Wish I Knew How Easy it was to be Rid of My VPN with the SPGateway

If you think the only way to provide remote access to your applications is a Virtual Private Network (VPN), then you may be surprised to discover that you’ve been mislead. The truth is, VPNs are expensive and an unnecessary security risk.

Lots of people believed VPNs were the best solution or that there are no alternatives for secure remote access, and it’s not your fault if you adhered to the same mindset. Better solutions for VPNs just haven’t been covered by the technology press — it’s a pretty boring subject, and it’s hard to get high ratings and those sought-after ad dollars that the media outlets need to function. Now, if VPNs were as hot as say Bitcoin, or Beanie Babies in the 90’s — well, I wouldn’t have to write about them I suppose, but I digress.

The good news is that it’s not too late to begin understanding what the market has to offer you as alternatives. The simplest way to provide secure remote access is with a dynamic application tunnel: the SPGateway.

VPNs Can Be Hacked

Several years ago, Edward Snowden escaped from the USA with a long list of documentation and software about how the US intelligence community was able to attack many systems that people previously assumed were secure, including the two leading VPN solutions at the time.

More recently, we’re now patching any system running an Intel chip released in the past 2 decades. These types of attacks are sophisticated, requiring tools and technology that come from governments with vast resources. A VPN is much more likely to be compromised by something simpler: passwords.

As experienced security professionals, we know that passwords are the weak link in computer security; they’re easily forgotten and result in calls to your helpdesk, people re-use them frequently, they can be stolen, and the list of potential risks goes on.

I know what you’re thinking — yes, you can improve the security of your VPN by patching systems and utilizing Multi-Factor Authentication (MFA), but these solutions can also be expensive. Let’s face it — leaving your VPN vanilla is just not an option in today’s modern IT landscape.

For a strong security posture, you need to take initiative to protect yourself. Alas, if your VPN is compromised and a malicious user gains too much access to your enterprise; you’re in for a world of hurt. In fact, many of the data breaches we hear about in the news are a result of misused credentials exposed over a VPN.

VPN Proxies: Explained

One thing that almost no one knows about the dark web is that it uses a type of VPN proxy network where browsers are configured to route requests through a series of proxies to hide traffic. A proxy server is a server that sits between your computer (or smart device) and the services you wish to connect to. They are often used within corporate environments to restrict access to the Internet from internal computers as a security measure.

They are often popular options for consumers to use on the Internet as well as they can be used to route around government censorship, access geographically restricted content, and for personal security reasons.

You can configure a proxy server as a “reverse” proxy where the server is used to allow access from the Internet to a set of services. Many companies have deployed reverse proxies all over their network. Personally, I visualize them as the barnacles of the network, like barnacles on the hull of a ship. They may seem harmless at first, but they collect over time and slow the ship down. If not removed, they lead to increased maintenance, administration costs, and safety issues over time if not streamlines and managed appropriately.

In our barnacle analogy, the ship crew (aka, the enterprise’s IT administrators) typically want to reduce the number of reverse proxies they have deployed in their network.

Avoid Security Gimmicks

I think security systems should be flexible and well-polished — like gymnasts — more often, they’re implemented and serve their users like esoteric yoga studios, like the latest trend… Goat Yoga?… Really!?

When your VPN contract is up for renewal, and you’re shopping around, try to avoid Googling, “Best VPN Software” because you’re sure to find some interesting, albeit poorly executed, solutions out there. Instead, opt for a solution that is tested and true; give us a call and check out the SPGateway. We make easy work of replacing your VPN and welcome the opportunity to discuss your project at length.

Here are some benefits to consider with the SPGateway: 

  • It’s a single hardened appliance that provides you the world’s first dynamic application tunnel.
  • It’s a virtual appliance that can be deployed on-premises or in the cloud.
  • It works with any authentication source.
  • It enables SSO with any web application, including Oracle E-Business Suite, Microsoft SharePoint, and many others.
  • It can replace your VPN.

If you’re ready to ditch your VPN and replace it with a superior solution like the SPGateway, then contact us at info@icsynergy.com.

