Press Articles EN

cidaas tritt jetzt als Mitglied der Allianz für Cybersicherheit bei!
News, Press Articles EN

cidaas now joins as a member of the Alliance for Cyber Security!

cidaas now joins as a member of the Alliance for Cyber Security!

cidaas now joins as a member of the Alliance for Cyber Security!

Since mid-July we are a member of the Alliance for Cyber Security. With this great news we want to take this opportunity to explain some of the points.

The Alliance for Cyber Security is an initiative of the Federal Office for Information Security (BSI). This platform was developed in cooperation with the German Federal Association for Information Technology, Telecommunications, and New Media. (BITKOM).

The Alliance for Cyber Security is a combination of a broad range of information on cybersecurity issues and a forum for cooperation with industry, authorities, research, and science, and other institutions.

Why is this membership so important to us? cidaas itself offers several functions to improve security against unauthorized access. For example, in the age of digitalization, the number of endpoints has increased dramatically, so the standardized API security provided by OAuth2.0 and OpenID Connect makes a critical contribution to protecting digital channels.

Tools such as passwordless, secure authentication methods, multi-factor authentication, and fraud detection & botnet detection are also used in the fight against cyber threats.

We are looking forward to the exchange, the discussions and are looking forward to making tomorrow’s world a safer place – now also as part of the Cyber Security Alliance.

Please follow and like us:
SMART MFA - Multi-Faktor-Authentifizierung mit Komfort und Sicherheit
News, Press Articles EN

European Cybersecurity Month 2020: cidaas participates with free webinar on Smart MFA

European Cybersecurity Month 2020: cidaas participates with free webinar on Smart MFA

European Cybersecurity Month 2020: cidaas participates with free webinar on Smart MFA

The ECSM (European Cyber Security Month) will start again in September 2020. The ECSM offers great activities to inform citizens and organisations about current risks and measures in the fight against cybercrime. Cidaas is participating with a free webinar on Smart MFA: multi-factor authentication with convenience and security

The European Cyber Security Month (ECSM) is an awareness campaign of the EU. The European Union Agency for Cyber Security (ENISA), the European Commission and its partners have been promoting this initiative once a year since 2012. In September, there will be exciting activities to watch. This event will look at cybersecurity from the perspective of both citizens and businesses. Its main purpose is to strengthen the security of personal, financial, or internal data and to provide citizens and businesses with measures and best practices to protect themselves online.

We are enthusiastic about the initiative. cidaas is also participating with a free webinar on Smart MFA: multi-factor authentication with convenience and security on 29.09.2020. We look forward to contributing to the ECSM and to an exciting exchange of ideas.

Please follow and like us:
OIDC and OAuth2.0 with the Flutter SDK from cidaas
News, Press Articles EN

OIDC and OAuth2.0 with the Flutter SDK from cidaas

Modern login to Flutter: Social Login, Single-Sign-On and Device Biometrics

OIDC and OAuth2.0 with the Flutter SDK from cidaas

With the cidaas Flutter SDK, it is now easy to connect cidaas as identity and access management and use functions such as device biometrics, social logins or multi-factor authentication.

Flutter is an open-source UI framework developed by Google. It is based on the programming language Dart and allows to build a native app for iOS, Android, and web and desktop apps with only one source code.

In identity management, OpenID connect and OAuth2.0 are the de facto standards for secure and reliable user identification and authorization.

The cidaas Flutter SDK is available on pub.dev. There we also show how easy it is to implement the authorization code flow to OIDC.

We will answer your questions:

  • How is the access_token stored securely?
  • How are the login and logout triggered?
  • How do I create Single Sign On easily?

With the cidaas Flutter SDK, you can also use Social Login procedures such as AppleID, Facebook and Device Biometrics authenticate.

Have fun with the development and contact us if you have any questions!

Please follow and like us:
cidaas in der OpenID Foundation
News, Press Articles EN

cidaas in the OpenID Foundation

cidaas and OpenID Connect - Membership

cidaas in the OpenID Foundation

cidaas enters the OpenID Foundation as a corporate member and gets the opportunity to participate in the future of identity management as a member of one of the leading organizations and to co-design the specifications.

