Skip to main content

PATECCO Launches a New Whitepaper about Managed Services

As experts in the field of Identity and Access Management PATECCO shares its best practices about Managed Services in a new whitepaper. The whitepaper is a content version of the webinar which PATECCO hosted on 07.05.2021 – „The mapping of growing responsibilities to predictable budgets”, in partnership with EU-Hub.net.

The new whitepaper contains useful information about the latest security solutions that PATECCO team implements and describes four interesting customer success stories. Get to know in details about the essence of PATECCO IAM Consulting services, Privileged Access Management, Security Information Event Management Services, Azure AD Domain Services, Identity Governance and Intelligence, Role-Based Access Control and Recertification process.

The customer success stories about Bayer, Uniper, Innogy and Victoria University Wellington present practical examples of Active Directory migration, Managed-Service for care of the core IAM systems, and implementation of PAM solutions. They also reveal challenging situations where PATECCO successfully dealt with the problem ensuring the necessary security and peace of mind.

More about PATECCO Managed Services, check out in the document below:

How to Protect the Data and Privacy In the Cloud

The era of the cloud is in its progress. It is a constantly developing innovation that includes a broad set of public, private, and business process outsourcing capabilities. Cloud computing relies on sharing computer resources rather than having local servers or personal devices to handle applications. Nowadays, organizations use cloud services for data storage and doing their daily operations. Despite of various advantages like scalability, flexibility, productivity, security is the major concern for cloud computing. One of the main security issues is how to control and prevent unauthorized access to data stored on the cloud.

There are various techniques able to control unauthorized access to data. One such technique is RBAC (Role Based access Control) model. RBAC method controls the access to data based on roles given to individual users within an organization. Besides, RBAC model provides flexible control and management using two simple mappings.  First is User to their role in the organization and second is Roles to accessible data to that Role.

  1. Implementing a strong RBAC policy

Implementing a strong RBAC policy helps for building up a strong visibility strategy and provides a better security solution for accessing data on cloud. Roles in RBAC are mapped to access permissions, and all users are mapped to appropriate roles and receive access permissions only through the roles to which they are assigned.

Controlling the access through roles gives benefits to organization and simplifies the management, as well. Typically, role-based access control model has three essential structures: users, permissions and roles. A role is a higher level representation of access control. User corresponds to real world users of the computing system. User authorization can be accomplished separately; assigning users to existing roles and assigning access privileges for objects to roles. “Permissions” give a description of the access users can have to objects in the system and “roles” give a description of the functions of users.

2. Management and Automation

Unifying an organization’s security infrastructure not only eases management, but also helps ensure that consistent security policies are applied wherever applications run, data is stored, or infrastructure is built. Moreover, it enables the automation of security lifecycle management processes and helps ensure compliance. These capabilities allow organizations to manage cloud and on-premises infrastructures similarly by leveraging the same level of visibility and control. Centralized management and automation help organizations meet risk management and regulatory compliance objectives. Effective security management and automation consists of  three primary elements: visibility, control, and compliance.

  • Visibility

The ability to consistently see all applications, networks, infrastructures, security events, and logs in a multi-cloud environment is a cornerstone of a security posture assessment. Such assessments are both a starting point and an ongoing process of security management.

  • Control

Control refers to applying configuration changes and populating the security infrastructure with the relevant resource-related information pertaining to the multi-cloud security posture. Besides, the control framework should extend to the native security functionality provided by each cloud platform. This allows administrators and operators to apply security changes throughout the infrastructure.

  • Compliance

Maintaining a consistent security posture and automating security operations significantly increases an organization’s ability to maintain regulatory compliance. In addition, centralized security management, automated workflows, and shared threat intelligence help enterprises quickly react to emerging threats.

PATECCO Cloud Access Control tools for data and privacy protection

PATECCO Cloud access control tools offer a greater flexibility whilst maintaining the levels of security essential to their business. Cloud access control provides secure deployment options that can help enterprises develop new customer experiences, enable effective collaboration and improve speed to market – all while increasing IT efficiency

1.Cloud Access Control: REST API

PATECCO MIM 2016 REST API. This fully functional CRUD tool acts like a convenience gateway between your applications and MIM Portal providing the following benefits:

  • Faster response times due to the integrated cache.​
  • Offers better support for different clients and increased productivity through automation.​
  • Increased level of security by easy integration with API Gateways (Axway Amplify, APIGEE and etc.).​
  • Supports Push Notifications providing easier integration with SIEM or other Event based tools (Azure Event Hub and etc.) adding additional flexibility to your applications.​
  • Cloud ready. Installed on Azure provides easier access for your cloud apps and transforms. Microsoft MIM 2016 infrastructure for Data Stream compatibility.

2. Cloud Access Control: Microsoft PIM

PATECCO offers clear migration path from an On-premise Identity System to the Azure Premium AD and Microsoft Privileged Identity Management (PIM).

  • Analyse and transform current RBAC model to a one based on Azure AD and protect the roles with Microsoft PIM.​
  • Transform and organize Azure AD logs to Events integrated to the Azure Event Hub infrastructure.​
  • Transform and adapt current workflows to the newest cloud native Azure Logic Apps infrastructure and handle all needed customizations through Azure Functions.​
  • Provide level of support for the legacy infrastructure through Azure Active Directory Sync or through our own PATECCO PAM tool. ​

3. Cloud Access Control: Azure AD Domain Services

  • PATECCO offers clear migration path from On-premise Active Directory to Azure AD Domain Services
  • Azure Active Directory Domain Services (Azure AD DS) Provides managed domain services with a subset of fully compatible traditional AD DS features such as domain join, group policy, LDAP, and Kerberos/NTLM authentication.
  • Azure AD DS integrates with Azure AD, which itself can synchronize with an on-premises AD DS environment, to extend central identity use cases to traditional web applications that run in Azure as part of a lift-and-shift strategy.
  • Use of Azure AD Application Proxy feature which provides the ability to securely access internal apps from outside your network.

For the different kind of organizations throughout the world, cloud computing has become a key element of their ongoing IT strategy. Cloud services give organizations of all sizes access to virtually unlimited data storage while freeing them from the need to purchase, maintain, and update their own networks and computer systems. Microsoft and other cloud providers offer IT infrastructure, platform, and software “as a service,” enabling customers to quickly scale up or down as needed and only paying for the computing power and storage they use.

However, as organizations continue to take advantage of the benefits of cloud services, such as increased choice, agility, and flexibility while boosting efficiency and lowering IT cost, they must consider how the cloud services affect their privacy, security, and compliance posture. It is important for the cloud offerings to be not only scalable, reliable, and manageable, but also to ensure  your customers data is protected and used in a transparent manner.

How to Achieve Stronger Protection for Applications, Business, and Customers with AZURE AD B2C

Microsoft Azure Active Directory B2C is a cloud-based identity and access management service focused on facilitating business to consumer applications. It is used for authentication, authorization and allows users (consumers) to authenticate quickly by using social media logins (including Facebook, LinkedIn and Google, Amazon, and Microsoft accounts).These services simplify account creation process by consumers and add self-management. That means that users can change their sign-up and profile details, and to reset the passwords they create.

Depending on the company’s needs and strategy, you can choose between two types of Azure AD B2C:

Azure AD B2C Basic: Azure AD for “basic needs” leverages a dedicated “Microsoft Basic Trust Framework” in which you can customize policies.

and

Azure AD B2C Premium: Premium edition gives you full control, and thus allows you to author and create your own Trust Framework through declarative policies. Azure AD B2C Basic is upgradable to the premium edition at any time, with a smooth migration path for the customized policies.

The extensible policy framework of Azure Active Directory (Azure AD) B2C is the key strength of the service. It could be simply explained by the following structure:

Sign up policies – offer basic settings: identity providers, application claims and MFA settings and Sign in policies – offer the same basic settings as sign up policies, but they do not have settings for information that a user has to supply.

The other advantage of Azure AD is to provide you the ability to create multiple policies of different types in your tenant and use them in your applications as needed. Policies can be reused across applications. This flexibility enables developers to define and modify consumer identity experiences with minimal or no changes to their code. (Source: Microsoft).

Azure Active Directory B2C helps organizations to build a cloud identity directory for their customers, so there is no need of on-premises AD. Thanks to that solution, enterprises are able keep their applications, business, and the customers protected. In contrast to Azure B2B, Azure B2C does not support SSO to Office 365 or to other Microsoft and non-Microsoft SaaS apps. The applications, able to work with Azure AD B2C should be based on OAuth 2.0 and OpenID Connect standards.

When our clients ask us why we use Azure AD B2C we are always ready with an answer listing the main benefits that solution brings:

  • Convenience: Handles multi-factor authentication and password self-service reset with just a flip of a switch.
  • Time Savings: The solution is relatively quick to deploy.
  • Cost Savings: A lot of third-party authentication services are expensive. Azure AD B2C is pay-as-you-go and has reasonable prices.
  • Security: Delivers integration with multi-factor authentication (an important element regarding security and upcoming regulations under the GDPR).
  • Integration: It can integrate with additional data sources and services to build a single consumer identity view.

For more information about PATECCO solutions, check out here: