According to a McAfee survey, the average enterprise organization now uses more than 1,900 different cloud services, while the average enterprise employee uses 36 different SaaS apps. In addition, more employees are using multiple devices and logging in from different locations and networks. And with so many enterprise employees now working remotely due to the COVID-19 pandemic, this trend has only accelerated. With these ever-increasing numbers of access points, users and devices, perimeter-based security has become obsolete. As a result, many enterprises are turning to a zero trust model to secure their networks.
A zero trust security model assumes that since an organization cannot control every IP address and every device that accesses its network, it therefore cannot trust users within the network perimeter. Instead of being perimeter-focused, zero trust is focused on securing every access point within a network. It requires authenticating the identity and device of the user before allowing access to a given application, regardless of where that user is. Zero trust also requires consistent, ongoing authentication and authorization checks to maintain security.
While zero trust adds a much-needed layer of security, such a deep level of granularity around user, device, system and data adds complexity for security teams who manage policies, administrators who provision and de-provision users, and employees who have to remember multiple passwords. Fortunately, Atlassian has a great tool, Atlassian Access, that simplifies this complexity and strengthens security while streamlining user management. At Isos Technology, not only do we use Atlassian Access ourselves, but we also recommend it to many of our clients.
If your organization is looking for a better way to secure, manage and track identity and access across its entire body of systems, here are eight things you should know about Atlassian Access.
Access Supports SAML Single Sign-On for Streamlined Authentication
SAML single sign-on (SSO) requires a user to connect to a service that verifies that person's identity, then passes that authentication on to other service providers. This means users can access multiple tools with the same set of credentials, while using a more secure method of authentication than just a username and password. Access integrates with your company’s existing identity provider to provide a simple, seamless authentication process for employees to use tools within Atlassian Cloud. And if your organization doesn't have an identity provider, you can set one up directly through Access.
For administrators, Access SAML SSO simplifies the enforcement of identity-related security controls, especially across large numbers of users. For users, Access SAML SSO simplifies the login process and reduces the number of usernames and passwords each person has to remember.
Access Simplifies Enforced Two-Step Verification for Enhanced Security
Enforced two-step verification is a security policy that requires users in an organization to turn on two-step verification (often a password and code sent to a device via email or SMS) before they can access the organization’s systems and data. Two-step verification is an important security measure. Even if a user’s password is compromised, there is a second authentication measure in place to prevent a bad actor from accessing the account.
Access makes it straightforward for administrators to enforce two-step verification, which essentially means that they can require all or groups of users to set up this process in order to access their accounts. When Access enforced two-step verification is applied, existing users are logged out of their accounts. They are then prompted to set up a secondary verification method before logging in again. New users simply have to have this up before accessing their accounts for the first time.
Access Enables Flexible Authentication Policies for Specific User Groups
Authentication policies govern the process that users must go through in order to verify their identity and log in to a system or account. These policies include things that we’ve already covered here like SAML SSO and enforced two-step verification, as well as password policies (length, composition of letters, numbers and special characters, etc.) and session duration. Access provides administrators with the flexibility to implement different authentication settings for different subsets of users. Administrators can also test functionality, such as the SAML configuration for SSO, on an even smaller subset of users before rolling it out to the full user group or organization.
Access Streamlines User Provisioning and Deprovisioning
With Access user provisioning and deprovisioning, access to Atlassian Cloud products is managed by rules set up in your external directory, so user onboarding and offboarding happens automatically whenever a user is added or removed from your external directory. Access user provisioning works by integrating Atlassian Cloud products with your user directory. When you make updates in your identity provider, it automatically syncs them with users in your Atlassian organization. This type of automated user provisioning minimizes the manual work needed to provide new employees access to applications or move existing employees to a new team that uses a different set of applications. Similarly, automated deprovisioning, which is powered by that same integration with your user directory, reduces security risks by eliminating access when employees leave the company. Automated deprovisioning also helps with cost control because user accounts are automatically removed when individuals leave the company or group.
Access Integrates with CASB Tools for Advanced Security Monitoring
Cloud Access Security Brokers (CASB) are third-party tools that integrate with other cloud tools (like Atlassian Cloud). CASB software tracks and analyzes information sent and received by the cloud product that it is integrated with, so security teams can identify and monitor unusual or suspicious activity.
Access Provides API Token Controls for More Secure Integrations
API tokens allow a user to authenticate with cloud apps and bypass two-step verification and SSO so that they can access a system and retrieve data from it. They are often used in integrations between two systems so that one system can access information or data from the other. For security reasons, it’s important for administrators to have visibility into bot accounts and integrations that use API tokens. With Access API token controls, they can do just that. Using the token controls in Access, administrators can view, and if necessary, revoke the use of API tokens by accounts that they manage.
Access Has a Built-In Organization Audit Log
The Access organization audit log is a comprehensive log showing who was given access to Atlassian tools, which tools they were given access to, and when that access was granted. Administrators find this helpful for a number of reasons, including monitoring activity for compliance and audit purposes, troubleshooting problems, providing access to tools so people can collaborate, and even getting a detailed record of unusual or suspicious activity in the event of data loss.
Access Has Built-In Organization Insights
Access organization insights is a feature that shows analytics related to the adoption of Atlassian tools and security policies. With organization insights, administrators can see the daily and monthly active users of Atlassian Cloud tools, review current license usage to help them understand their Atlassian spend, and see how many managed users are using two-step verification or SSO.