In addition to our considerable competency and experience in Telecommunications and Information Technologies, six years ago we Architected and Project Managed an industry best Identity & Privileged Access Management (IAM & PAM) solutions. Unfortunately, some components of our solution are proprietary, which has made it very difficult for adoption by Federal agencies, which was our initial intent. For our solutions IBM made us a Federal Systems Integrator in Cybersecurity for their government clients who wanted to safely migrate to IBM's most reliable Cloud Services.
Our solution is unique in the many ways it stops data breaches on initial access authentication and continuously during the entire secure session. The user may also conduct personal liberties using the same access terminal that is used to access privileged files and applications. Personal liberties could include watching commercial videos and playing games obtained from less than secure sites.
As a direct result of our developed solution we can now prove that Disabled Veterans working from home, as remote support personnel, also could not create data breaches. Others teleworking, in an airport waiting lounge on a public Wi-Fi in Bagdad, or a soldier in a foxhole in Afghanistan calling for a rescue chopper over a portable satellite link to CINCOM in Tampa, FL, could also be stopped from creating a data breach.
Variations of our solution can also be used to protect infrastructure against unwarranted access of control mechanisms for:
a. Airplane flight controls by pilots and others,
b. Water supplies, filtration and chlorination systems,
c. Public power generation and their distribution grids,
d. Flood control spillways for dams,
e. Telecommunications control mechanisms like routers, firewalls, and switches,
f. Data Centers - generation, fuel & water supplies.
g. Fuel pipeline valves,
h. Environmental air conditioning systems and their water supplies for data centers,
i. Physical access by approved persons to critical facilities.
j. Surveillance cameras,
k. Internet of Things (IoT) - control, data collection & telemetry devices and systems
l. Bitcoin Digital Currency - storage and withdrawals independent of a Central Bank.
The following is a non-confidential listing of some important components used in our comprehensive Identity & Privileged Access Management solutions:
1. The solutions we use are designed to stop Teleworkers, Outside Contractors, Insiders and others, who inadvertently or intentionally try to cause a breach. Privileged Users are not restricted to only work on-site.
2. We use a Two Factor, Multi-Factor Authentication (MFA) for initial authentication (facial, fingerprint, gesture, and/or voice). For PAM users we add an invisible Cryptographic Identifier (Confidential), followed by a third bio-metric factor (Confidential) if any question remains.
3. After initial authentication for PAM users, I continue to authenticate the user to confirm that the authenticated user is still the same user who was initially granted access (Confidential). Most software developed solutions ignore the possibility that the authenticated user may have later been replaced by another (a bad guy).
4. Also, after initial authentication for PAM users we continuously use behavioural analytics (Confidential) to determine if the authenticated user has now undergone a behaviour change (i.e. Edward Snowden & Andreas Lubitz), and may now want to cause harm.
5. Access to information is granted based-on the specific authenticated user. If the user tries to violate given authorities, the system takes immediate action to terminate access (Confidential) and / or transfers the user to Customer Service for immediate follow-up.
6. PAM users are continuously recorded, with Customer Service being allowed to remotely monitor activity in real-time and/or previously recorded information. Customer Service persons are considered PAM users.
7. The recommended terminal for PAM users is their existing issued notebook computer. They are allowed to conduct both personal liberties and secure activities (Confidential) on the same terminal, with no additional risk.
8. The solutions follow NIST and the Cybersecurity Strategy Implementation Plan (CSIP) that calls for all agencies to: "improve the identity and access management of user accounts on Federal information systems to drastically reduce vulnerabilities and successful intrusions."
9. Side effects of the above solutions are reduced costs, higher reliability, faster authentications than current MFA’s, and no reduction to personal liberties.
10. Lastly, to accomplish the above, our team, is proficient in SSO tools similar to OpenIDM, such as Okta, with Java/Goovy scripting and Python and Perl, Web technologies (e.g. Angular, Backbone, Bootstrap, Handlebars JS), have a good knowledge/experience of LDAP, Active directory, software development lifecycle concepts (source code management, code review, testing, etc); large, silo’d Jira-like enterprise and development systems such as GitHub, FogBugz, BaseCamp, Trello, VersionOne, and several different continuous integration systems like Jenkins.
Contact us at any time. You might be surprised to find us at all hours of the day, night and on the weekend, ready to help you.
Marietta, Georgia, United States