Since the end of April, Widas ID GmbH, which is developing and operating one of the most modern Cloud Identity & Access Management Systems with cidaas, has been a corporate member of the OpenID Foundation, thereby emphasizing its support for the organization’s standards. The OpenID Foundation was founded in 2007 and is one of the leading organizations in the field of identity management.

As a member of the OpenID Foundation, cidaas is in a continuous interaction with other members, gaining early insight into current developments of the standards, new or changing market requirements and working together with the other members and the OpenID Foundation to develop the specifications. Our Chief Product Officer, Sadrick Widmann, aptly summarizes the benefits of membership in one sentence: “Through our membership, we not only create an advantage for cidaas, but also for our customers, who can access and influence the development of important standards through us!

The decision to become a member was made during strategic planning at the beginning of the year and paves the way for cidaas to become the leading Identity & Access Management provider in Europe.

We look forward to exciting discussions, excellent events and to shaping the future of identity management Emoji EmojiEmoji

If you want to know more about cidaas, then contact us via chat, contact form or simply by phone (+49 7044 95103100) or e-mail (sales@cidaas.de)

Please follow and like us:
Extension for Typo3 login with cidaas
News, Press Articles EN

Extension for Typo3 login from cidaas

Extension for Typo3 login from cidaas

Extension for Typo3 login with cidaas

Cidaas announces its integration capability as a login provider to popular Content Management System Typo3. Users who are looking at Typo3 – a flexible yet powerful CMS, can now enjoy the features of a secure, scalable and feature rich Cloud based Identity Management System – cidaas.

Typo3 CMS has been gaining grounds as a flexibility and scalable enterprise grade CMS. While looking at these solutions it becomes essential to evaluate secure Identity Management and Storage. It becomes essential to guard data privacy and compliance to standards. This is where cidaas – a Cloud based Identity and Access System comes in.

cidaas can integrate seamlessly as a login provider, with extensions available on Typo3 Marketplace. To find one, all you need to do is search for cidaas in Typo3 Marketplace. Customers needing integration sign up with cidaas to get unique ClientID Reference. This can be then used in Typo3 extensions to now enable cidaas as Identity provider. More details with samples are provided on our Typo3 feature page or in the cidaas documentation.

Securing a CMS involves authentication and authorizing during every request. Cidaas offers this once it is configured with Typo3. Several modes of integrations allows cidaas and Typo3 to manage session state and authorized access to content. Various levels of consent requests can be delivered to end users, simply by configuring in related cidaas account.

Immediately after integration the CMS users can realize various types of login including most popular social providers like Google, Facebook, LinkedIn and many more. What more is that one can enable Multi Factor Authentication or Passwordless access with just change in configuration with cidaas system.

Cidaas is built on standard protocols and supports OAuth2.0, OpenID Connect and many more such auth standards. Under the hood, several Fraud Detection System keeps a watch on unsolicited activities when cidaas is integrated.

With cidaas gaining grounds as open standards based Identity solution, and Typo3 becoming one of the most popular open CMS, Customers can get best of both worlds without needing to worry on effort of integration. Commoditized Identity Management solution is gaining grounds allowing solutions to comply to GDPR and other such data privacy and standards without much effort.

You can find the cidaas extension for Typo3 in the Extensions Repository

Please follow and like us:
iot
Press Articles EN

Reliable “Digital Identities”: The key to digital transformation

In the age of digitalization and customer-centric business models, the protection and management of digital identities has become extremely important. Be it a small start-up, an established online retailer or a renowned insurer – every organization now operates a digital presence of some kind. This brings with it more and more logins and verification process and allows the number of digital identities to grow rapidly.

What is your guess? How many digital identities does a person have on average?

There are often more than 10! So it can be said that digital identities are the central element of current technology trends and are thus significantly involved in the digital value chain.