Introducing the Simplest Way to Use Biometric Authentication with BioSig-ID and the SPGateway

If you can swipe, you can securely authenticate

About 6 months ago, we connected with a software security company called Biometric Signature ID (BioSig-ID). They provide a simple solution to a hard problem — how to securely authenticate someone without complicated passwords, thumbprints, or retina scans.

Basically, they figured out that we all draw a little bit differently. For example, if you and I both draw “262018” – visually they might appear to be the same, but they’re not. I might draw it a little faster than you or I might have trouble with the 8, etc.

The secret is leveraging machine learning so the system can actively learn how I draw 262018 according to a variety of standards or metrics. If someone does try to copy me, the system can differentiate between me and anyone else by tracking how I draw.

Granted, this description is over-simplified, but you get the general idea. Here’s a link to their video going into more depth.

BioSig-ID works on all computing devices – laptop, desktop, tablet, and smartphone. It’s designed to be user friendly so that even a child can use it for logging in, but while the application of this technology is extensive, there are limitations — particularly when it comes to enabling Single Sign-On across an enterprise for large-scale commercial use. That’s where we come in. By leveraging ICSynergy’s SPGateway in combination with BioSig ID, we enable the enterprise app use case.

SPGateway Provides Fort Knox Security With Homer Simpson Simplicity

BioSig-ID and the SPGateway have a native integration with each other. This means that you can use these technologies to log in to your systems either as the only form of authentication or as part of an MFA solution.

After swiping, the SPGateway then translates that identity into an active session in any Web application, such as Oracle E-Business Suite, Microsoft Sharepoint, and other custom applications.

In order to achieve a strong security posture, we would recommend considering BioSig-ID configured with trusted device management and the SPGateway — creating a secure remote access system that would be almost as tough to break into as Fort Knox. We’ve made it simple.


We’d love to hear from you and start on your custom IAM solution today. There are several different ways to get in touch with us, so pick your favorite and let’s start solving problems today.

Google Validates SPGateway For Hybrid Cloud Security

What’s the most secure way to provide remote access to employees?

If you’re like a lot of organizations, you’ve probably wondered if there’s a better way to provide remote access to employees than a VPN. Maybe you’ve even wondered how large enterprises like Google do it. The truth is Google ditched their VPNs for a reverse proxy architecture. Interested? You can do the same thing with the ICSynergy SPGateway.

Surprised? Well you’ll be even more surprised when you discover how leveraging trusted devices can also improve security. Read on to find out how to implement secure remote access with the SPGateway and finally get rid of your VPN.

VPNs No Longer Make Sense

Virtual Private Networks (VPNs) were required 20 years ago when we first required remote access to our networks. Back in the 90s, web applications were still in their infancy and most of us needed Windows applications to do our jobs.

Now that we’re in the era of HTML5 and smartphones, web applications can run an array of apps that we couldn’t have imagined in ‘96 when the blink tag was considered advanced. Someone has even ported MS-DOS that runs entirely in Javascript.

Today, if you really need access to a Windows application, it makes more sense to access it through a virtual desktop environment that can run over HTTP. VPNs expose too much of your network to the outside. A small misconfiguration in your VPN or a compromised account can result in a malicious user/hacker owning your network, which is a scary thought.

No Session Hijacking with a Dynamic Application Tunnel

A common fear using SSO in a Web environment through a proxy is when applications share session information and cookies that can be stolen. Instead of using a VPN, use a sophisticated and secure remote proxy technology; a dynamic application tunnel. The first (and, as far as we know, the only) of its kind is the SPGateway.

The SPGateway doesn’t allow the use of any “super” cookies. It accomplishes this by continuously monitoring session information and blocking anything that might indicate a session being hijacked.

Eliminate Key Fobs and Use Your Smartphone With An IDaaS

It’s well known how easy passwords can be compromised, which is why many organizations have deployed MFA solutions like RSA that require physical key fobs to generate one-time passwords. While secure, they have pitfalls in that they are expensive to deploy/maintain and easy to lose.

