On technology

Ow! Why do companies underestimate authorisation and authentication?

26. 7. 2023

 

When a company implements an information or production system, it knows the expected return and all the future benefits. The finance manager gets better reports, the warehouse manager gets an immediate overview of available items, the accountant gets clearer invoicing documents. It can thus simply calculate the investment. The situation is far more complex as far as cybersecurity and data protection are concerned. Because you're basically "just" paying for everything to work and you don't know much about the background as a whole. That's why many companies say: "it doesn't concern us", "nobody's interested in our data" or "we have something in place, and that's probably enough". And potential gains sell to everyone significantly better than potential losses.

The Czech Republic could declare underestimating security risks a national sport. We are among the "best" in the region in circumventing the rules, showing a certain degree of haughtiness and inventing our own ways according to the available statistics. What to do about this? These are questions for Petra Dušová and Jan Trunkát, who are responsible for identity security issues within the Aricoma Digital team. On the one hand, they deal with the security of state institutions, cities, hospitals and local government authorities - while on the other hand, they develop their own products in the area of identity management, access management and, more recently, privileged accounts.

Three big "ouches"

Translated into English, this addresses the three big "ouches" that often plague companies or authorities: How to automate the authorisation and authentication of individual accounts. How to make sure that only those who really need access to data have it. Ideally, to the extent and according to the role that the person has in the organisation. And at the same time, how to ensure that no unauthorised person can get into the system.

We have seen the havoc that insufficient account security can cause in the recent past, when hackers attacked hospitals in Benešov and Brno. The paralysis of internal systems in hospitals is a huge problem, as it is not millions that are at stake like when you’re paying out on production costs, but health and lives, as operations have to be postponed. And it is a real challenge to manage such a hospital, in which the staff is constantly changing, working around the clock, and where various internal and external systems are connected to the network.

“Critical infrastructure is already addressed by the Cybersecurity Act, so hospitals or government institutions are among the entities that must have an identity management system in place and are subject to a legal obligation. For companies, however, a security manager is hard to find on the market, someone they will be forced to pay dearly for. That's why they spend a lot of time considering whether it is worth it and so leave the risks to others," explains Petra Dušová, who specialises in identity & access management within Aricoma, the largest Czech IT group.

PIM/PAM is the solution

But back to Czech companies. "It's incredible when you find out how many of them don't back up their data at all. Or how many leave data accessible and unguarded. Yet every company's greatest value - apart from its employees - lies in know-how and data. And practice shows that up to sixty percent of losses come from within. Data is compromised by people who are or have recently been employed by the company. This will not be resolved by any firewall or SIEM (Security Information and Event Management), but calls for a suitable overall strategy that includes the entire identity management. If you have no idea who is in your company, who has access to what, and what the roles of each user are, you're in trouble. And we have three different levels of solutions for each part. Users and their roles are handled by identity management, access management and movement within the PIM/PAM infrastructure," adds Jan Trunkát, who is responsible for the technical development of his own identity solution.

It is the collaboration of three diverse teams from Aricoma that makes this solution wholly unique. Experts from teams, who have long specialised in systems for the state and public administration, key management systems and digitalization of the state and those, who focus on enterprise solutions, form a unified identity solution.

Next year abroad

"When we started in 2010, it was a bit of a lottery bet. We even sold the first solution when it wasn’t completely finished. But in recent years, we have proven several times that we can match the world's greatest solutions. And as a bonus on top of that, add a better price and significantly more affordable services," says Petra Dušová.

"We benefit a lot from having a platform that addresses all types of identities. We can cover all commonly used systems and platforms such as AD, LDAP, Office 365, Google Workspace (formerly G Suite), we communicate with SAP, Navision, D365 and local or vertical specific solutions. Particularly for local customers, it is a great advantage that we can quickly push through the entire implementation. And thanks to our own development team, we are able to develop many tailor-made solutions," adds Jan Trunkát.

Nevertheless, the team, headed by Radim Drgáč, is not only targeting customers in the Czech Republic. "We are convinced that together we have put together a solution that can stand up to the European competition. Our ambition is to find a partner abroad next year and offer the whole identity management package throughout Europe. We consider it unique in terms of its combination of quality, price and service," concludes Petra Dušová.

Automation, authorisation and authentication are three words to keep in mind if you don't want to experience the painful loss of data and valuable information. 

"The Czech Republic could declare underestimating security risks a national sport. We are among the "best" in the region in circumventing the rules, showing a certain degree of haughtiness and inventing our own ways according to the available statistics."

On technology

Paula Januskiewicz: Understanding infrastructure is not the same as knowing how to attack it

31. 7. 2024

The number of cyberattacks will not decrease. Let's face it and defend ourselves. This is how one could sum up the words of Paula Januszkiewicz, a Polish cybersecurity expert who spoke this spring at Security 2024, Aricoma's annual conference about IT security trends. Januszkiewicz, whose company CQURE has four offices around the world, spoke about why companies and institutions can't resist attacks, how to get more experts, and where the industry is headed.
On technology

In time we will also protect AI works, but it still takes evolution

13. 12. 2023

 

New technology has arrived and with it a lot of new questions. How many times have you experienced this? Lawyer Petra Dolejšová has done it many times, and right now she is dealing with almost nothing but the legal aspects of using artificial intelligence. "We revolve around questions of who owns the output from AI, whether it is possible to generate images of specific people and whether you can use styles such as of the painter Mucha or heroes from Marvel movies. All of this is legally quite clear, but it turns out that people are still grasping the essence of copyright law," muses the expert, who believes we have much bigger thinking to do - who do we "pin" responsibility to for any potential transgressions of technology.
Other articles
We care about your privacy

We use cookie identifiers that are necessary for the functionality of the website. By clicking on the "I understand" button, you also agree to use other types of cookies for statistical traffic measurement or to customize content and target marketing according to your interests.

The consent granted in this way can be revoked at any time or set according to your preferences. In the "Cookie Settings" option, you can find more detailed information on the whole issue.

I understand Cookies settings Only necessary cookies