In addition to our considerable competency and experience in Telecommunications and Information Technologies, six years ago we Architected and Project Managed an industry best Identity and Access Management (I&AM) solution. Unfortunately, some components of our solution are proprietary, which has made it very difficult for adoption by Federal agencies, which was our initial intent. For this solution IBM made us a Federal Systems Integrator in Cybersecurity for their government clients.
Our solution is unique in the many ways it stops data breaches on initial access authentication and continuously during the entire access session. The user may also conduct personal liberties using the same access terminal that is used to access privileged files and applications. Personal liberties could include watching commercial videos and playing games obtained from less than secure sites.
As a direct result of our developed solution we can now prove that Disabled Veterans working from home, as remote support personnel, also could not create data breaches. Others teleworking, in an airport waiting lounge on a public Wi-Fi in Bagdad, or a soldier in a foxhole in Afghanistan calling for a rescue chopper over a portable satellite link to CINCOM in Tampa, FL, could also be stopped from creating a data breach.
Variations of our solution can also be used to protect infrastructure against unwarranted access of control mechanisms for:
a. Water supplies, filtration and chlorination systems,
b. Public power generation and their distribution grids,
c. Flood control spillways for dams,
d. Telecommunications control mechanisms like routers, firewalls, and switches,
e. Data Centers - generation, fuel & water supplies.
f. Fuel pipeline valves,
g. Environmental air conditioning systems and their water supplies for data centers,
h. Physical access by approved persons to critical facilities.
The following is a non-confidential listing of some components used in our comprehensive I&AM solution:
1. The solution starts with a unique; Three-Factor Biometric Authentication that mitigates flaws in any two initial biometric authentications (facial, Iris, fingerprint, gesture, and voice), reduces the time for authentication, and is far more reliable and secure than other multi-factor authentications. The third biometric factor is used if any question remains after the first two biometric authentication factors were used.
2. Following initial authentication, the solution continues to authenticate, monitor, control, and record the computing session, fully supporting low-speed and/or high latency access for Tele-Workers, Outside Contractors and Insiders.
3. After initial authentication, the solution continues to confirm if the authenticated user is still the same user who was initially granted access. Most software developed solutions ignore the possibility that the authenticated user may have been replaced by another (a bad guy) or has had a change of heart and now wants to do harm.
4. After initial authentication behaviour analytics are used to determine if the authenticated user has undergone a behaviour change (Edward Snowden & Andreas Lubitz), and may now want to harm our country or kill us. The detection of certain behaviour changes can also cause an immediate alert and/or session termination. The system takes immediate action to terminate access based on an attempted breach, with a report being issued after the failed attempt of a breach.
5. The solution dynamically ensures that the user can conduct only pre-authorized activities in a session. If the user tries to violate given authorities, an alarm is created and access to the computing session can be immediately terminated for on-site or remote workers.
6. The solution is in compliance with NIST and the Cybersecurity Strategy Implementation Plan (CSIP) that calls for all agencies to: "improve the identity and access management of user accounts on Federal information systems to drastically reduce vulnerabilities and successful intrusions." Side effects of the solution are reduced costs and faster initial authentication.
7. Furthermore, the terminal I recommend for use with confidential or classified information is usually the same existing issued notebook computer that can still be used to conduct both personal liberties and secure activities.
8. Lastly, to accomplish the above, our team, is proficient in SSO tools similar to OpenIDM, such as Okta, with Java/Goovy scripting and Python and Perl, Web technologies (e.g. Angular, Backbone, Bootstrap, Handlebars JS), have a good knowledge/experience of LDAP, Active directory, software development lifecycle concepts (source code management, code review, testing, etc); large, silo’d Jira-like enterprise and development systems such as GitHub, FogBugz, BaseCamp, Trello, VersionOne, and several different continuous integration systems like Jenkins.
Contact us at any time. You might be surprised to find us at all hours of the day, night and on the weekend, ready to help you.
Marietta, Georgia, United States