Today we have stronger MFA technology that leverages applications on our smartphones while working seamlessly with IDaaS providers. In addition to eliminating the expense of a key fob, it’s also easier to use and harder to lose your phone. Traditionally, MFA is achieved in this scenario using cookies. Cookies are small bits of code that your web browser stores to allow applications to maintain a state between requests; without them we couldn’t have Web SSO. In these old generation solutions, if a cookie is shared between Web applications for SSO, a malicious user could gain access and compromise multiple apps simultaneously.

Dynamic application tunnel via SPGateway - diagram
Dynamic application tunnel via SPGateway – diagram

Using the SPGateway as a Dynamic Application Tunnel eliminates this threat/risk. Your MFA can ask for a confirmation on the application instead of typing in an OTP code. You can even require the user to identify themselves to the MFA app first on their phone with the phone’s native biometric authentication, thus enabling stronger security.

The Next Network Security Evolution

Most organizations know to implement a strong password policy, and some are also beginning to understand the importance of MFA and are beginning their own implementations. The next evolution in network security will entail allowing only trusted devices on your network.

The added benefit to your security posture with a trusted device is the additional piece of identity that’s shared with your authorization services before a device is granted access to the network; the actual identity of the device itself — a device specific certificate. In this scenario, for a malicious user to compromise your network, they must know your password, your MFA code, and have access to a trusted device.

This is a recommended approach to achieve a strong security posture, and a simple means of deployment is using the SPGateway. While we have given you three good reasons to replace your VPN, we’ve only just scratched the surface when it comes to the full capabilities and use-cases for the SPGateway.

Below are a few ICSynergy resources you can use to learn more. If you have any questions, feel free to contact us at info@icsynergy.com:

3 Smart Reasons To Use The SPGateway For Enabling SSO For Oracle E-Business Suite (EBS)

Let’s start with a few IT-related requirements:

  • You need to reduce the number of password related Helpdesk calls.
  • You require Multi-Factor Authentication for at least one of your Oracle E-Business Suite application modules.
  • You require remote access for EBS.

If you agree with any of these statements, then it’s fair to say you may have a problem on your hands. Fortunately, we’ll be addressing each of these to help shed some light on how to best handle the associated challenges. Roll up your sleeves and let’s dive in to the world of EBS Single Sign-On!

Reduce Helpdesk Calls

One of the most time-consuming and process-interrupting tasks for employees is having to call the Helpdesk because they forgot their password. According to Gartner, nearly 50% of all Helpdesk calls are due to user-forgotten passwords, and Forrester Research estimates it costs companies $70 for a single password reset. It may not sound like a lot, but it certainly adds up and, more importantly, is avoidable.

In the past, some organizations have been able to reduce password resets using Windows Desktop Authentication (aka Integrated Windows Authentication). Though the only way to enable SSO with Oracle E-Business Suite was by deploying an enterprise-wide authentication management service known as Oracle Access Manager (OAM), which required a multi-million-dollar investment between new hardware, software, and implementation services. Given the astronomical costs, very few customers implemented it.

Fortunately, with the cloud technology revolution, there is an alternative which eliminates the need for OAM entirely. Let me introduce you to the world’s first Dynamic Application Tunneling Appliance: the SPGateway.

SPGateway makes easy work of enabling SSO with Oracle EBS and interfaces with any authentication source, including Windows Desktop SSO, Oracle Identity Cloud Service and Okta, among others.

 

Deploy Multi-Factor Authentication

The three best options for Multi-Factor Authentication (MFA) are:

  • Integrated application provided by Oracle or Okta
  • A biometric system such as BioSig Identity
  • Google Authenticator

It’s very likely you have encountered MFA with your personal bank. At a high level, MFA requires you to enter two or more forms of identity in addition to a username before gaining access to an application or other system. The two additional factors usually consist of a password and a one-time PIN typically generated by an application on your mobile phone or sent via SMS.

If you’ve been following daily news headlines, then you’re aware that data breaches often happen because of compromised passwords. An example of how this was pulled off in the past was when an attacker sent a PDF of a lunch menu to a popular local restaurant; it contained malware that had software to track keystrokes. If these users were required to utilize MFA, the attacker would have been prevented from accessing their accounts as they would be missing a key credential.

