While many of today’s organizations have made the shift to cloud-native infrastructures, for others doing so can still be challenging. In particular, older companies may find themselves dealing with legacy software and on-premise systems with security standards that may not be able to translate seamlessly to the cloud without first taking a hybrid approach.
Navigating the security advances one can make to their infrastructure is something adaptive access control management platform SecureAuth helps its users to tackle at scale. On today’s episode of The New Stack Makers podcast, Kiran Oliver, TNS associate podcast producer, spoke with SecureAuth Chief Security Architect Stephen Cox to explore the ways that SecureAuth is not only helping companies keep their user data secure, but to bolster their own internal security.
With the continued growth of mobile gaming, real-money-transactions, and IoT-enabled devices, two-factor authentication has become something of a standard in many of today’s mobile applications and websites. SecureAuth takes a different approach to two-factor authentication, expanding it beyond the standard check of a user’s identity, into setting up various check and fail systems that can help to flag a compromised account sooner. These include geolocation based technology that can help assess risk and a geofencing option for users to lock their use to a specific geographic location and flag any requests outside of the fencing area as being potential threats.
“We can look at threat intent to determine if the IP address associated with an authentication is known to be bad. We can also look at the directory and say does the profile associated with this user stored in, say a MySQL database, and say does this look like a properly formed request, or does this look like an attacker?” said Cox.
While SecureAuth is still in the process of migrating its own systems to a containerized, cloud-native infrastructure, away from its old .NET and C++ architecture, Cox explained that SecureAuth has also made use of Jenkins, Ruby, the Amazon Cloud, and an extensive CI/CD testing strategy as a part of its shift toward the future. “We have a lot of infrastructure built on top of that CI, so we can do things like analyze our code on a daily basis if there were changes made. It’s been somewhat of a challenge, especially for some of our legacy products,” said Cox.
Rather than being surprised about the cases SecureAuth has been put to use in recently, Cox noted that: “I’m always surprised with the use cases we’re not involved with. Particularly around threat detection. Data from our logging can be invaluable to a security team. I’m surprised when companies aren’t pulling authentication related data into their operations,” said Cox, adding that SecureAuth has partnered with a variety of other companies to form what it calls the Connected Security Alliance, in hopes of helping today’s organizations achieve fully integrated security solutions for their own stack.
As the conversation wound down, Cox implored developers to dig deeper into how they approach security. “I think you have to think about the security problem holistically. What are you doing across the three pillars of security as I call them: Networking, identity, and endpoint. Do you know where your gaps are currently?”
By Kiran "CK" Oliver (Read Full Article)