But what exactly are digital identities and why are they considered by companies to be the central asset for a fully digitalized value chain?

Digital identities require end-to-end identity management

Definition of “digital identity”: “Digital identity is a collection of electronic data to identify an Internet user with a physical identity. Data belonging to a digital identity are e.g. username, e-mail address, home address, account number, password, etc. and are referred to as attributes. A physical user can travel across the Internet with many different digital identities (different user name, different e-mail, etc.)” (technical report No. 114 of the Hasso Plattner Institute for Software Technology at the University of Potsdam).

However, a digital identity may not be just a physical person in the form of a customer, partner or employee; “things” such as machines and applications also have their own digital identities.

But they all have one thing in common – no matter whether man or machine – they all have to clearly verify themselves in order to be able to access digital services. Until a few years ago, the authentication of the digital person was almost exclusively based on an email password combination. But this is no longer adequate for the fast-paced and convenience-driven user. With the large number of diverse digital services and the associated “masses” of different passwords, users usually pull their own strings. If the time comes and the password is forgotten, the account owner needs a lot of patience. Resetting the password usually requires many individual action steps, during which it must always be ensured that it is the actual account holder. This is probably not the only reason why biometric methods have established themselves in recent years for accessing apps. Thanks to fingerprints, FaceID and the like, services can be accessed conveniently, quickly and above all securely, since the physical features cannot be forged.

Here, too, it shows:

Only those who maintain trust and reputation on the Internet can count on the trust of their customers.

This presents companies with three challenges:

  • To offer the user and his digital identity both the highest level of security and convenience
  • To maintain and manage digital identities in compliance with GDPR
  • To recognize customer potential through communication with the digital identity and to build long-lasting, trusting customer relationships, because the next provider is only a click away.

Customer Identity Management combines user convenience and security on a single platform

In this context, Customer Identity and Access Management (CIAM) solutions are becoming all the more significant.

Identity platforms merge the topics: Management of digital identities, data security, user comfort and their management in just a single software suite. Customers are supported throughout the entire customer journey, starting with convenient and short registration and login processes, user self services for account management, multi-factor authentication (MFA) for secure account access and single sign-on for a consistent experience across all channels.

The topic of authentication plays an important role in the secure storage of personal data, some of which is sensitive. It must be ensured at all times that the customer is actually the person he or she claims to be. Like in the “real” world, identity is the most unique characteristic of a person, organization, resource or service. However, while in the ” real ” world the verification of identity is done via the identity card and is therefore quite secure, the identification of a digital person is much more complex. As the numerous data glitches of the recent past show, traditional methods such as username-password are often not sufficient to protect customer data. However, authentication is a critical key to secure transactions and protect personal information.

Secure authentication of digital identities through two-factor queries

To identify a digital identity, CIAM tools offer a multi-factor identification, also known as two-factor identification. Multi-factor authentication (MFA) is used in today’s concepts and technologies in combination with fraud detection. By querying a second factor, a high level of security can be provided while simultaneously providing a high level of user comfort. The query of the second factor is adaptive, i.e. only in case of irregularities. Very common and secure authentication factors used in two-factor queries today are biometric features. The unique characteristics of a person such as fingerprints, face or iris are scanned and compared with the stored identity. At the same time, a Single Sign-On (SSO) can be implemented across all digital channels of a company using identity software. The customer remains logged on to all digital platforms of a company with just a single login. Authentication can be carried out using various devices. Identification via a Smart Watch is gaining popularity.

It is crucial that a company actively offers its users these diverse identification methods. Only if the user can choose his preferred method of authentication without any problems will he feel understood by the company in the interim.

GDPR Compliance via Customer Identity and Access Management

At the same time, the company must provide its users with convenient access to manage their own user data, as required by the GDPR. A good CIAM system comes along with these functionalities “out of the box”.

This also gives companies the opportunity to request users’ consent to receive tailored offers and personalised communications, in addition to requesting consent on general terms and conditions.

Another positive aspect for companies is that they are provided with the consent to process personal data (PII = personally identifiable information) required under Art. 7 (1) GDPR by the company at the push of a button. Companies are thus optimally equipped for the requirements of the EU GDPR and do not run the risk of committing data protection violations.

Even if the management requirements have become formally more demanding for companies as a result of data protection and other European regulations, they can be implemented with a corresponding CIAM tool without increased effort and, at the same time, they can even be managed in a marketing-oriented way, for example.

Are CIAM systems implemented only by large companies? Wrong! There are also great opportunities for mid-sized companies

Due to the many functionalities offered by CIAM software, the misconception often arises that only large companies can benefit from its use. Many medium-sized companies do not deal with the topic enough and often consider it to be too complex and too expensive. But that is wrong. The profitability of a customer identity system cannot be determined by the size of a company, but by the customer journey it offers its customers. The focus is therefore on both B2C and B2B customers, of course with different CIAM requirements.

But many midsize companies still focus on the protection of traditional end-points and neglect the support, management and protection of digital identity. These companies also sometimes have a large number of users on their digital channels, which are difficult to manage manually, and this number is increasing almost daily. In addition, there are positive aspects in addressing individual B2B customers, instead of contacting them via a collective e-mail address of their company (e.g. info@…), individual persons in the customer company can be identified and addressed.

Therefore, an identity management tool also offers medium-sized companies the opportunity to manage and actively use the identities of all involved persons quickly, securely and cost-effectively.

When choosing an identity tool, companies should consider the following:

  • Security for sensitive data through data encryption and integrated fraud and suspicion case detection
  • Scalability: continuous scalability based on the respective requirements
  • User-friendliness: simple user guidance an excellent user experience
  • Technical interfaces: the “everything is an API” approach allows the solution to be easily and seamlessly integrated into existing applications and processes via open interfaces.
  • Modern authentication methods to quickly and conveniently transform unknown visitors into known identities and to increase access security
  • Data governance: GDPR-compliant consent management for compliance with data protection regulations
  • 24/7 expert support and free initial consultation available

The question of whether the use of an Identity Management solution makes sense or not no longer arises today. Rather, it can be said that every company, regardless of its industry and size, needs a CIAM. Especially since the knowledge of customer data is becoming an increasingly important competitive factor. Modern identity platforms enable a significant advancement here and simultaneously balance the two appealing topics of data security and customer experience.

Dr. Sadrick Widmann – Master of Science at the Karlsruhe University of Applied Sciences, as well as key topics: Automation of Business As CPO since 2018 responsible for the product development of cidaas, a customer identity management solution of Widas IT, Germany.

Please follow and like us:
Sadrick Widmann
Press Articles EN

Don’t be afraid to think BIG.

Interview with Sadrick Widmann: “Every company needs customer identity management – many have just not realized it yet
Cidaas is one of the first customer identity and access management systems developed and hosted in Germany. Many companies know little about this topic today. In this interview, the managing director and product manager, Sadrick Widmann, answers questions about why every company needs a CIAM.

Sadrick, please introduce yourself and your product to our readers.

Sadrick: cidaas is a cloud-based customer identity and access management software that centrally manages and uniquely authenticates the growing number of identities that access an organization’s digital services and applications on a single platform. A digital identity cannot just be a customer, partner or employee – in an industry 4.0 environment, an identity can also belong to a machine that automatically exchanges data and therefore needs to be authenticated.

cidaas is a product of Widas ID GmbH, which was formed from the WidasConcepts group of companies. It was founded in 1997 by my father Thomas Widmann and focuses on strategic business and IT consulting as well as on the development of customized software solutions based on Big Data and IoT technologies and their operation in hybrid or public cloud infrastructures.

I myself have been responsible for cidaas since 2017, as Managing Director and Product Manager, and support our customers in building identity-based business models.

What is the vision behind cidaas?