The use of MFA is becoming more common and it cannot be overlooked. That’s why ICSynergy has made MFA deployment with EBS simple through using the SPGateway. It works with any MFA solution including Oracle and Okta products, Google’s Authenticator, and all MFA methods that integrate with Windows Active Directory or acts like a SAML Identity Provider.

Enable Secure Remote Access

Most users within an organization interact with EBS to file Expense Reports, log Time Sheets, etc.; many of these users are not behind a company firewall, but are working from home offices or in the field at customer sites.

In the past, the only way to enable secure access for these remote users was to deploy a Virtual Private Network (VPN). VPNs made it possible to have secure remote access to your network and were ground breaking when they first arrived in the market. VPNs were the catalyst for our modern remote/mobile workforces today. Now, while VPNs provide an incredible security advantage for modern businesses, they do have some problems. Namely, requiring expensive dedicated hardware and software, requiring client software and, of course, VPN specific passwords.

More passwords = more Helpdesk calls and more expense, which we’re trying to avoid. In addition, if an attacker compromises a VPN there could be a security disaster. Just imagine a malicious user having complete access to your network, what a nightmare! It should be clear that VPNs pose a serious threat to any organization.

There is a simpler, lower-cost, and more secure way to connect remote workers: Deploy the SPGateway. Its Dynamic Application Tunnel technology allows you to enable secure remote access to your Web applications without requiring additional hardware or complicated client software.

With the SPGateway you can achieve a better security posture by having the only interface exposed to your end-users being that of the Web Applications they’re logging into. It’s simple.

The SPGateway: Additional Features & Notes

Some additional features of the SPGateway include maintaining application/module segmentation and providing security checks like Session Validation and IP Monitoring to reduce the chances of session hijacking.

It is also important to note that the SPGateway is THE ONLY third-party security solution validated by Oracle. The Oracle validation program is how Oracle certifies third-party partner products to work with Oracle applications. To be validated, the partner must demonstrate a market demand, share technical architecture and designs to be vetted by Oracle Product Management, and then the integrated solution must be successfully tested and demonstrated to Oracle. If you’re wondering why this is important, let me explain. If you connect a solution to EBS that has not been validated and make customizations, you will be out of compliance with Oracle Support for EBS.

In addition to its Oracle validation, the SPGateway has been vetted by the broader market having been commercially available for over three years and deployed in dozens of companies, including a number of Fortune 500 companies.

What Can You Do Now?

If you’ve read this far we hope you’ve learned something about the benefits of deploying the ICSynergy SPGateway with Oracle E-Business Suite! However, simply knowing the reasons why to implement isn’t going to give you:

  • Single Sign-On with EBS
  • Multi-factor authentication with EBS
  • Simple and secure remote access to EBS without A VPN

 

Don’t delay while employees waste time and eat up the bottom line calling the Helpdesk. Don’t delay and run major security risks by not having Multi-Factor Authentication. Simple password policies are not enough — they may exist, but do your users follow them? Your users want to do the right thing, but they get busy, slip up and re-use passwords or accidentally share it with a phishing form while ordering take-out from the new place down the road.

Take action now and start the conversation by reaching out to us at info@icsynergy.com. We’ll guide you through the SPGateway use cases and answer all of your questions.

To help you get the ball rolling, here are four action items you can take to prepare to get the most out of your conversation with ICSynergy regarding implementing the SPGateway:

  • Determine what your authentication system is today or what is should be in the future.
  • Determine what version of EBS you’re running.
  • Determine how many EBS environments you have.
  • Find out what operating system EBS is running on.

ICSynergy named One Identity Partner of the Year

In October of 2017, One Identity hosted 100 partners and customers at their annual Unite Conference held in Newport Beach, CA. During the partner portion of the event, ICSynergy was honored with two awards. The first award was for being the One Identity North America Partner of the Year, which is given to the partner who had the largest overall impact on One Identity business. This is the second year in a row that ICSynergy has won this award.

The second award was the One Identity Master award for technical and business achievement. This award was bestowed on ICSynergy’s John Lindsly to recognize his passion and depth of knowledge to solve business issues with a technology foundation.

We are honored and deeply appreciative to One Identity for recognizing us with these awards, and we are looking forward to 2018 being another year of success in our partnership with One Identity.


