On technology

Ow! Why do companies underestimate authorisation and authentication?

26. 7. 2023

 

When a company implements an information or production system, it knows the expected return and all the future benefits. The finance manager gets better reports, the warehouse manager gets an immediate overview of available items, the accountant gets clearer invoicing documents. It can thus simply calculate the investment. The situation is far more complex as far as cybersecurity and data protection are concerned. Because you're basically "just" paying for everything to work and you don't know much about the background as a whole. That's why many companies say: "it doesn't concern us", "nobody's interested in our data" or "we have something in place, and that's probably enough". And potential gains sell to everyone significantly better than potential losses.

The Czech Republic could declare underestimating security risks a national sport. We are among the "best" in the region in circumventing the rules, showing a certain degree of haughtiness and inventing our own ways according to the available statistics. What to do about this? These are questions for Petra Dušová and Jan Trunkát, who are responsible for identity security issues within the Aricoma Digital team. On the one hand, they deal with the security of state institutions, cities, hospitals and local government authorities - while on the other hand, they develop their own products in the area of identity management, access management and, more recently, privileged accounts.

Three big "ouches"

Translated into English, this addresses the three big "ouches" that often plague companies or authorities: How to automate the authorisation and authentication of individual accounts. How to make sure that only those who really need access to data have it. Ideally, to the extent and according to the role that the person has in the organisation. And at the same time, how to ensure that no unauthorised person can get into the system.

We have seen the havoc that insufficient account security can cause in the recent past, when hackers attacked hospitals in Benešov and Brno. The paralysis of internal systems in hospitals is a huge problem, as it is not millions that are at stake like when you’re paying out on production costs, but health and lives, as operations have to be postponed. And it is a real challenge to manage such a hospital, in which the staff is constantly changing, working around the clock, and where various internal and external systems are connected to the network.

“Critical infrastructure is already addressed by the Cybersecurity Act, so hospitals or government institutions are among the entities that must have an identity management system in place and are subject to a legal obligation. For companies, however, a security manager is hard to find on the market, someone they will be forced to pay dearly for. That's why they spend a lot of time considering whether it is worth it and so leave the risks to others," explains Petra Dušová, who specialises in identity & access management within Aricoma, the largest Czech IT group.

PIM/PAM is the solution

But back to Czech companies. "It's incredible when you find out how many of them don't back up their data at all. Or how many leave data accessible and unguarded. Yet every company's greatest value - apart from its employees - lies in know-how and data. And practice shows that up to sixty percent of losses come from within. Data is compromised by people who are or have recently been employed by the company. This will not be resolved by any firewall or SIEM (Security Information and Event Management), but calls for a suitable overall strategy that includes the entire identity management. If you have no idea who is in your company, who has access to what, and what the roles of each user are, you're in trouble. And we have three different levels of solutions for each part. Users and their roles are handled by identity management, access management and movement within the PIM/PAM infrastructure," adds Jan Trunkát, who is responsible for the technical development of his own identity solution.

It is the collaboration of three diverse teams from Aricoma that makes this solution wholly unique. Experts from teams, who have long specialised in systems for the state and public administration, key management systems and digitalization of the state and those, who focus on enterprise solutions, form a unified identity solution.

Next year abroad

"When we started in 2010, it was a bit of a lottery bet. We even sold the first solution when it wasn’t completely finished. But in recent years, we have proven several times that we can match the world's greatest solutions. And as a bonus on top of that, add a better price and significantly more affordable services," says Petra Dušová.

"We benefit a lot from having a platform that addresses all types of identities. We can cover all commonly used systems and platforms such as AD, LDAP, Office 365, Google Workspace (formerly G Suite), we communicate with SAP, Navision, D365 and local or vertical specific solutions. Particularly for local customers, it is a great advantage that we can quickly push through the entire implementation. And thanks to our own development team, we are able to develop many tailor-made solutions," adds Jan Trunkát.

Nevertheless, the team, headed by Radim Drgáč, is not only targeting customers in the Czech Republic. "We are convinced that together we have put together a solution that can stand up to the European competition. Our ambition is to find a partner abroad next year and offer the whole identity management package throughout Europe. We consider it unique in terms of its combination of quality, price and service," concludes Petra Dušová.

Automation, authorisation and authentication are three words to keep in mind if you don't want to experience the painful loss of data and valuable information. 

"The Czech Republic could declare underestimating security risks a national sport. We are among the "best" in the region in circumventing the rules, showing a certain degree of haughtiness and inventing our own ways according to the available statistics."

On something different On technology Interesting people

Czechs want to help, but it has to be simple. So we made it possible for them

7. 1. 2025

The need to adapt, to deal with server and database capacity, to scale. When you say charity, you don't associate any of those words with it. But David Procházka, the founder of Donio, the largest and well-known donation platform in the Czech Republic, doesn't tend to think that way. On the contrary, he talks about Donio as a technological tool that facilitates help. In the interview, he explains what it entails and what has made it so popular. He and his team have managed to solve old problems much more efficiently using new tools.
On technology Interesting people

Let's ask children not only about how was school but also what’s up online

30. 12. 2024

It is pretty hard to imagine a job, a school day or life in general without computers, phones and technology in general. But daily exposure to them has an impact on people and contributes to shaping their lives. How can we make the most of them, the positive side, and not be influenced by the negative side? This is what psychologist David Šmahel has been researching at Masaryk University (MU) for years. In contrast to others, you will not hear apocalyptic scenarios from him. Instead, he speaks engagingly about all the consequences of the digitalisation of life that we are still unaware of. 
On technology

Ethical hackers: the volume of serious risks does not decrease

17. 12. 2024

Aricoma has been involved in cybersecurity since it started its business in the first half of the 1990s. It actively examines clients' information security levels and the resilience of their technology. Clients often need to find out how secure their business perimeter is and what they need to work on. This is aided by a community of experienced penetration testers who simulate a cyber attack on a client's system. At both the network and application level, they can test the ability to withstand real-world cyberattacks from the external environment. But that's not all.
Other articles
We care about your privacy

We use cookie identifiers that are necessary for the functionality of the website. By clicking on the "I understand" button, you also agree to use other types of cookies for statistical traffic measurement or to customize content and target marketing according to your interests.

The consent granted in this way can be revoked at any time or set according to your preferences. In the "Cookie Settings" option, you can find more detailed information on the whole issue.

I understand Cookies settings Only necessary cookies