Ow! Why do companies underestimate authorisation and authentication?

26. 7. 2023

 

When a company implements an information or production system, it knows the expected return and all the future benefits. The finance manager gets better reports, the warehouse manager gets an immediate overview of available items, the accountant gets clearer invoicing documents. It can thus simply calculate the investment. The situation is far more complex as far as cybersecurity and data protection are concerned. Because you're basically "just" paying for everything to work and you don't know much about the background as a whole. That's why many companies say: "it doesn't concern us", "nobody's interested in our data" or "we have something in place, and that's probably enough". And potential gains sell to everyone significantly better than potential losses.

The Czech Republic could declare underestimating security risks a national sport. We are among the "best" in the region in circumventing the rules, showing a certain degree of haughtiness and inventing our own ways according to the available statistics. What to do about this? These are questions for Petra Dušová and Jan Trunkát, who are responsible for identity security issues within the Aricoma Digital team. On the one hand, they deal with the security of state institutions, cities, hospitals and local government authorities - while on the other hand, they develop their own products in the area of identity management, access management and, more recently, privileged accounts.

Three big "ouches"

Translated into English, this addresses the three big "ouches" that often plague companies or authorities: How to automate the authorisation and authentication of individual accounts. How to make sure that only those who really need access to data have it. Ideally, to the extent and according to the role that the person has in the organisation. And at the same time, how to ensure that no unauthorised person can get into the system.

We have seen the havoc that insufficient account security can cause in the recent past, when hackers attacked hospitals in Benešov and Brno. The paralysis of internal systems in hospitals is a huge problem, as it is not millions that are at stake like when you’re paying out on production costs, but health and lives, as operations have to be postponed. And it is a real challenge to manage such a hospital, in which the staff is constantly changing, working around the clock, and where various internal and external systems are connected to the network.

“Critical infrastructure is already addressed by the Cybersecurity Act, so hospitals or government institutions are among the entities that must have an identity management system in place and are subject to a legal obligation. For companies, however, a security manager is hard to find on the market, someone they will be forced to pay dearly for. That's why they spend a lot of time considering whether it is worth it and so leave the risks to others," explains Petra Dušová, who specialises in identity & access management within Aricoma, the largest Czech IT group.

PIM/PAM is the solution

But back to Czech companies. "It's incredible when you find out how many of them don't back up their data at all. Or how many leave data accessible and unguarded. Yet every company's greatest value - apart from its employees - lies in know-how and data. And practice shows that up to sixty percent of losses come from within. Data is compromised by people who are or have recently been employed by the company. This will not be resolved by any firewall or SIEM (Security Information and Event Management), but calls for a suitable overall strategy that includes the entire identity management. If you have no idea who is in your company, who has access to what, and what the roles of each user are, you're in trouble. And we have three different levels of solutions for each part. Users and their roles are handled by identity management, access management and movement within the PIM/PAM infrastructure," adds Jan Trunkát, who is responsible for the technical development of his own identity solution.

It is the collaboration of three diverse teams from Aricoma that makes this solution wholly unique. Experts from teams, who have long specialised in systems for the state and public administration, key management systems and digitalization of the state and those, who focus on enterprise solutions, form a unified identity solution.

Next year abroad

"When we started in 2010, it was a bit of a lottery bet. We even sold the first solution when it wasn’t completely finished. But in recent years, we have proven several times that we can match the world's greatest solutions. And as a bonus on top of that, add a better price and significantly more affordable services," says Petra Dušová.

"We benefit a lot from having a platform that addresses all types of identities. We can cover all commonly used systems and platforms such as AD, LDAP, Office 365, Google Workspace (formerly G Suite), we communicate with SAP, Navision, D365 and local or vertical specific solutions. Particularly for local customers, it is a great advantage that we can quickly push through the entire implementation. And thanks to our own development team, we are able to develop many tailor-made solutions," adds Jan Trunkát.

Nevertheless, the team, headed by Radim Drgáč, is not only targeting customers in the Czech Republic. "We are convinced that together we have put together a solution that can stand up to the European competition. Our ambition is to find a partner abroad next year and offer the whole identity management package throughout Europe. We consider it unique in terms of its combination of quality, price and service," concludes Petra Dušová.

Automation, authorisation and authentication are three words to keep in mind if you don't want to experience the painful loss of data and valuable information. 

"The Czech Republic could declare underestimating security risks a national sport. We are among the "best" in the region in circumventing the rules, showing a certain degree of haughtiness and inventing our own ways according to the available statistics."

Ethical hackers: the volume of serious risks does not decrease

17. 12. 2024

Aricoma has been involved in cybersecurity since it started its business in the first half of the 1990s. It actively examines clients' information security levels and the resilience of their technology. Clients often need to find out how secure their business perimeter is and what they need to work on. This is aided by a community of experienced penetration testers who simulate a cyber attack on a client's system. At both the network and application level, they can test the ability to withstand real-world cyberattacks from the external environment. But that's not all.

The future of AI? ChatGPT-based language models for businesses

22. 11. 2024

Chances are, you're already familiar with it and are no stranger to the word "prompt". The use of generative AI tools has massively increased in recent months, but they can't be used everywhere. Sensitive corporate data doesn't belong in the public domain. So people are looking for ways to create protected systems that allow analysis and generation of information without data leaks. Aricoma's specialised team is working on this and has therefore also teamed up with the mathematics institute of the Brno University of Technology.

We kept getting rid of chip production in Europe, now we struggle to get it back. But it is worth it

17. 9. 2024

"We've been carrying chip debt since the 1970s, Europe was happy to get rid of chip production because it's water and electricity-intensive. And now we're slowly and painfully catching up. At the same time, we will need more and more chips, and even more sophisticated ones than today," says Tomáš Pitner, professor at the Faculty of Informatics of Masaryk University and head of the research centre, about the situation in which the Czech Republic and Europe find themselves. But in exactly which way?