, receiving contextual signals from multiple systems and working across the silos that have grown over time. It’s the ability to ensure secure access without introducing barriers. It serves as the organizational brain that can enforce smart policies with split-second decisions leveraging various sources such as devices, user directories, AI and fraud signals. With intelligent identity in place, your organization can break down the barriers between remote and office work and deliver exceptional employee experiences.

How SecurIT Can Help

Large enterprises in North America and Europe trust SecurIT to enable their remote workforces at scale. They use our intelligent identity solutions to speed up their businesses and allow their employees to get things done, no matter where work happens. SecurIT helps them to ensure that all of your resources are covered. No matter what product you are looking at/for. We help you to get started.

To support organizations in this transition, we’re offering up fast, free usage of selected Ping products. For organizations new to Ping, we are offering cloud-based single-sign-on and multi-factor authentication. And for existing PingFederate workforce customers, we are offering free multi-factor authentication. These products can be deployed rapidly across unlimited users and applications, keeping your work-from-home employees secure and productive.

Your enterprise needs to begin deploying a multifactor authentication solution on your network. No compromises. Full stop.

These strong statements come with the backing of mountains of cybersecurity and identity management expert research. As much as enterprises still rely on password-based single-factor authentication, it just doesn’t work. Indeed, hackers specifically target these systems because they represent easy marks. Moreover, single-factor authentication leaves you vulnerable to insider threats or even non-human automated attacks.

But how should your enterprise go about deploying multifactor authentication? Which factors should you employ in your identity security policies? Does step-up authentication make sense for your environment? Can you balance identity management with effective business practices?

We answer these questions below.

Why Single Factor Authentication Doesn’t Work

Oftentimes, cybersecurity inertia causes as much damage as evolving digital threats. Enterprises become comfortable and familiar with their current identity and access management solution. Therefore, they continue to use it even as hackers discover and deploy new methods of subverting or exploiting.

Unsurprisingly, this applies to single-factor, password-based authentication. For years it served as the foundation of identity management. Only in the past few years have cybersecurity experts and enterprises realized its inherent weaknesses. The latter, though, continues to struggle with the change.

According to researchers, passwords offer very little in terms of actual identity security. Even inexperienced hackers can crack them or purchase software that automates cracking them. Worse, hackers can now use publicly available information, such as through social media, threat actors can often guess users’ passwords. Distressingly, given the horrible password practices most users embrace, hackers often guess right.

Compounding matters further, users tend to reuse their passwords on multiple accounts, including their work accounts. As a result, any data breach could give threat actors more weapons in their credential stuffing attacks.

Obviously, these facts argue strongly for deploying multifactor authentication yesterday. But how can you do it most effectively?

Why Deploying Multifactor Authentication Matters

The principle rule of thumb regarding authentication is the more steps between access request and access granted, the more secure your enterprise.

Two-factor authentication, therefore, proves much more effective than password-only authentication for exactly this reason. However, more talented threat actors can circumvent the second step in two-factor authentication. In most cases, they can interfere with SMS messaging and trick employees into giving their passwords away without realizing it.

That’s why deploying multifactor authentication—with three, four, five, or more steps, offers so much more identity security in the long term.

Of course, the most dedicated and experienced hackers could subvert your identity security with MFA. However, this would cost them time and effort they could invest in attacking weaker targets; hackers prefer to follow the path of least resistance. Deploying multifactor authentication thus works as cybersecurity protection and as a deterrent.

Here’s how you can get the best identity and access management today.

Get the Right Solution

Deploying multifactor authentication begins with selecting the right IAM or privileged access management (PAM) solution for your enterprise. Privileged access management especially helps protect users’ identities through strong authentication, including your superusers. In fact, many serve as the innovators of MFA factors.

However, not every solution is created equal. Put another way, your distinct business use cases pose unique identity management challenges which not every solution can accommodate. Additionally, the demands of your privileged users naturally differ from those of other enterprises; the number of privileged users, their involvement in your business processes, and what databases they access regularly should affect how you begin deploying multifactor authentication.

Thus, you must select a solution that fits your needs. Don’t skimp on the self-assessment.

Deploy the Right Factors

Multifactor authentication can involve any number of potential factors. These can include:

• Geofencing.
• Time of Access Request Monitoring.
• Physical Biometrics.
• Behavioral Biometrics.
• Hard Tokens.
• SMS Messaging.

This list only scratches the surface of potential multifactor authentication.

However, not every multifactor authentication factor makes sense for every industry or enterprise. For example, SMS text messaging may not offer proper security for more remote workforces; hackers who obtain users’ devices could easily subvert that factor. On the other hand, most mobile devices offer built-in physical biometric readers; this obviously facilitates biometric authentication.

When deploying multifactor authentication, you need to consider what endpoints your users employ in their business processes. Additionally, you need to consider your IT environment and what factors make the most sense for securing it.

What About Step-Up Authentication?

No one disputes the identity security benefits of deploying multifactor authentication. Where enterprise decision-makers tend to balk is the effect MFA has on the user experience.

Indeed, additional steps at the login portal can negatively impact user convenience. In worst-case scenarios, the additional authentication factors can actually inhibit business profits and lengthen response times.

Many cybersecurity experts argue enterprises must sacrifice convenience for true identity security. After all, if your business suffered from the analog equivalent of digital threats, you would probably put up as many checkpoints as possible before granting entry.

Fortunately, step-up authentication offers a means to balance both security and convenience in user authentication. Step-up authentication asks for more authentication factors as the sensitivity of the access requests increases.

For example, a user logs in to the network by inputting only two factors. However, let’s say that the user then wishes to look at a more restricted file. The step-authentication system asks for a third and possibly fourth factor to verify the user first, even though they logged in to the network.

After that, the user requests access to sensitive proprietary data. The system, in turn, asks for more authentication factors, often the most extensive (such as physical biometrics or a hard token).

As you can see, step-up authentication only becomes apparent as users engender further risks. In addition, you can employ step-up authentication only on your privileged accounts, which can do the most damage in the wrong hands.

Deploying multifactor authentication should become a major concern for your enterprise and a top priority. Now’s not the time to let your identity and access management stagnate. Your enemies never stop innovating. Neither should you.

Original post

Officials from the Trump administration warn that the era of social distancing might continue for several weeks. Others suggest it could as long as a year or longer. In either case, online retail and remote customer relations continue to dominate the economic landscape. Additionally, so many businesses have chosen to work from home, forcing all customer relationships to go digital. Therefore your business needs to consider its customer identity and access management (CIAM) in the time of coronavirus. 

After all, we can say with no hyperbole that managing your CIAM during the coronavirus could make or break your business in the coming months. 

What is CIAM?

CIAM functions in a similar manner to more traditional identity and access management (IAM). Both provide identity security to their user bases, defending against credentials abuse and authentication failures. However, whereas IAM works to secure and verify employees and third-parties, CIAM does so for customers. 

Thus, CIAM provides recognizable capabilities such as single sign-on, login authentication protections including multifactor authentication, and session monitoring. Simultaneously, CIAM provides distinct capabilities that traditional IAM would never consider implementing. 

These include social sign-on, which uses social media credentials to log in, and password reset self-service in case customers lose or forget them. Since these capabilities could create security vulnerabilities for employees, you need a secure means to provide it to customers.

Furthermore, CIAM can help create a streamlined and personalized digital experience that benefits customers. Unlike employees, you can’t force customers to jump through hoops to verify their identity; attempts to do so only drive away potential customers. In fact, consumers will often judge a company and its products based on the online experience; they could decide to abandon their carts following a poor digital customer experience.

Finally, CIAM helps enterprises collect information on buying habits and purchasing interests. Thus it can facilitate targeted marketing campaigns and personalized experiences. These solutions can securely store this information so hackers cannot steal and exploit it. 

So CIAM clearly provides benefits to consumer-facing enterprises. Why does it matter so much in the time of coronavirus?  ALERT: Cyber threats don’t rest, even during global pandemics.

CIAM in the Time of Coronavirus        

According to Marketing Week, 91 percent of brands predict an increase in their use of online services during the coronavirus outbreak. Customer demands on digital marketplaces and retail spaces will put significant pressure on your workflows. 

Additionally, the coronavirus may have an impact similar to what happened with the SARS pandemic of 2003. This pushed more people to embrace digital commerce, which has become a vital aspect of consumer-facing business’ bottom line. Now, they potentially face the same paradigm shift, but on an even higher scale. 

CIAM can actually help with scalability, assisting with growing your digital environment to match the newfound demand. It can also, as described above, help collect and store customer identity information which can assist with much-needed personalization. Personalization, after all, can help transform first-time customers into recurring customers.

Perhaps most importantly, CIAM during the coronavirus pandemic fortifies the digital perimeter; it helps keep bad actors out of sensitive databases. Hackers prefer to take advantage of troubled times and crises to facilitate their attacks; several studies indicate that they are exploiting the COVID-19 pandemic to take advantage of people’s fears. 

Moreover, according to Ping Identity, 81 percent of consumers would stop engaging with a brand online after a data breach. Meanwhile, 63 percent of consumers believe companies are responsible for protecting their data. The long-time viability of your business hinges on its ability to fully authenticate their customers.  

Posted by Ben Canner in Best Practices