Do you have IAM questions or problems? Not enough time or resources to create a solution? We’d love to hear from you and start on your custom IAM solution today. There are several different ways to get in touch with us, so pick your favorite and let’s start solving problems today.

ICSynergy SPGateway is officially validated by Oracle for E-Business Suite

SPGateway Oracle Validation

ICSynergy SPGateway has always been the fastest way to enable Single Sign-On (SSO) to Oracle E-Business Suite, but some customers have been reluctant to adopt the solution because they didn’t want to risk their E-Business Suite support contract.

You can eliminate those concerns because the solution is now validated by Oracle.

Oracle Validation badge

Benefits of this integration with E-Business Suite

  1. Customers eliminate the need to have multiple passwords
  2. Customers do not need to deploy complicated on-premises identity management software just to enable SSO to E-Business Suite
  3. Customers improve their security posture by using your Identity as a Service (such as Oracle Identity Cloud or Okta) Multi-Factor Authentication to login to E-Business Suite

Features

  1. One click integration between your Identity as a Service and E-Business Suite (* after E-Business Suite is prepared for SSO)
  2. Rapid deployment. Zero installation of SPGateway as it’s deployed to existing VMWare server farm or any Infrastructure as a Service (such as Amazon Web Services, Oracle Public Cloud, Azure, RackSpace, etc) system
  3. Enable Windows Desktop SSO to E-Business Suite without needing to deploy any additional software beyond SPGateway

You can read more about the solution in the validation datasheet.

And, when you are ready, schedule a time to see a demo.

P.S.
ICSynergy is an expert at configuring E-Business Suite for SSO


Do you have IAM questions or problems? Not enough time or resources to create a solution? We’d love to hear from you and start on your custom IAM solution today. There are several different ways to get in touch with us, so pick your favorite and let’s start solving problems today.

How to use Okta to Single Sign-On (SSO) into PeopleSoft

Support Multiple Identity Providers

If you are looking for a way to use Okta to SSO into PeopleSoft, then you need the ICSynergy SPGateway.

As the video shows, SPGateway makes it easy to allow your employees, partners, and customers who use PeopleSoft to access it in a secure fashion.

More Than SSO – SPGateway Is Tested Against 50 Use Cases

ICSynergy tests the SPGateway against more than 50 use cases, and it supports essential PeopleSoft use cases above and beyond SSO.

For example: enabling switching user accounts. A user may log in with an admin account and then need to switch to a non-admin account. Or, perhaps they are different security rules for Intranet vs Internet users.

Another popular use case is to force a step-up multi-factor authentication based on what URL in PeopleSoft the user is trying to access.

Contact Us Today

If you would like to learn more about SPGateway, please contact us at info@icysynergy.com.

3 Reasons Why Cloud Data Protection is a Better Security Solution

database security solutions

Database security options are not easy to agree on. While some believe that the cloud might not provide adequate security, others feel that cloud data protection is by far the best option for keeping sensitive information away from prying eyes. In fact, in a 2013 survey by Thales and Ponemon Institute, more than 50% of respondents said that their organization handles the transfer of sensitive or confidential data via the cloud.

With big data breaches making the news, many people are wondering whether the cloud is really a safe method of data storage and transference. Although many of the big corporations who recently suffered security breaches use the cloud, those incidents can actually be traced back to other human errors that are unrelated to their cloud usage. So of all the database security solutions available, why is cloud data protection the best option? Here are three reasons why you should consider making the switch to the cloud:

  1. Access is better controlled
    If you handle your data security needs on-site, your system is likely much easier to break into. However, data that’s stored in the cloud is unavailable to employees or others who do not have proper access. You won’t have to worry about one person within the company — or who works with the company — who might be able to get access.
  2. Your system will be monitored regularly
    One of the most common database security issues with other types of options is that the system isn’t regularly updated or monitored. That can leave your business much more vulnerable to breaches. But good DBMS security companies will regularly audit, monitor, and test all of their operations consistently. This means your system is guaranteed to be reliable and up-to-date — plus, your security team will be in a much better position to recognize a potential breach and take immediate action.
  3. You’ll have experts on your side
    Technology is ever-evolving, which means that whoever handles your database security solutions needs to know the latest in the tech security world at all times. For many companies, finding an in-house data security expert can be a real challenge and can take away from other business aspects you need to focus on. When you use the cloud, you’ll not only be using a better quality product, but you’ll also get a team of tech experts on your side. You can concentrate on the parts of your company that really need your attention and leave the database security in our capable hands.