Sadrick: We see cidaas as the European answer to the established North American providers and guarantee with our technical and organizational measures that the users of cidaas receive the german quality and corresponding data protection. Cidaas is “Software made in Germany” – we are not only located in Germany, but also use local servers and thus offer the highest security standards. Of course, this does not mean that we want to restrict ourselves to the German or European market only. Today, we already serve international customers from other infrastructures.

It is our desire to enable a secure and trustworthy interaction between the digital and the real world with cidaas.

Because only when I am sure that my data is protected – be it as an employee, buyer, supplier or even in the interaction between machines – will communication develop further.

The key to a successful digital transformation therefore lies in the identification, management and interaction of the digital identities of the people involved.

With cidaas we connect the growing number of applications, devices, interaction channels and associated identities on one platform. Security, scalability, flexibility and user comfort are our top priorities.

How did you get the idea and what differentiates you from other CIAM providers?

Sadrick: The original idea developed from a customer project of WidasConcepts. At that time, a renowned German medical engineer was looking for a solution for his identity and authorization management, which not only allowed the management of identities but also their authentication and authorization on a central platform.

Following the evaluation of several software solutions, we came to the conclusion that no provider could map all requirements “out-of-the-box” and that major development efforts would be necessary to configure the solution as desired. So we developed the solution ourselves and cidaas was born.

One of our unique selling points is that we are one of the first German companies to offer customer identity management software. Most of the companies that currently offer this solution in the market today come from the USA, which is a critical factor, with regard to the stricter data protection regulations for European users. Our solution is not only “Software made in Germany”, but is also completely hosted in Germany – most of it even in our own data center “Widas Cloud”.

Another aspect from which our customers benefit, and has been repeatedly proven in our projects, is that our solution is unbeatable in terms of technical functionality. Just to quote a few examples:

  • Modern and secure two-factor authentication options, including the use of biometric features
  • Everything is an API – cidaas can be connected to any existing infrastructure through API´s
  • Identity linking or de-duplication of users
  • GDPR-compliant consent management: Creation and implementation of Terms & Conditions and other data protection guidelines

And these are only a few of the features that cidaas brings “out of the box”. We have developed cidaas from the beginning in such a way that it can be integrated independently into the existing infrastructure in the shortest possible time and if sufficient internal IT know-how is available.

From the idea to the start, what were the biggest challenges you faced so far and how did you finance yourself?

Sadrick: In my view, there are two challenges that we have to face every day. The first is that digital identities and their management are still considered inadequately in most companies today. That’s striking because each of us has an average of about 30 different digital identities. However, companies are still hanging on to old security philosophies that relate to the protection of traditional endpoints. The fact that the management of access rights and information is equally important for a company’s external stakeholders as it is for its internal ones, is overlooked. Most new business models focus on the customer himself and his digital identity. And only those who know these and their needs and give them easy access to their own digital channels can do business today.

This means that we have a lot of learning and clarifying to do in our discussions.

In addition, as a medium-sized German company, we are in competition with major North American players who have long since discovered the subject of identity management and have access to a market that has developed in the meantime, and who, unlike us, often market the solution first and only then drive the development forward.

So far, we have been able to rely exclusively on private equity from the Widas Group for the financing of cidaas. However, since we have been able to attract many well-known companies in the recent months, we are convinced that we will soon be able to contribute an ever-increasing share to the success of the group.

Who is the target group of cidaas?

Sadrick: The target groups where cidaas can be used are extremely diverse. For example, “experimenta”, Germany’s largest science center, has just chosen cidaas for central user administration. This protects the data on the visitor portal from unauthorized access and the upstream processes such as registration, login and payment of tickets are now completely digital. Furthermore, cidaas makes it possible for the user to access the experiences saved in the user’s personal account again after visiting the exhibition world.

Another customer of ours is active in the field of medical technology. In this project it was important to provide seamless access across all platforms of the company through Single Sign-On (SSO), to relieve the users from the burden of authenticating themselves each time they access a different portal of the company and to give the administrators a holistic view of all customers of the company.

