Identity and Access Management

Challenges

Due to increasing regulatory requirements and the public discussions about data security, organizations are increasingly forced to deal with the issue of the integrated control of “digital identities” (Identity Management). Relevant in this context are both the access authorization of individuals to systems and also the transparency of processes within the framework of the user lifecycle.

The crucial point is to avoid security risks and to implement possibilities of evaluation. The process of issuing individual access rights must be organized more effectively, efficiently and transparently. Special role mining tools are used to support this task. The implementation of this is one of the core disciplines and requires experienced employees in the field of Role Base Access Controls (RBAC).

 

Solution

Through the use of Identity Management Systems it is possible to automate processes associated with the user life cycle. There are workflows that support the allocation, change and cancellation of authorizations. Configurable reports facilitate various different evaluation possibilities.

Furthermore, these systems provide facilities for role mining and role management that meet the above-mentioned requirements.

 

Our support

Díaz & Hilterscheid supports you in all phases – from initial consultation and preliminary phase for drafting of a project plan to a detailed analysis of the current state and conception phase to system selection, implementation and consultancy for after-sales support and maintenance. This way a long lasting suitable solution can be found for you, which can be successfully implemented.

In this context, we attach great importance to manufacturer neutrality and independence. We provide you with employees that have already successfully implemented IDM projects.

 

Application Security

Challenges

Security and confidentiality of all data and applications are of key importance in a networked world. To guarantee this, security measures in the infrastructure and at operating system level are being continually improved, whereby these endeavours are not sufficient because cyber criminals focus on the application level.

An increasing number of applications are being made available via public networks, and the access to these networks is made possible not only for employees and business partners, but also for attackers, who increasingly pursue specific objectives and have the corresponding resources at their disposal to plan and execute their attacks.

 

Solution

To make applications more resistant against attacks and to thereby improve the confidentiality of all data, the security requirements must be taken into consideration from the very start of development.

A tool for the protection of applications is the Application Security Assessment which examines all the application’s facets from the perspective of an attacker. The analysis ranges from the requirement documents to the architecture and implementation to the operating environment and user behavior. Measures are derived from the analysis results so that potential threats can be handled. By considering all aspects of the software it is possible to minimize the potential target area for attacks, which also increases the protection against internal threats. The Application Security Assessment accompanies the entire lifecycle of an application without dependency on executable software.

Another tool for improving the security of applications is for example penetration testing, for which executable software is required.

 

Our support

The experts from Díaz & Hilterscheid support you in all phases of the software lifecycle with security activities, starting from the identification of your security requirements, to Application Security Assessments and penetration testing, to the implementation of measures to reduce potential target areas.