Ninety-four percent of organizations that took part in the Identity Defined Security Alliance’s (IDSA) December 2019 survey experienced an identity-related breach. Consequently, there has been a 667 percent increase in spear-phishing email attacks related to COVID-19 since the end of February alone. Earlier research by Forrester found that 80 percent of all hacking-related data breaches involve privileged access credentials.
While organizations are making an effort to educate their employees about phishing attacks after the Sony debacle (in 2015), they require a more robust technology base to stay safe. Therefore, a more proactive approach is needed as organizations have much to lose. For instance, as per IBM’s 2020 Cost of a Data Breach Report, an organization, on average, might take close to 206 days to identify a data breach and another 73 days to remediate it. And if they can do that in less than 200 days, they are capable of saving $1.23 million less in breach costs.
An organization’s readiness to prevent a breach depends on how they prioritize their cybersecurity needs. While some organizations may purchase a set of cybersecurity products and determine their processes and maintenance at a later time, other organizations take a more proactive approach by analyzing their existing systems and designs, investing in a consultant, and ultimately deploying the Identity and Access Management (IAM) system on the premises or in the cloud. Ultimately, the entire process will take a couple of years, but given the risk of breach and the cost involved, organizations may find it quite expensive to independently endure cybersecurity protection. Current security issues require faster solutions. Sath’s approach provides a neo-native solution that can be up and running within 30 minutes of an organization’s requirements. “This is unheard of in the information security domain,” says Arun Binaykia, CTO, Sath Inc.
The Wizard of lAM
Since its inception 16 years ago, Schaumburg, IL-based Sath Inc has deeply understood the complex landscape of cybersecurity and implemented many Identity Management solutions and processes to address ever-changing Identity and Access Management use cases. During their tenure in the industry, Sath experts were involved in integrating and implementing products offered by the large competitor companies in the field. “We would invariably be writing a lot of code during the implementation of the products in our client environment,” says Binaykia. “In 15 years, we had enough code base to build an identity management system from scratch.” Sath launched IDHub in 2019.
IDHub is cloud-native and works well with the established clouds like AWS, Azure, Google Suite, et aI, where organizations won’t require extensive and exclusive infrastructure. IDHub is an end-to-end identity governance suite with certifications, data aggregation, provisioning, approvals, custom workflows, and reporting. IDHub is not a complementary solution, though. Apart from being a technically sound environment, it focuses on, what Binaykia calls, Sath’s biggest strength - business processes and procedures. Some companies have expertise in technology while some in business process improvement. Sath focuses on both.
Our next line of products will be focussed on ensuring that our client’s information is not compromised by the third party relationships they keep
IDHub makes the IT security team’s job easier, giving them a holistic view of the identities and their access level. IDHub uses SCIM (System for Cross-domain Identity Management) protocol to integrate with target systems, helping in provisioning, making mid-lifecycle changes, and de-provisioning accounts. Through IDHub Connector SDK, IDHub quickly combines with the existing HR system. In case of an update on any of the HR systems for an employee account, IDHub will trigger an automated sequence of actions. IDHub also ensures that any required access updates are made on all the connected apps without human intervention.
“By centralizing all of your SaaS data into an easy to use platform, IDHub gives you visibility to discover and remediate improper permissions,” says Binaykia. “This helps minimize the risk of accidental exposure through access leaks and unaccounted access that are hard to locate in individual applications’ administrator consoles.” The use of advanced analytics adds intelligence to Identity Governance functions that drive higher data quality, which optimizes the access certification workload.
"Over 16 years, we developed a deep understanding of IDM Use Cases and disappointed by the solutions in the marketplace, we decided to build a Workforce Identity Management system from the ground up"
This automated system reduces manual labor, where IT security teams need not go through each update on their own. IDHub follows a manage-by-exception scenario where it uses analytics to continuously identify and revoke unnecessary entitlements by limiting access to usage patterns.
Right access to the right people to suitable systems is the bottom line in Identity and Access Management, which has to be a continuous process. IDHub’s Role-Based Access Control provides the right access to the right group of people and gives access to the information based on the administrators’ privileges.
Administrators have a simple and easy to use control panel, with options to control their organization’s roles. Initially, administrators can create functions using the IDHub Wizard or upload bulk roles at once.
The security landscape is such that no one can guarantee that their solution will thwart all the external threats. “Every identity management system that is implemented is a story that is of subsequent failures and iterations of success,” explains Binaykia. The lifecycle of implementing an Identity Management System has always been incremental. However, the hour’s need is to start directly at 10 (on a scale of 0 to 10) and keep improving from there.
Typically, legacy lAM systems start at a 4 or 6 and aim to reach at 10. This process takes time, and each iteration is expensive. With each iteration, organizations have to deploy a code that takes weeks to get implemented. Binaykia’s personal experience says that sometimes the final product that reaches the user after iterations doesn’t match user expectations. “We had a client recently who had spent years designing, implementing and integrating a system that just did not work,” adds Binaykia. “Now they are calling us for help to fix it.” This ultimately leads to lost time within an organization.
The flexibility provided by IDHub and the expertise of Sath enables their clients to get going within weeks. This is for the entire suite of applications. But this does not mean that Sath’s solution is perfect. It means that the time saved can now be spent on failing early, learning from the mistakes, and making changes inexpensively. “This is possible because of our architecture and design, and 16 years of experience in consulting,” says Binaykia. Sath has an elaborate set of libraries that is not an asset or hub specific. It’s a full set of documentation that describes how IDHub should be implemented, starting from project charter goals, scheduling, budgeting, milestones, billing, business processes, and UAT.
An additional feature in IDHub is the ticketing system for end-users. IDHub has a help link, which will connect the end-user to a live operator who would help them through the issue upon clicking. “We have a community forum site where anyone can ask questions with our developers, get connected with our developers, product managers and architects directly with a question,” adds Binaykia.
Proof of security
While organizations make active efforts to train their employees on the importance of implementing cybersecurity, phishing, and general cybersecurity hygiene, they must provide proof of security to the insurance agencies and industry regulatory authorities. “For the last 10 years, there has been a big push from the regulators, insurance companies and risk management offices,” explains Binaykia. This is the result of data sharing among organizations, vendors, and customers.
Sath is working towards demonstrating compliance of identity and cyber assets by providing pertinent evidence of security to all the stakeholders. “Our next line of products will be focussed on ensuring that our client’s information is not compromised by the relationships they keep,” ends Binaykia.