Our other customers are, for example, purely e-commerce companies, but also medium-sized mechanical engineers and a polymer processor.

cidaas can be used wherever a user or a machine has to identify itself and is provided with special information etc. As already indicated in the headline of the interview – every company, regardless of its size, needs cidaas. Many just don’t know it yet.

How does cidaas work? – What are the advantages? – What differentiates you from other providers?

Sadrick: cidaas is a cloud based CIAM solution. An easy-to-use dashboard allows the administrator to define how a user can identify himself and at the same time what the user can access. For authorization, biometric data, classic e-mail password queries or authentication via social login can be used, in which the existing data of the user’s social media accounts are used. In addition, dedicated roles and permissions can be assigned in cidaas, what the user can access and what actions can be performed. An example can be shown using the case of consent: The user can be provided with a service that allows him or her to change the consent he or she has given to the company’s Terms & Conditions, marketing services, etc.

In contrast to other providers, we can claim that no other customer identity management software is equipped with such a comprehensive feature set and we see another unique selling point in the fact that our data is hosted in Germany.

How’s the feedback?

Sadrick: Our users are excited. As I mentioned before, this is mainly due to the wide range of functions that cidaas brings “out of the box” and also because the usability is intuitive and the software suite integrates seamlessly into existing software architecture due to the “Everything is an API” approach. There is also no limit in terms of scalability, which means that the software adapts to the company and its growth at any time.

Cidaas – where is it headed? Where do you see yourselves in five years?

Sadrick: In five years we want to see cidaas established as one of the leading identity tools and be named in the same league as the global players.

Finally: What 3 tips would you give to aspiring businessmen?

Sadrick: Believe in your idea, maybe the time is not ripe yet, but this gives you the chance to be the ” First Mover “.

Keep a close eye on your competition and learn from it.

Don’t be afraid to think “BIG”.

Further information can be found here

We would like to thank Sadrick Widmann for the interview

Please follow and like us:
SECURITY FOR DATA IN THE DIGITAL AND REAL WORLD
Press Articles EN

SECURITY FOR DATA IN THE DIGITAL AND REAL WORLD

18.12.18 | Author : Sadrick Widmann
Published in “Digitale Welt”

A prerequisite for the secure handling of data, as also required by the GDPR, in both the digital and the real world, is that users should be able to authenticate themselves. Data can only be successfully protected if the identity of a person, service or machine is clearly established and their associated roles and access to data are defined via authorization management. The use of modern customer identity and access management tool (CIAM) ensures this.

A CIAM software enables e-Commerce, healthcare, e-commerce or banks to act GDPR-compliant and the identity of the users – be it humans or machines – to be determined unambiguously. The latter also meets the Payment Services Directive PSD2 – which requires strong authentication via multi-factor authentication (2MFA).

In the context of GDPR, the identification of users must also be taken into account, that the user has sovereignty over his data at all times, therefore he can actively give his consent to allow the use of his data and revoke this consent at any time. The observance of the new data protection regulation, which according to Art. 5 para. 1 d) requires that personal data must be factually correct and, if necessary, up to date, can be implemented quickly and legally by a CIAM system. Among other things, the customer can manage his data directly via a user self-service function. Through simple user management, customer profiles can also be deleted easily, if necessary also directly via Self Service by the customer himself, and thus the right to deletion (Art. 13 EU-DSGVO) can be complied with.

However, it must also be borne in mind that the control and management of digital data for both employees and customers extends not only to the virtual world but also includes access control and monitoring of premises in the real world, such as server and administration rooms.

IDENTITIES ARE THE KEY

In both worlds, the authentication of identities is the key to security.

Authentication is the process of logging on to a system, be it digitally to a bank account, online shop or employee portal. Or also physically to a business premises, where the identity of the user is determined and verified. Especially in the digital world, passwordless authentication is becoming more and more important. Identity is the unique identifier for a person, organization, resource or service. A modern Customer Identity and Access Management (CIAM) software based on Big Data technology not only manages the data, but also offers the corresponding authentication options and enables, for example, the distribution of roles and access rights in employee administration.

But even while protecting access to online shops, so-called “strong authentication” must be ensured. The basic EU data protection regulation (EU-GDPR) does not directly prevent authentication with user name and password. However, it is explicitly demanded that personal data must be protected from unauthorized access. At the same time, user-friendliness is becoming increasingly important.

Multi-factor authentication in combination with behavior-based fraud detection and biometric factors ensures the high level of security required by Art. 32 of the EU-GDPR.

Biometrics is the safest way to uniquely identify people. The biometric characteristics of each person are unique and therefore very personal. Recognition methods that use biometrics for personal identification are not new, as Francis Galton laid the scientific foundation for the use of fingerprints in 1892. Today, fingerprint scanning is the most commonly used biometric method worldwide.

However, compared to other biometric methods, they represent a comparatively insecure biometric method, since the features are easier to forge or replicate. In addition, moisture, dirt or simple hand cream, for example, can influence the accuracy of the measurements. But when compared to the input of PINs, for example, this recognition method is much more reliable.

The advantage of futuristic identity and access management using biometrics is that unauthorized persons have significantly more difficulty in accessing digital data or, for example, a physical location, a computing device, a network or a database.

For identification and authentication, various methods can be used and combined via CIAM software.

  • Speech recognition: Identification via voice
  • TouchID, FaceID or Android Fingerprint: Identification via device-specific authentication methods
  • Pattern: Identity using a pattern drawn by the user.
  • Push notification: Identification via accreditation only on the device used
  • TOTP: A unique, time-limited code used for identification.
  • Back-up code – In case a user does not have his mobile phone at hand
  • FIDO U2F USB-based technology for security
  • Email
  • SMS
  • IVR – Verification codes sent by voice call

MULTI-FACTOR AUTHENTICATION FOR MAXIMUM SECURITY

Software solutions based on Big Data technology and hosted in Germany typically offer a wide variety of authentication methods that are scalable and include both access management for digital and real spaces.

With a comprehensive user identity and access management tool, identities are not only verified through authentication, but access rights are also granted to customers, employees or suppliers based on their roles. These rights can include physical spaces (e.g. access to doors) and/or online spaces (e.g. access to an online shop or CRM system). All-access to data and physical spaces is comprehensively documented.

In the case of physical spaces, classic methods such as access via keycards can continue to be used, but new biometric authentication methods can also be utilized.

If the face is used as a unique identification feature for access controls, IP cameras are installed on the corresponding doors; this is a minimum manual effort. These are then configured via the central administrator dashboard. Administrators have the ability to scan images of the personnel and assign users or user groups to specific doors or areas. Based on access permissions, the access of personnel can now be allowed or restricted with the IP camera. Moreover, face recognition can also be used for authentication to digital access points in the company.

The integration into the existing IT architecture and existing security systems for doors and rooms is possible without problems with a modern Customer Identity and Access Management (CIAM) software solution.

Which authentication method is used and if multi-factor authentication is used – i.e., the combination of two or more identifiers varies by requirement. A two-factor authentication (2MFA) – for example, finger or face recognition with a password – offers a high level of security and is essential in the banking insurance sector, for example.

At the same time, the increased number of technical authentication options is accompanied by user demands for increased user comfort and scope of functions – something that plays an important role, especially in online shopping, since the user should not be diverted in the buying process. This can be achieved by using a SMART MFA. Through continuous fraud detection, based on the analysis of user behavior (behavior-based clustering), suspicious behavior is detected and a SMART MFA is triggered, i.e. a two-factor authentication or confirmation of identity is only requested if necessary.

The requirements for the protection and management of data in digital as well as real spaces, including the management of declarations of consent, for example from customers, can be easily and cost-effectively implemented by using customer identity and access management from the cloud – even for mid-sized companies.

CIAM REQUIREMENTS

When deciding on a tool, various points should be considered:

  • Scalability – so that the software can be effortlessly adapted to corporate development.
  • Cloud software hosted on German servers for GDPR conformity and quick automated updates
  • Standards such as OAuth2 and OpenID with Social Login or Single Sign-On should also be part of the product scope.
  • Can be used in the digital world as well as in the real world – to have a comprehensive system. Data fraud is often carried out by employees.
  • Simple integration into the existing security and IT architecture.

The author: Sadrick Widmann completed his Master of Science at the Karlsruhe University of Applied Sciences. He has already lectured on topics such as business process automation and programming. And he has demonstrated his management skills as the managing director of CarbookPlus GmbH. Sadrick Widmann has been CPO since the beginning of 2018 and is therefore responsible for the product development of cidaas – the customer identity management solution developed by WidasConcepts.

Please follow and like us:
a 3
Press Articles EN

Industry 4.0: Protecting endpoints effectively with Customer Identity and Access Management

22.08.18 | Author / Editor: Yael Widmann / Melanie Krauss
Published in MM Maschinenmarkt

Each interface adds new risks to a network. However, one way to securely take advantage of the benefits of Industry 4.0, is through customer identity and access management systems that guarantee a clear authentication and authorization.

The fourth industrial revolution, Industry 4.0, includes both self-regulating systems, communicating machines and the automation of production, as well as the digitalization of customer contacts and services. In all areas, whether man to machine or machine to machine, data is increasingly being exchanged automatically. This intelligent networking of product development, production, logistics and customers offers companies – also in the SME sector – the chance of higher productivity.

At the same time, the multitude of emerging endpoints creates new risks that companies have to deal with. Each endpoint gives rise to new vulnerabilities. Last but not least, it is these risks that make many medium-sized companies cautious about Industry 4.0, especially in Germany. In order to benefit from the advantages of Industry 4.0, new control mechanisms and reliable protection of accesses are needed. Professional user management integrated in the processes is extremely important for data security, as well as for process automation and user-friendly administration.

“Everything is an API” in a networked world. Because as how networking puts it, machines and products send and receive data to communicate with each other. Via interfaces, also API, connections to other systems is established. Each interface represents a potential security risk – and hence more important is to secure the interfaces.

Customer Identity and Access Management (CIAM) software therefore manages, protects and monitors portals and Web APIs through security standards such as OAuth2 or OpenID Connect. In the process, defined authentication flows are implemented. In order to be able to authenticate devices, they must be known to each other because devices must be trustworthy, before and while they interact with each other. In a clever device management system, all machines can be centrally registered, and their permissions could be managed.

Authentication and authorization

YaelWidmann

In addition to the devices, people who operate, maintain and sort out the machines play an important role, as do the decision-makers who determine the further course of production. Their unique identification and authorization is therefore a critical protective shield. Biometric authentication over face or voice is modern and efficient. In combination with intelligent fraud and anomaly detection, the opportunities of the networked system can be used without second thoughts.

The detection is based on various information available, such as access histories, logon attempts, or device information. Once a suspicious activity is detected, the fraudster can be recognized by an additional factor of authentication and, any further fraudulent transaction could be averted. Each channel is already largely secured – through strong authentication.

The second side of the coin represents the authorization. Channels and their resources require individual protection. This will require dedicated permission management of each channel, as well as an individualized authorization profile. Hence the keyword is: A defined and automated role and group management. By means of efficient allocation and control over roles and permissions, companies can, for example, have different groups of people – including customers or suppliers access their system, because in a (partially) automated and self-controlling value-added chain, a successful supply chain management and a smoothly functioning collaboration are very important.

Digitalisation focuses on the identity of the persons involved. Computers, wearables or machines provide the content context-specific to the person using the device or standing in front of it.

A customer identity and access management system enables companies to take advantage of the multiple opportunities offered by digitization, streamline processes and drive innovation in a secure and reliable ecosystem. Cloud-based, scalable software that is hosted in Germany can also be used to introduce appropriate software step by step and at a manageable cost.

* Yael Widmann is responsible for the business development of Cidaas at Widasconcepts in 71299 Wimsheim.

Please follow and like us: