{"id":1814,"date":"2017-11-07T12:30:00","date_gmt":"2017-11-07T16:30:00","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=1814"},"modified":"2018-05-03T11:58:04","modified_gmt":"2018-05-03T15:58:04","slug":"access-remote-sub-dean-wiech","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/","title":{"rendered":"Access Governance and the Remote Employee by Dean Wiech"},"content":{"rendered":"
\"access<\/div>\n
By Dean Wiech<\/span><\/span><\/em><\/span><\/div>\n
\u00a0<\/span><\/span><\/div>\n
The work-at-home phenomenon is no longer a trend, but a movement. An effort that took hold in earnest at the beginning of the 21<\/span>st<\/sup><\/span>\u00a0century as the web and internet connection allowed for remote capabilities, for nearly 20 years, working remotely is the reality of the day for organizations large and small. Likewise, the vast majority of desktop applications have moved to the\u00a0cloud\u00a0and workspaces are virtualized, meaning they are easily accessible for remote employees. This means the number of remote systems and applications to manage such conditions is growing rapidly.<\/span><\/span><\/div>\n
\u00a0<\/span><\/span><\/div>\n
The challenge here is that these cloud applications are not likely connected to the internal network, so default Windows credentials will not work. For most of the applications, employees will have different credentials. It should be as easy for IT and system administrators to grant and revoke access to cloud services, as it should be for end users to access<\/a> them. As the management of the credentials and rights for these applications becomes more complex, the demand for\u00a0single sign-on (SSO)\u00a0<\/u><\/span>portals increases.<\/span><\/span><\/div>\n
\u00a0<\/b><\/span><\/span><\/div>\n
Single Sign-On Portals<\/b><\/span><\/span><\/div>\n
Single sign-on portals let users log in once. What follows is the obtainment of automatic access to multiple applications and all appropriate network resources. After confirming an employee\u2019s identity, access policies can be established to allow or deny application access, policies that determine which systems and applications should be displayed within the user\u2019s SSO portal.<\/span><\/span><\/div>\n
\u00a0<\/b><\/span><\/span><\/div>\n
Convenient for users, but this may create potential risks, making systems less secure than they otherwise could be. With these applications being accessible remotely, higher levels of authentication are required. This higher level of authentication, called strong authentication, can be achieved with the following:<\/span><\/span><\/div>\n
\u00a0<\/span><\/span><\/div>\n
\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>Something that somebody knows: username or password<\/span><\/span><\/div>\n
\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>Something that somebody owns: cell phone or token<\/span><\/span><\/div>\n
\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>Something that somebody is: biometric, including fingerprints or facial recognition<\/span><\/span><\/div>\n
\u00a0<\/span><\/span><\/div>\n
If you combine two or more of these methods during the authentication process, an extra layer of security is added, known as two-factor authorization or\u00a0multi-factor authentication<\/span>.<\/u><\/span><\/span><\/div>\n
\u00a0<\/b><\/span><\/span><\/div>\n
Attribute Based Access Control<\/b><\/span><\/span><\/div>\n
For even additional security is to include attribute-based access control (ABAC) or role-based access control (RBAC). Not only one\u2019s identity itself and the employee\u2019s role has within the company determines the access the individual receives within the portal. Additionally, such solutions like the type of device being utilized, the geo-location the portal is being accessed from and the time of day are added to the calculation. For example, the user could be prevented from accessing financial systems from their smartphone after 5 p.m. This kind of security can lock down remote applications even though the application itself does not support it.<\/span><\/span><\/div>\n
\u00a0<\/b><\/span><\/span><\/div>\n
Federated Identity<\/b><\/span><\/span><\/div>\n
To ensure and secure the communication between the single sign-on portal and the application a federated identity can be used. With a federated identity, you\u2019re able to share identity and account information between organizations and applications so that users only have to log in once to target applications. The Security Assertion Markup Language (SAML) can be used as authentication mechanism between the single sign-on portal and the application. This is a data format for exchanging authentication and authorization data between websites.<\/span><\/span><\/div>\n
\u00a0<\/b><\/span><\/span><\/div>\n
Reporting and Auditing<\/b><\/span><\/span><\/div>\n
