In addition to our considerable competency and experience in Telecommunications and numerous Information Technologies, we have architected and Project Managed industry best, Enterprise Identity & Privileged Access Management (IAM & PAM) solutions.
IBM, after vetting our solutions, has designated us as a Federal Systems Integrator in Cybersecurity for their government clients who want to safely migrate to their most reliable Cloud Services.
Our unique solutions enable us to stop data breaches as they are attempted. Secondly, a user may also conduct personal liberties using the same access terminal that is used to access privileged files and applications. Personal liberties could include watching commercial videos and playing games obtained from less than secure sites.
Our developed solutions also allow Disabled Veterans to work from home, as remote support personnel. Others teleworking, from an airport waiting lounge on a public Wi-Fi in Bagdad, or from a foxhole in Afghanistan calling for a rescue chopper, over a portable satellite link to CINCOM in Tampa, FL, can use our solution and not be able to create a data breach.
Variations of our solution can also be used to protect infrastructure against unwarranted access of control mechanisms for:
a. Airplane flight controls by pilots and others (i.e. German Wings Airline),
b. Water supplies, filtration, and chlorination systems,
c. Public power generation and their distribution grids,
d. Flood control spillways for dams,
e. Telecommunications control mechanisms (i.e. Solar Winds Network Management System) like routers, firewalls, and switches,
f. Data Center diesel power generation and their dependent fuel & water supplies.
g. Fuel pipeline valves (i.e. Colonial Pipeline),
h. Environmental air conditioning systems and their water supplies.
i. Physical access by approved persons to critical facilities.
j. Surveillance camera controls,
k. Internet of Things (IoT) - control, data collection & telemetry devices.
l. Bitcoin Digital Currency - storage & withdrawals independent of a Central Bank.
The following is a non-confidential listing of some important components used in our comprehensive Enterprise Identity & Privileged Access Management solutions:
1. The solutions developed are designed to stop Teleworkers (Covid-19), Outside Contractors, Insiders, and others, who inadvertently or intentionally try to cause a breach.
2. Access Authentication need not be based on unreliable CAC cards & passwords. I initially use two (2) biometric “Touchless” authentication factors (facial, gesture, and/or voice). For Privileged Users (PAM) users I add an invisible Cryptographic Identifier (Confidential), followed by a third biometric factor (Confidential), if any question remains.
3. After initial authentication for PAM users, I continue to authenticate the user to confirm that the authenticated user is still the same user who was initially granted access. Most software developed solutions ignore the possibility that the originally authenticated user may have been replaced by another, “a Bad Guy”.
4. Also, after initial authentication for PAM users I continuously use behavioral analytics to determine if the authenticated user has now undergone a behavior change (i.e., Edward Snowden & Andreas Lubitz), and may now want to cause harm.
5. Access to information is granted based-on the specific authenticated user. If the user tries to violate given authorities, the system takes immediate action to terminate access and / or transfers the user to Customer Service for immediate follow-up.
6. All users can gain access to databases in multiple clouds and facilities located nearly anywhere. The required access speed is minimal, and less than 1 Mbps.
7. PAM users are continuously recorded, with Customer Service being allowed to remotely monitor activity in real-time and/or view previously recorded information. Customer Service persons are considered as PAM users.
8. The recommended terminal for PAM users is their existing issued notebook computer. They are allowed to conduct both personal liberties and secure activities on the same terminal, with no additional risk.
9. The solutions follow NIST and the Cybersecurity Strategy Implementation Plan (CSIP) that calls for all agencies to: "improve the identity and access management of user accounts on Federal information systems to drastically reduce vulnerabilities and successful intrusions."
10. Side effects of the my solutions are reduced costs, higher reliability, faster authentications than current MFA’s, and no reduction to personal liberties.
11. Lastly, to accomplish the above, my project team uses SSO tools similar to OpenIDM, such as Okta, with Java/Goovy, Python and Perl scripting, and Web technologies (e.g. Angular, Backbone, Bootstrap, Handlebars JS). The team also has good knowledge/experience with LDAP, Active directory, software development lifecycle concepts (source code management, code review, testing, etc.), large silo’d Jira-like enterprises and development systems such as GitHub, FogBugz, BaseCamp, Trello, VersionOne, plus several other different continuous integration systems like Jenkins.