Table of Contents
Robust backup and recovery plan is the backbone for IT operations and customer data and the best way to recover from malware and ransomware attacks. However, hackers do target on security vulnerabilities of backups and once the backup is compromised hackers can enter your network, obtain easy access to all data, and infect one reliable solution available for recovery from disaster. So, the question is what can be used to secure backups and what backup authentication software such as SAML (OKTA) and MFA/2FA work to ensure security of data backups.
Today we look more in detail about why it is important to secure backups, how SAML (OKTA) and MFA/2FA help in securing backups, its features and how it works.
Why do we need to secure backups?
Security of backup relies on authentication mechanisms being deployed to access them. If backups are not properly secured then they can be tempered and accessed by unauthorized personnel. Examples of data breaches due to backup compromise could include:
- Hacker gains access to backup server and makes copies of all data
- An internal personnel access backup server and copies or deletes data
- A virus or malware infects backup server and destroys data
To protect data from potential threats it is important to secure it using reliable authentication methods such as SAML (OKTA) with MFA/2FA.
Secure Backup Authentication with SAML (OKTA) and MFA/2FA
Leading cause of data breaches is theft of credentials and risk is multi-fold when employees are logged in with different sets of credentials across multiple applications. SAML (Security Assertion Markup Language) is used to mitigate risk with secure single Sign-On(SSO). It is an open standard framework which allows service providers for communication of authorized credentials from identity providers (IdPs) to various applications. SAML allows secure interaction between applications and enables access to applications with a single credential set.
Ways to Protect Backups from Breaches
SAML providers several ways to protect backups from breaches as under:
- Backup credentials secure transmission – SAML binds with user identity to security token issued by an identified provider which transmits user personal information to service providers. This ensures that only direct credentials are sent and reduces risk of phishing or identity theft. This helps to prevent unauthorized access to backup data and reduce risk of data breaches
- Credential theft mitigation – Single sign-on or one single credential across applications which employees need to remember so as to reduce risk of credentials theft due to multiple weak passwords and insecurely stored credentials.
- Simplified user management – Administrators need not to manage employee access rights across applications with SAML each user is managed via a single directory
- Reduction in costs – reduction in number of credentials, ticket submission for password reset come down drastically and it saves development costs usually associated with proprietary methods of credential management.
How does SAML (OKTA) work?
- When a user logs in an application using SAML the IdP will send an SAML assertion to the browser which is sent to the Service provider.
- The IdP usually will vary the user before issuance of SAML assertion (using multi factor authentication (MFA) or 2 factor authentication (2FA)).
- The SAML assertion is an XML file with three types of statements: Authentication, Authorization, and Attribution.
- The initial statement contains when and how the subject will be authenticated; second parameter tells service provider level of authorization user has across multiple resources and third parameter tells details of users such as group member ships or role in hierarchy.
- SAML goes beyond authentication and provides authorization to users for different privileges and hence provides protection to applications.
- With SAML, service providers only store public keys which are of no use without private keys held with IdP.
- The responsibility of storing sensitive information and credentials lies with IdP. So even if a service provider is hacked or there is an internal breach still the hacker will gain only names and not the passwords.
- Similarly, when an employee leaves organization and his account is disabled, user can no longer access their systems because they will not be able to create SAML assertion for proving their identity.