Identity and access management (IAM)

Cyber security

 

Identity and access management (IAM) ensures that only the right people and job roles can access the tools they need to do their jobs. Identity management and access systems enable enterprises to manage a range of identities including people, software, and hardware like robotics and IoT devices.

 

Shield IT liaises with partners to provide a wide range of identity and access management services that include:

 

 

 

 

 

 

As part of a wider zero-trust architecture, Shield IT helps clients formulate IAM Implementation Strategy that focuses on:

 

  • Central identity management
    Shield It provides the tools and technology for managing access to resources at the identity level, thereby allowing centralised management of identities. This could mean migrating users from other systems or at least synchronising IAM with other user directories

 

  • Secure access
    Given the importance of security at the identity level, an IAM shall ensure that it is confirming the identities of logged-in users; which may mean implementing MFA or a combination of MFAs and adaptive authentications that take into account the context of login attempts including locations, time, device, etc.

 

  • Policy-based control
    Users should only be given the authorisations needed to perform their own tasks. An IAM should be designed to give users access to resources based on their job roles, their department or any other attributes as appropriate. This ensures that resources are secure, no matter when, where or how they are being accessed.

 

  • Zero-trust policy
    A zero trust policy means an enterprise's IAM solution is constantly monitoring and securing users identity and access points. Shield IT's policies and procedures ensure that each employee within the enterprise is identified and having managed access.

 

  • Secured privileged accounts
    In a secure access management system, each and every user access is granted only necessary privileges. Accounts with special tools or privileged access to sensitive information can be provided a tier of security and support that suits their status as a gatekeeper for the enterprise.

 

  • Training and support
    Shield IT provides training for the users who will be engaged with the product -- including users and administrators - and provide customer service for the long-term health of your IAM installation and its users.

 

 

Identity Governance

Shield IT's identity governance solutions enable businesses to identify risky employee populations, policy violations and inappropriate access privileges; then remediate these risk factors.

Using Shield IT's proprietary and third-party tools and technologies enterprises can put the right controls in place to meet the security and privacy requirements in their respective jurisdictions, e.g. GDPR.

We help clients provide consistent business processes for managing passwords as well as reviewing, requesting and approving access, all underpinned by a common policy, role and risk model.

By designing role-based access controls, Shield IT helps companies significantly reduce the compliance burden, manage risks and establish replicable practices for a consistent, auditable and easier-to-manage access certification efforts.

 

Lifecycle Management

A lifecycle management cybersecurity solution ensures that product security is maintained at every stage of the lifecycle, and that every stakeholder has access to relevant functions and services only at each step of the lifecycle.

By handling all lifecycle stages, Shield IT ensures that systems security is easily visualised and risks are minimized. We provide these solutions in the cloud or as a software package installed on customer’s premises.

 

 

 

Privilege Access Management

Privileged access management (PAM) solutions are a subset of identity and access management (IAM) technology that helps enterprises monitor, govern and maintain records of how privileged users and devices access business assets and networks in line with corporate protocol and regulatory norms. 

 

Shield IT deploys PAM solutions to every unique business need covering the following features:

 

ESSENTIAL FEATURES OF SHIELD IT'S PAM SOLUTIONS

 

 

  1. Multi-factor authentication using mobile-based OTP, email passwords, physical keys …etc. depending on user roles. We also deploy MFA at every point of request and integrate with third-party MFA for additional protection. 

 

  1. Audit trails for compliance: Our solution includes keeping detailed records of login attempts and access approvals, sometimes in documentation and video formats; in a secure vault for subsequent scrutiny. 

 

  1. Password vaults: Shield IT solutions store confidential data like access credentials, passwords, compliance records, screen recordings, keystrokes data, etc., in fully encrypted, centrally accessible vaults for a single source of visibility across the enterprise.

 

  1. Support for remote systems: Secure remote access is now a must-have with the rise of WFH. In addition to remote internal users, enterprises also need to monitor and record privileged access from guest accounts, such as trusted vendors, external auditors, contractual employees, and so on. PAM brings distributed enterprises under an overarching security umbrella without risks. 

 

  1. Support for hybrid hosting environments: Shield IT guarantees that client's PAM solutions are able to govern and track access to traditional data warehouses, public/private cloud applications, and web-based SaaS apps; besides app-to-app protection, so that a privilege from one environment does not “creep” into activities elsewhere.

 

  1. SIEM integrations: By integrating with security information and event management software, our PAM solutions send security alerts, raise tickets, and trigger automated remediation. PAM-SIEM integrations save a sizable amount of IT efforts, relying on connected approval workflows without fragmenting the audit trail.

 

  1. Access workflow governance: The workflow manager feature of PAM helps clients define and enforce security rules for different access conditions. It determines how the user obtains access and scenarios, where access can be reset or revoked.

 

  1. Session Monitoring, Recording and Playback

 

Shield IT provides session monitoring, recording and playback solutions for user activities to help ensure that no unauthorized changes are made or regulatory breaches committed.

 

Session monitoring

Session monitoring gives administrators a real-time view of all privileged user sessions and enables the live feed of an active session.

This solution allows administrators to terminate risky or unauthorized sessions, and even alert users.

 

Session Recording

Recording privileged sessions renders end-to-end records of a user’s privileged access; and provides an audit trail from when the user checked out a secret, to what they did on the system, to when they logged off.

 

Keystroke Logging

This solution makes it possible for all keystrokes during sessions to be recorded and made available for quick searching during the playback sessions.

 

Enhanced Session Playback

This solution allows administrators to quickly search for the exact session they want to review using different filters and a cross-session search bar to find the session they need.