Digital Identity

Anything that has to be trusted has an identity. An Identity is a means by which an Entity can consistently and comprehensively be identified as unique.  An Entity represents the discrete types that will have an Identity; these are people, devices, code, organizations and agents.

IAM is about managing identities and leveraging directory services to provide access control. Perimeter IAM solutions have matured over the last 10 years, however there was no full adoption across industry vectors thus there is more still to be done to ensure compliance with regulatory compliance and risk. This is even more apparent when issues are encountered when extending an organization’s identity into the cloud. I’curity provides insight into assessing an organization identity posture, its readiness to conduct cloud-based Identity, Entitlement, and Access Management (IdEA).

We provide identity solutions within the trusted network and untrusted networks that traverse the internet/cloud. Untrusted IAM solutions (Federated Identity) systems are complex but have a massive potential that needs to be unlocked to enable businesses to securely and conveniently engage with partners (B2B) and customers (B2C). The concepts behind IdEA used on premise require fundamental changes in thinking when implementing a cloud environment, particularly splitting it into three discrete functions, Identity, Entitlement, and Authorization/Access Management.

API Economy Security and Management

Technology is the critical enabler of digital transformation. Mobile and cloud, for years viewed as trends on the horizon, are now proven drivers for IT-enabled business disruption, both inside and outside the enterprise. The API, once seen as a tool for programmers, is providing both a new route to market as well as enabling disintermediation of the value chain that supports that route to market. For example, via its Product Advertising API, Amazon sells its goods through third-parties, thus extending its distribution reach. At the same time, the IT infrastructure on which these APIs run has in turn been made available for other uses through the Amazon Web Services API.

Modern Challenges

Companies must embrace digital transformation in order to stay relevant to their customers, else risk ceding market share to competitors who are able to adapt more quickly.

At its core, digital transformation is driving companies to reframe their relationships with their customers, suppliers and employees through leveraging new technologies to engage in ways that were not possible before.

These new technologies – SaaS, mobile, and the Internet of Things (IoT) – demand a new level of connectivity that cannot be achieved with yesterday’s integration approaches.

Our Recommendations

Adopt an API-led connectivity approach that packages underlying connectivity and orchestration services as easily discoverable and reusable building blocks, exposed by APIs.

Structure these building blocks across distinct systems, process and experience layers, to achieve both greater organizational agility and greater control.

Drive technology change holistically across people, processes and systems in an incremental fashion.

Database Security

The need to secure data is driven by an expanding privacy and regulatory environment coupled with an increasingly dangerous world of hackers, insider threats, organized crime, and other groups intent on stealing valuable data. The security picture is complicated even more by the rapid expansion of access to sensitive data via the Internet, an unprecedented understanding of technology, increasing economic competition, and the push to achieve greater efficiencies through consolidation and cloud computing.

Information targeted for attack has included citizen data, intellectual property, credit card data, financial information, government data, and competitive bids. Attack methodologies include hacking of privileged user accounts, exploitation of application vulnerabilities, media theft, and other sophisticated attacks collectively known as advanced persistent threats or APT.  In response to the increasing threat to data, regulations have been put in place that include the numerous U.S. State privacy laws, Payment Card Industry Data Security Standard (PCI-DSS), the U.K Data Protection Act, and the Protection Of Personal Information(POPI) Act, to name a few.

I’curity provides a comprehensive portfolio of security solutions to ensure data privacy, protect against insider threats, and enable regulatory compliance for both databases. Using Oracle’s powerful preventive and detective security controls including database activity monitoring and blocking, privileged user and multifactor access control, data classification and discovery, transparent data encryption, consolidated auditing and reporting, secure configuration management, and data masking. With these tools, we help customers to deploy reliable data security solutions that require no changes to existing applications, saving time and money.

Our Database Security focus areas:

  • Data at Rest (DAR) through
  • Database Firewall
  • Data Activity Monitoring (DAM),
  • Sub-setting & Masking
  • Encryption

Mobile Security

Mobile is becoming an essential access channel. Users expect a seamless access experience across multiple channels and enterprises require consistent access policies across those channels. The Access Management and mobile solution should ensure consistent user experience for SSO operation among native applications, and between native and browser applications based on common corporate security policies.

In a Bring Your Own Device (BYOD) scenario, the Access Management solution should be able to separate corporate data from personal data without disrupting the user experience. In customer facing mobile applications the solution should provide the ability to provide authentication and SSO among native applications and between native and browser applications.  And the ability to fingerprint and register the devices for added security.

Our Mobile Security Services include:

  • Advising on Mobile Security implementations, including SSO and device security
  • Scoping and planning of enterprise mobile security solutions
  • Help organizations to bridge the gap between mobile devices and IAM control
  • Design user experience without compromising security and provide context-driven, risk-aware access management
  • Help organizations with Enterprise mobile security strategy
  • Help organizations with customer-centric mobile security strategy