Everything that happens within a single sign-on portal should be logged and this information used for reporting and auditing purposes. Likewise, with such information, it\u2019s possible to calculate when, how often, from where and by who certain applications are accessed.<\/span><\/span><\/div>\n
\u00a0<\/span><\/span><\/div>\n
Thus, while the expanding workplace brings with it a certain level of risk and complexity, single sign-on and two-factor authorization offers efficiency without compromising security.<\/span><\/span><\/div>\n
\u00a0<\/span><\/span><\/div>\n
Dean Wiech is managing director of\u00a0<\/i><\/span>Tools4ever<\/i><\/a>.<\/i><\/span><\/span><\/div>\n","protected":false},"excerpt":{"rendered":"

By Dean Wiech \u00a0 The work-at-home phenomenon is no longer a trend, but a movement. An effort that took hold in earnest at the beginning of the 21st\u00a0century as the web and internet connection allowed for remote capabilities, for nearly 20 years, working remotely is the reality of the day for organizations large and small. […]<\/p>\n","protected":false},"author":24,"featured_media":1815,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5,1],"tags":[142,534,533],"acf":[],"yoast_head":"\nAccess Governance and the Remote Employee by Dean Wiech<\/title>\n<meta name=\"description\" content=\"The vast majority of desktop applications have moved to the\u00a0cloud\u00a0and workspaces are virtualized\u2014they are easily accessible for the remote employee.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Edwards\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/\",\"name\":\"Access Governance and the Remote Employee by Dean Wiech\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/07\/work-from-home.jpeg\",\"datePublished\":\"2017-11-07T16:30:00+00:00\",\"dateModified\":\"2018-05-03T15:58:04+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\"},\"description\":\"The vast majority of desktop applications have moved to the\u00a0cloud\u00a0and workspaces are virtualized\u2014they are easily accessible for the remote employee.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/07\/work-from-home.jpeg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/07\/work-from-home.jpeg\",\"width\":800,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Access Governance and the Remote Employee by Dean Wiech\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer's Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6\",\"name\":\"Jeff Edwards\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g\",\"caption\":\"Jeff Edwards\"},\"description\":\"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.\",\"sameAs\":[\"https:\/\/solutionsreview.com\",\"https:\/\/x.com\/InfoSec_Review\"],\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/jedwards\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Access Governance and the Remote Employee by Dean Wiech","description":"The vast majority of desktop applications have moved to the\u00a0cloud\u00a0and workspaces are virtualized\u2014they are easily accessible for the remote employee.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/","twitter_misc":{"Written by":"Jeff Edwards","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/","url":"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/","name":"Access Governance and the Remote Employee by Dean Wiech","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/07\/work-from-home.jpeg","datePublished":"2017-11-07T16:30:00+00:00","dateModified":"2018-05-03T15:58:04+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6"},"description":"The vast majority of desktop applications have moved to the\u00a0cloud\u00a0and workspaces are virtualized\u2014they are easily accessible for the remote employee.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/07\/work-from-home.jpeg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2017\/07\/work-from-home.jpeg","width":800,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/access-remote-sub-dean-wiech\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Access Governance and the Remote Employee by Dean Wiech"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer's Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/3d31b4b6a777a91476a65c087be260e6","name":"Jeff Edwards","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8471d2b63e0587b41d829ecc153ba8e7?s=96&d=mm&r=g","caption":"Jeff Edwards"},"description":"Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.","sameAs":["https:\/\/solutionsreview.com","https:\/\/x.com\/InfoSec_Review"],"url":"https:\/\/solutionsreview.com\/identity-management\/author\/jedwards\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/1814"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=1814"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/1814\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/1815"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=1814"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=1814"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=1814"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}