Identity Security – Central Office Suites SolutionTopher Taylor
Identity and Access Security in Cloud Computing
A central premise and promise of the cloud computing revolution is the agility and mobility of the workplace. 21st Century knowledge workers are not tied to a desk or even an office, they only need a computing device with internet access to be at work. Critically, the traditional security model of Firewalls and alphanumeric password rotation is insufficient for external applications hosted in the cloud. This opens a new vulnerability to data, and choosing the right technology partners to trust is paramount in maintaining Standard of Good Practice. To this end, P3 has partnered with Okta for Secure Identity and Access Management.
In a recent report by Gartner, Okta was rated highest in the industry as a leader in the ability to execute Access Management. Per Gartner, Access Management “Applies to technologies that use access control engines to provide centralized authentication, single sign-on (SSO), session management and authorization enforcement for target applications in multiple use cases.”
Small and mid sized businesses (SMBs) are increasingly being targeted by hackers as a means of accessing enterprise systems. Vulnerability to data breaches in high profile cases such as the Target hack in 2013 often are found and exploited externally. Robust defensive security strategies are generally outside the budget and scale of small and mid sized businesses. A 2016 study by the Ponemon Institute found that 55% of SMBs experienced a cyberattack in the previous 12 months, and 50% experienced a data breach over the same period.
What should be the top technology priorities for CPAs?
“I think cloud-based services, when they’re done right by the correct providers, offer [a] significantly more secure approach than most of the hosted, in-house, self-supported, self-provisioned solutions.” – David Cieslak, CPA/CITP, CGMA, principal and founder of Arxis Technology
Data breaches are not the only security concern. Ransomware attacks are proliferating as well. No matter how secure your systems are, human vulnerabilities can and are being exploited. Clicking on the wrong link and providing password data is one of the most common mistakes. Reducing the possibility of human error is a critical step to peace of mind in maintaining the sanctity of your data and systems. According to Mary Galligan, managing director, cyber risk services at audit and advisory firm Deloitte, “Small companies’ biggest risks like ransomware are caused by people clicking on things they shouldn’t click on.”
Central Office Suites
Where does the profession stand on its migration to the cloud?
“I’ve seen a few firms fully embrace the cloud and they seem to be reaping the benefits, but a lot of CPAs I work with only seem to have touched upon the cloud. The obstacles remain the same: ignorance of how the technology actually works, fear their data will not be secure, and an unwillingness to let go of the sunk cost of those historical products that they’ve already implemented. But on the positive side, I get the impression from talking with a lot of my clients that more CPAs are now more open to using cloud technologies. They’re just not sure how to make that smooth transition to the cloud platform yet.” – J. Carlton Collins, CPA, the CEO of ASA Research and author of the JofA’s monthly Technology Q&A column
With our employee lifecycle management process, employee login credentials for SAML ready applications can be provisioned without an employee ever even knowing their user log in and password information! This removes one of the biggest vulnerabilities entirely. The SAML standard is backed by 97% of Software as a Service vendors according to OneLogIn.
Onboarding an employee with a single sign on to a Central Office Suite is done by an administrator, and in cases of separation or termination, your data and systems are protected with a simple, single click of deprovisioning. Each employee is provided access to the applications they need, and only the ones they need. With the increasing importance of social media in marketing and front office function, this also facilitates access control to shared social media accounts. As the needs of business to adopt new software and technology tools to keep apace with the speed of industry changes, the ability of an employer to regulate and control employee access levels is as important as who had copies of keys and safe codes were in a previous era. P3’s Central Office Suites bring enterprise level security to our small and mid sized business clients.