Connect with us

Tech Features

Provisioning and Deprovisioning – A Guide to Stronger Identity and Access Management

Published

on

Access Management

By: Christopher Hills, Chief Security Strategist, BeyondTrust

Across the Middle East, CIOs and CISOs huddle together to determine ways of making their organizations more secure so that digitalization can align with the vision of business leaders. No enterprise can afford to shut itself off from the digital economy. Whether it operates locally, regionally or globally, a business must build trust. And to do that, it must master the art of identity management. Therefore, it must understand the importance of provisioning and deprovisioning.

Provisioning is the name we give to the granting of privileges. This is a more granular process than onboarding, in which a new user account is created. Each user may have privileges granted at any time. And we should remember that not all users are humans — employees, contractors, customers, and so on. Privileges may be assigned to service accounts, machinery, and other resources. The purpose of provisioning is to maintain access while accounting for security and compliance standards.

To meet modern security standards, however, deprovisioning is just as important. Again, this does not just occur during offboarding. Privileges can be revoked all the time. Not because of a loss of trust in the person or asset that held them, but because it is best practice. Effective provisioning and deprovisioning is the foundation of a robust identity-centric security solution.

Covering the bases

Both are important. Overprovisioning can lead to a junior employee or overlooked service having unnecessary privileges, and under-deprovisioning can lead to a range of invisible issues such as unmonitored or orphaned accounts, or stale privileges. Special care must also be taken when adding or removing accounts to user groups — which carry with them a predetermined set of privileges —because these actions amount to provisioning and deprovisioning.

Any active account is a potential entry point, so it should come as no surprise that security best practice lies in minimizing the number of accounts and the access privileges they hold. If an account is no longer needed — an employee has resigned, a project has come to an end, or a range of other scenarios — then it should be disabled, deleted, or its rights downsized. Threat actors rely on organizations not following this simple practice.

Tools and tricks

Robust IAM will also include just-in-time (JIT) provisioning, which goes hand in hand with PoLP. When deprovisioning occurs, the timely revocation of access also occurs. Regularly reviewing and adjusting access rights is best practice because it prevents unnecessary permissions being exploited by malicious parties inside or outside the organization. All unused accounts should be placed in a disabled state and removed from all relevant security groups until such time as they can be reviewed and, if appropriate, deleted.

Identity and access management cannot be effective without the right tools to simplify provisioning and deprovisioning. This is because looking after the end-to-end lifecycle of identities, privileges, and entitlements is a complex task that has grown even more complex since the region’s mass migration to hybrid and multi-cloud environments. Identity management tools can streamline the creation, maintenance, and deletion of human and non-human accounts. Governance management tools enforce policies that limit access based on the assigned privileges. Lifecycle management tools are useful for ensuring (from onboarding to offboarding) that privileges always fit the role of an account owner. Privileged access management (PAM) enforces PoLP and provides a useful integration hub for other tools so that IT and security teams have single-pane control over everything that may impact identity security.

In a modern setting, provisioning and deprovisioning tools must offer automation and user behavior analytics, which means they must incorporate some flavor of AI or machine learning. To be consistent with the implementation of PoLP and other governance policies, variants of AI are necessary to minimize human error. Granting and revoking access rights in a company of even moderate size is a constant process that responds to changes in personnel and circumstances. While some of these situations may be subject to planning, others, such as real-time behavioral anomalies, are not. Threats can arise at a moment’s notice and only AI offers a practical option for timely response.

Be strong

Having established provisioning and deprovisioning as the keys to strong IAM, enterprises will find they can implement more effective lifecycle management of identities, privileges, and entitlements. As with any new measure, ongoing reviews will uncover any additional requirements, and adjustments can be made to cover new regulations, new assets, or new business models. As the identity landscape fluctuates, so should provisioning and deprovisioning strategies.

Define roles clearly. If an account owner does not need access to a resource, do not grant it (PoLP); and if they do, wherever possible, grant access only for as long as it is required (JIT). Disable and delete accounts where appropriate and monitor access across the entire ecosystem as often as is practical — quarterly or annually.

Following the guidance laid out here will strengthen your identity security posture. The modern threat actor is always on the lookout for gaps in your defenses. Unfortunately, these often take the shape of overprovisioned identities or abandoned accounts that have not been adequately addressed. The good news is that by applying the steps above, you can shore up defenses and protect the enterprise from the worst of the threats beyond its walls.  

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech Features

Digitalizing Fuel Efficiency over Engine Efficiency: Integrating Technology to Measure Consumption

Published

on

fuel efficiency

By: Rob Mortimer, Director, Fuelre4m

Modern ships are already starting to bristle with technology to measure vessel efficiency, yet one thing stands out over all the results, tech and noise. The importance of the efficiency of fuel isn’t quite understood or calculated. You’ll hear reference back to SFOC (Specific Fuel Oil Consumption) at any time fuel consumption is measured, yet while the principal is right, the measuring and calculating is far from ideal.

Heavy Fuel Oil has an energy density of between 39MJ/kg and 42MJ/kg when burnt. That’s a wide range and depends very much on the source and quality of the fuel. How is it stored, transferred, settled, heated and purified to remove pollutants, particulate, water and reduce the ‘drop’ size to help with better atomisation when introduced into the engine. Large drops of fuel don’t fully combust in the engine. They undergo secondary combustion and turn into heat energy and emissions. Our goal, and what should be the goal of the whole shipping industry, irrelevant of fuel, vessel size and function, should be to be able to account for every drop of fuel consumed.

The Fuel System Lockdown:

MFM Bunker to Bunker

The first challenge is to know and agree what is being bunkered onto the vessel in the first place. To know the mass of the bunker, we must be using a correctly ranged Mass Flow Meter.

MFM Bunker to Settling Tank

When using Fuelre4m’s Re4mx Fueloil re4mulator, we need to dose the correct amount of product for the weight of fuel that is being treated either in the bunker or in the settling tank.

MFM Settling to Purification

 Having a mass flow meter after the settling and before purification isn’t wholly necessary, but can be beneficial in understanding the temperature and density of transferred fuel, as well as understanding what the percentage of water and waste material has been lost to this point.

MFM Before Mixing Column, Pre Main Engine – Fuel In

This is the last reference check point of the fuel before it is injected into the engine. What will be reported as accurately as possible from this point will be how much fuel by weight is now passing through for combustion.

MFM Post Main Engine – Fuel Out

To understand the fuel consumption of the main engine, it’s important to be able to measure as close to the Fuel In and Fuel Out points as possible. Fuel consumption of the Main Engine should be as simple as MFM IN minus MFM OUT.

Torque / Shaft Power Meter

So, we’ve locked down the mass of the fuel flowing into the engine, now how do we measure the power produced?  Despite how it sounds, a torque meter does not measure torque. It simply measures time and distance. As forces against the propellor change, the amount of power needed to maintain the same turning speed will also change, and the propellor shaft with ‘twist’ with torque.

Why is the ranging important? Because the maximum power rating of the engine changes depending on the quality of the fuel and the energy it can release.

If your fuel produces 1kWh for 160g, 1000kg of fuel will produce 6,250kWh of power. If your fuel produces 1kWh for 180g, 1000kg of fuel will produce only 5,550kWh of power. If the maximum Fuel In capacity of the engine, from where the power rating is calculated, is 1000kg, your maximum power rating of that engine, and with it, the SFOC, has now changed.

Power Cards / Power Curves

The taking of indicator cards, allows the ship’s engineer to receive more information about the combustion process (via the draw or out of phase card), measure the cylinder power output of the engine (via the power cards), and check the cleanliness of the scavenging process (via the light spring diagram).

For the purposes of measuring the efficiency of the fuel, the power cards can be used to calculate the energy release of the fuel. This can then be used to build an algorithm to ‘range’ or adjust the power readings from the torque meter to the quality of the fuel.

MFM Auxiliary Engines – Fuel In

The auxiliary engines, strangely, are probably the easiest to prove fuel efficiency and the efficiency of the fuel on. Why? Because they’re generating electrical power that can easily be measured.

MFM Auxiliary Engines – Fuel In

A common fuel flow in and fuel flow out MFM will suffice if all of the auxiliary engines are sharing a common fuel flow system.

Auxiliary Engines – Constant Power Meter

Being able to monitor the amount of power produced at a given moment is not enough. Electrical loads can vary, and at the time once an hour that the kW reading is taken, or the kWh counter is recorded, the load just two seconds later could change. The fuel consumption for 100kWh over 3 minutes is vastly different than 100kWh over 1 hour.

Boilers & Cargo Offload Systems

Some vessels use boilers to generate steam power, running off the same fuel as the main engines. It is important to lock down all fuel consumers to understand where the fuel is being consumed.

MFM Boiler – Fuel In

Often fed straight from the settling tank without needing to go through further purification, the boiler directly combusts the fuel to generate steam from water.

To be able to calculate the boiler and fuel efficiency, we now need to firstly look at how much fuel in mass is being consumed.

Volumetric or MFM – Water In

Fresh water has a very well-known density of 1g per ml, but this is also affected by temperature. The use of a temperature compensated mass flow meter will improve accuracy of water used to produce the required steam.  

Recordable Pressure Gauge

The last variable? How much water and fuel is being used to produce the same amount of steam pressure.  

Continue Reading

Tech Features

Investing Megatrends – The transformative impact of AI

Published

on

AI impact on investment

By: Jakob Westh Christensen, Market Analyst at eToro

The one investment megatrend to watch out for is the rollout of AI. There is no doubt that this single megatrend has the potential to reshape companies and economies – and your investments.

As AI automates tasks that workers perform today manually, we will see a significant uptick in productivity in companies and economies. Seeing the megatrend is clear, but positioning your investment is the hard part. We are still in the early stages of this revolution, and I don’t expect we will see a measurable productivity impact on companies’ and economies’ output until 2 to 3 years.

While the earnings growth (and stock price gains) so far are coming from the chip designers and manufacturers, it’s vital for the successful investor to identify the sectors and companies that eventually will benefit from a productivity boost and consequently stronger earnings.

This is likely to be found in companies where they can achieve a high degree of automation, and at the same time have a strong competitive advantage. This ensures that cost cutting results in margin expansion, and not just passing on cost cutting to end users.

For example, the taxi industry could achieve an exceptionally high level of productivity per employee with the introduction of self-driving cars. While initially, the industry could see a margin expansion with a lower employee cost base, this competitive industry could soon see price competition lowering margin to ‘normalised levels’, benefiting the consumer and, to a lesser extent, the investors.

On the other hand, insurance companies could see significant cost reductions in the underwriting process, which can be highly automated. At the same time, customer habits and customer inertia can result in less price competition, benefitting the company and its investors.

Continue Reading

Features

Paving the Way for AI Success in Business

Published

on

AI in business

By Karim Azar, Regional Vice President – Middle East & Turkey, Cloudera

The digital landscape is evolving at an unprecedented pace, and at the heart of this evolution lies the transformative potential of artificial intelligence (AI). Across industries, AI is not merely a buzzword but a revolutionary force driving innovation, efficiency, and growth. Its impact extends beyond automation, touching every side of business operations and decision-making. It can revolutionize multiple sectors and fundamentally reshape the corporate industry.

Nonetheless, challenges arise with technological evolution, particularly in accessing and overseeing varied datasets across diverse environments. These challenges frequently act as obstacles to achieving successful AI implementation. In response to these challenges, the technology landscape is witnessing significant advancements in open data lakehouse technologies, providing a robust foundation for AI and analytics. Let’s delve into key technological developments and their advantages, focusing on the broader implications rather than specific products.

Unlocking Business Potential

AI has the potential to unleash new opportunities for businesses. McKinsey’s findings reveal that more than 62% of companies in the Gulf Cooperation Council (GCC) region currently utilize Generative AI in some operational aspect. The research underscores the substantial potential of AI to create tangible value in the GCC, with an estimated value of up to $150 billion.

This adoption trend is not without merit; statistics show that 83% of businesses adopting AI report substantial (30%) or moderate (53%) benefits. AI can address various challenges by providing predictive analytics and personalized customer experiences, enabling organizations to make faster and more accurate data-driven decisions.

Despite the obstacles in adopting AI, such as data management complexities and security concerns, offering air-gapped deployment for large language models (LLMs) is still a viable option. This feature boosts security, data privacy, and performance while also lowering customer operational expenses. However, overcoming these challenges requires more than just technological solutions. It demands a comprehensive approach that includes robust data governance frameworks, continuous employee training programs, and collaboration with regulatory bodies to ensure compliance with data protection laws.

AI Across Industries

AI is not a one-size-fits-all solution. It is applied differently across industries and business functions, including healthcare, finance, manufacturing, and retail. The potential uses of AI are vast, from boosting supply chain efficiency to transforming healthcare outcomes and customer service.

For example, in the healthcare industry, AI-powered predictive analytics can help doctors identify patients at high risk of developing certain diseases, allowing for early intervention and personalized treatment plans. AI algorithms can analyze market trends and financial customer behavior to recommend customized investment strategies. In manufacturing, AI-driven predictive maintenance can proactively anticipate equipment failures and schedule maintenance activities, minimizing downtime and reducing costs.

As businesses increasingly adopt AI, they invest in their organization’s future. By promoting innovation and agility, companies can leverage AI to maintain competitiveness in a digital era. Prioritizing data privacy and security helps build trust with customers and stakeholders, ensuring AI technologies’ responsible and ethical use.

AI is a significant transformation in how businesses function and innovate. Embracing AI opens up vast opportunities for organizations to reshape their operations, stimulate growth, and influence the future of business. While the journey may present challenges, the potential benefits are boundless for those willing to embrace the power of AI.

Continue Reading

Trending

Please enable JavaScript in your browser to complete this form.

Copyright © 2023 | The Integrator