Are you in need of better database security solutions? Consider using cloud data protection. To find out more about the options we offer for data security and how they can help your business and your customers, contact us today.

3 Reasons Why Your Business Needs Better Database Security Options

database security options

In a world where anyone can get hacked, your business needs the best database security options available. Corporate espionage and data breaches are more prevalent than ever, and it’s likely that your business can’t afford to deal with the consequences. In fact, data breaches on the corporate level cost more, too. According to a study by the Ponemon Institute, the average cost of a breach increased by 15% to $3.5 million from 2013 to 2014.

Prevention — in the form of database security solutions — is your best bet for keeping both your business and your clients safe. By using identity and access management (also called an IAM strategy), you’ll be reducing your company’s risk of security threats, as well as cutting costs and providing faster services to your customers. In case you aren’t yet convinced, here are just three reasons why your business should be using better database security tools:

Protection
Your business depends on protecting valuable information. If you currently have database security issues, you probably aren’t providing your clients or your system with the level of protection needed. At this point, clients expect that their personal, financial, and medical information will receive reliable protection from you. If you fail in this endeavor, you’ll not only be dealing with the cost of the breach, but will likely lose a great portion of your customer base. Even small businesses can be targets for security breaches.

When you take a chance with data protection, you’ll likely pay a huge price in the end. Because IAM systems force users to prove their identity and strictly limit user access, both you and your clients will be secure in the knowledge that information can be accessed only by authorized personnel.

Competition
Having better database security options puts you ahead of the competition. When you offer superior security, that’s a selling point for potential customers. We live much of our lives through technology; it’s no longer acceptable to be lacking in database protection. As this information becomes easier to access through malicious means, your company needs to stand out for the right reasons. If you have better data protection, you’ll win out over your rivals who don’t.

Reduced costs
Using an IAM strategy is simply more efficient. The platform manages the access of every user and eliminates the need for additional security measures. The platform automatically syncs with all devices that utilize the system, which means an administrator has to make an update only once for it to take effect across the system. All of this means you’ll be able to save both time and money that used to be dedicated to the maintenance of additional systems and redundant updates.

So if your current database security options are lacking, consider switching to identity access management. To find out more about how an IAM strategy can help your business, contact us today.

Putting PeopleSoft to work with ICSynergy

Whether you are managing human resources, financials, or the supply chain, Oracle PeopleSoft plays a pivotal role in the day-to-day operation of your business. Without PeopleSoft, the corporation cannot hire new employees, process payroll, create and manage purchase orders, or ship products.

Why not take this critical enterprise application one step further and have it manage the identities of your employees? With ICSynergy’s ICBatch solution, PeopleSoft can become the Master Source of Record for Okta, closing the employee lifecycle loop and delivering an integrated access management experience.

ICSynergy is a leading integrator of innovative identity and access management solutions. Combining ICSynergy’s ICBatch with PeopleSoft, ICSynergy can orchestrate human capital changes in HR with the rest of IT through the Okta Identity Management solution. Onboarding a new employee, employee job changes, or employee departures becomes a more efficient and closed loop process, as ICBatch updates application entitlements automatically.

ICSynergy’s ICBatch speaks PeopleSoft. When an employee changes jobs, ICBatch detects their new job role, and their entitlements are updated in Active Directory, Okta, and any other application employees might need to be succesful.

ICBatch and PeopleSoft

With ICBatch and Okta, PeopleSoft plays a vital role in managing the identities of your employees and provides them with an enhanced Single Sign-On experience, secure remote access, and multi-factor authentication.


Do you have IAM questions or problems? Not enough time or resources to create a solution? We’d love to hear from you and start on your custom IAM solution today. There are several different ways to get in touch with us, so pick your favorite and let’s start solving problems today.