How To Protect Your IAM Systems: A TAG Cyber Interview

How To Protect Your Cloud Based IAM Systems

Cloud-based Identity Access Management (IAM) systems are highly vulnerable to security breaches, human error and insider threats.

Businesses often erroneously believe that if a breach occurs, their SaaS provider will help them recover all sensitive data. However, most IAM systems don’t provide out-of-thebox backup and disaster recovery features or options. Even in the cloud, companies must take on the responsibility of protecting themselves.

acsense is a SaaS platform offering quick, easy, one-click recovery and protection for cloud-based IAM systems, such as Okta.

We were excited to talk with them to learn how their platform helps ensure IAM resiliency and business continuity for enterprise organizations.

TAG Cyber:

What are some common misconceptions companies have when it comes to their Identity and Access Management systems?

Acsense:

One general misconception is that organizations think that critical SaaS, such as Okta are protected in the cloud.

Because of this, most companies have not done a business impact analysis of their IAM systems.

Customers of a SaaS provider typically rely on the provider’s systems and services to operate their own businesses, and any disruption to these systems and services can have significant consequences, including regulatory impacts and fines, as well as financial, reputational, relational and productivity losses. At the technical and operational level, many companies are not aware of IAM business and access continuity solutions.

Consequently, they are forced to use open source or in-house scripts and tools to partially address their needs.

Unfortunately, these makeshift solutions are often unable to fully protect, backup and restore their Okta after a breach or incident, such as a misconfiguration by an employee.

TAG Cyber:

How does Acsense offer solutions to the above issues?

Acsense:

When it comes to understanding the resilience of an organization’s IAM systems, our solution makes it easy for security and risk management leaders to measure and quantify their business continuity posture.

This includes things like resiliency, hygiene and recovery. Our platform provides an air-gapped, reliable architecture, enabling organizations to protect their data assets, as well as ensure business and access continuity, even in the face of sophisticated attacks.Additionally, we aim to reduce IAM downtime and costs by providing features, such as: one-click full tenant recovery; failover access to a secondary tenant; the ability to identify and investigate changes between different points in time (PiTs); and a low recovery time objective (RTO) and recovery point objective (RPO) of approximately 10 minutes.

Furthermore, compliance is also a major focus of Acsense.

Our platform offers unlimited retention, incident investigation, data integrity checks and change management, which helps to eliminate the burden on IT organizations and ensure compliance with disaster recovery test procedures.

TAG Cyber:

What is meant by Okta’s “shared responsibility model” and what implications does this have for backups and data recovery?

Acsense:

The shared responsibility model is a way that cloud providers and customers split the responsibility of keeping their information and systems safe.

In other words, Okta takes care of some things, while the customer takes care of others. When it comes to business continuity and security, this means that Okta will make sure their systems are running smoothly, but the customer is responsible for keeping their own data and applications are secure. Therefore, the customer needs to make sure they have the right controls and processes in place to protect their data and configurations in order to keep their business running smoothly. In case of an outage by the provider, the customer should have an established plan in place to minimize the impact on their business.

This could include things like backing up their tenant and data; maintaining a disaster recovery plan; or having a way to redirect their IAM primary tenant to a secondary tenant. They should also have a clear understanding of the provider’s service level agreements (SLA) in case of an outage.

TAG Cyber:

If a company discovers they are a victim of a data breach, how long will it take them to address the issue and recover their data using acsense?
Is the process complicated?

Acsense:

If there is one thing our combat experience has taught us, it’s that when there is a crisis, it’s important for the people in charge to have a clear understanding of the situation.

Our platform makes it simple to investigate and recover any changes that happened during an attack on Okta, for example.

With Acsense, we make it easy for a company to decide whether to fail-over its Okta tenant to a stand-by tenant, or revert to any point in time before the attack with just one click.

TAG Cyber:

What is the top cyber threat facing companies in 2023?

Acsense:

As in the past year, I foresee a continuation of attacks on identity infrastructure by highly organized and sophisticated ransomware gangs.

The international extortion group, Lapsus, gained access into the servers of Okta through the compromised account of a third-party customer-support engineer. They were also responsible for attacks on Samsung, Nvidia, Uber, Microsoft and T-Mobile, to name a few.

Scattered Spider another gang targeted more than 130 firms last year using a phishing campaign called Oktapus, obtaining Okta identity credentials and multi-factor authentication (MFA) codes. It was reported that at least 114 of the companies were in the United States, with the remaining victims scattered throughout over 68 other nations. We’ve also seen an increase in credential stuffing and MFA manipulation attacks lately.

These attacks target IAM administrators and, when successful, can lead to a complete take-over of the IAM infrastructure, as well as access to all the company assets.

This is why we have made it our mission to ensure that IAM solutions have continuous accessibility, maximum uptime and next-level operational efficiency.