Self-managing dynamic security
Group Self-Service, Delegated Admin, and Dynamic Membership
The Hyker Security model is user and group-centric. Instead of central IT, users or endpoints are responsible for managing group memberships and access to encryption keys. Individual endpoint own their own (asymmetric) encryption keys that they use when they communicate (symmetrical) group data keys. Keys and sharing rights management can also be delegated to a manager, some central node or gateway, or decided upon a group consensus scheme, all decided by the application they are part of.
This provides a much more accurate group membership, without the need for a central administration trying to keep up with the dynamics and rapidly changing business needs of the organizations. Users can come and go, having their access granted by individual group members, group managers, whitelists in group management nodes or consensus and endnote “voting”. And, when granted access the new endpoint also get access to the full history and all data shared in this group, without having ever stored it in clear text or having to re-encrypt it.
The central management still has a lot to say about the security of their application, even though that they have delegated dynamic management and trust far out in the system. This is done through whitelists telling what users are allowed to be invited to a group that can be broadcasted out in the application to the endpoints.
Traditional Delegated Administration
When you distribute administration through a static security model, you define unique rules that include specific objects, delegate specific powers, and assign specific access rights to manage these objects. A static model can be appropriate for situations in which the scope is unlikely to change. However, this approach has limitations. It can prevent your security model from automatically responding to change, and it can require more maintenance.
Digitalization and the rapid adoption of cloud applications have changed the IT landscape dramatically, where change is the new norm. This creates an immense group management challenge for IT security departments because each system becomes its own security island with its own set of users and groups to manage. Also, many applications are expected to operate outside the organizational boundaries, sharing information between business partners, customers, and ad-hoc users.
IT departments are overloaded, making ad-hoc team management a very slow process. Take the example of setting up a project team with external partners. Who manages security? Who configures the systems? Usually IT, when the project manager probably has the best insight into who should be invited and who should have access to what information.
It is impossible for central IT staff to keep up with the change requirements of the systems, and when they become a hindrance for business and operations, employees will solve their problems with external tools that are out of control of IT, like email or Dropbox, or so-called “Shadow IT”. Most often with a lower level of security than needed.
Dynamic Group Management
Automating the bulk of your group management tasks is the key to lowering management costs and keeping wait times low. The Hyker decentralized security model is like an auto-pilot for the security most applications and organizations need. It automatically creates, and manages security group membership and retires groups based on end-user needs. This means that you trust the end-user to be responsible for their own tasks, but with a supervising control if needed that clearly states who the endpoint is allowed to share information with.
There are clear benefits to dynamic self-managing groups;
Without needing to be involved in the day-to-day management of these tasks, your IT department can focus on strategic IT initiatives while knowing that the application is secure.
It reduces security gaps by covering the broadest range of attack surfaces, ranging from users to endpoints, networks, cloud providers, and resources.
It enables organizations to increase business agility through the secure adoption of cloud and mobile solutions, and it creates satisfied, productive users by ensuring the proper controls are in place to address appropriate levels of risk without “being in their way”.