In the world we live in today, technology dictates and is at the heart of many of our daily activities. With the Internet backing many of the technologies that we know and rely on today, including access to email, shared storage, and other public cloud resources, security and cloud Identity Management are becoming more and more of a concern to everyone, from individuals to large enterprise organizations. More and more, confirmation of our identity is a precious possession that most of us hold dear. Having our identity fall into the wrong hands can wreak havoc on the livelihood of individuals, or even organizations.
In this day and age, we have passwords for everything, including all our sensitive data: email, banking, or any number of online resources that we may access. However, the traditional username and password mechanism is quickly becoming obsolete and even dangerous as a mechanism to rely on for identity verification. Let’s take a look at a new solution from Spinbackup, that verifies identity based on Single Sign On (SSO) and Blockchain technology.
Table of Contents
What is Blockchain Technology?
You may or may not have heard of blockchain technology. Blockchain technology provides exciting enhancements to current technology methodologies, and takes security and, in particular, identity security to the next level. The technology was developed in conjunction with the digital currency revolution of the past few years, as that is the underlying technology that makes digital currency such as Bitcoin possible. The whole concept of Blockchain technology revolves around the idea of a distributed database where the data is continuously replicated and reconciled between the compute nodes housing the database. Since the information is not stored in a single location, it is considered to be a “decentralized” model of storing data. Due to the decentralized manner in which data is stored, there is no centralized version of data to be stolen or corrupted by malicious users or hackers. The blockchain network functions in a user to user basis, where all participating nodes collaborate to validate the blockchain.
The “blocks” in blockchain are blocks of data that are stored by multiple entities and are completely public to users. Since blockchain technology is built on nodes residing on the backbone of the Internet itself, this also allows for a highly available system that has redundancy and resiliency built-in. By definition, the system is scalable, highly available, and resilient due to its underlying Internet constructs. Blockchain data requires massive amounts of computing power to create the blockchain database. Anyone who would even attempt to steal, change, or corrupt parts of the blockchain would find it infeasible and very much impossible to do so.
What is Blockchain Single Sign On?
Blockchain Single Sign On is a security bridge between a cloud user and a cloud service provider. As mentioned, the traditional username and password mechanism for security is legacy technology that has become less practical and effective in securing logins and data.
There are many reasons behind this:
- Hackers are becoming more sophisticated in their ability and means of stealing user credentials.
- New malware and phishing schemes are proving more effective in compromising user credentials along with zero-day attacks that many organizations and their security defenses are simply not prepared for.
- Due to the cumbersome nature of two-factor authentication, many end users and organizations are not utilizing it even when it is available.
- Additionally, user credentials often utilize very weak passwords.
For several years now, larger organizations have been deploying Single Sign On systems where users are able to access multiple systems with a single set of credentials that are based on X.509 standard-based certificate. Certificate based user identification is much more secure than a simple username and password mechanism, however, it proves to be very challenging to implement especially for smaller organizations.
Additionally, there are aspects of simple certificate authentication that presents security issues in themselves. Certificates themselves contain user specific information such as the user/organization name, login, email, etc. The validation process of certificates involves the use of a root certificate authority, or CA. This primary certificate authority server is the principle mean for identifying the legitimacy of a certificate. Attackers often attempt to forge a root certificate, which allows the forging of user certificates as well. An alarming number of new forged CA attacks are becoming more prevalent.
Blockchain Identity Management to Re-architect the Future
Blockchain Identity Management is a technology combines the best of both certificate authentication and blockchain authentication together in a very forward thinking and extremely innovative way. Spinbackup recently announced Blockchain Single Sign On, that acts as a bridge between the public cloud services provided by the likes of Google G Suite and Microsoft Office 365 and the Blockchain community. By incorporating the exciting security features found in the existing blockchain network and the proven certificate method of authentication, Spinbackup will introduce a world class mechanism for organizations to secure their public cloud services and data.
The concepts behind the Spinbackup blockchain SSO platform include:
- The public cloud vendor provides the permission and API to access public cloud resources.
- The checksum of the end user certificate for gaining access is stored in the blockchain network.
- This makes it impossible for an attacker to forge the certificate for gaining access to public cloud resources.
- Spinbackup CASB’s blockchain SSO is the bridge between the permission from the public cloud vendor and the blockchain network that ties the two together to validate access.
By combining these two technologies, Spinbackup has developed a new way of thinking when it comes to authentication, and a new level of confidence that end users accessing organization data ARE who they say they are.
Process to Enable Spinbackup Blockchain Single Sign On
Below, we walk through the process to enable Spinbackup Blockchain Single Sign On. Spinbackup has made the process to enable this “super security” mechanism on public cloud Software-as-a-Service offerings extremely simple. We do this by taking the heavy lifting out of the process to utilize certificate based authentication for public cloud SaaS offerings such as Google’s G Suite, and making it ironclad. Spinbackup does this by enabling blockchain certificate based authentication in just a few steps.
|Step 1||The G Suite administrator allows permission for Spinbackup to access the G Suite account. This allows Spinbackup to integrate with the organization’s G Suite services and have the ability to interact with the APIs in an organization’s G Suite account.|
|Step 2||Spinbackup performs the heavy lifting of issuing an X.509 certificate with user profile data for Google G Suite. This means organizations do not have to provision their own PKI infrastructure to provision certificates, etc.|
|Step 3||The blockchain magic is performed by Spinbackup in that the checksum of the generated certificate is calculated and is written to the blockchain network.|
|Step 4||Any user specific data used to generate the user certificate is deleted from Spinbackup – This means, as related to the certificate, there is no user specific information residing on Spinbackup servers.|
|Step 5||Within seconds, the secure certificates are available for download. The certificate is then downloaded by the user.|
|Step 6||After the certificate is downloaded and installed in the browser or device, there are no passwords needed for logging in to access your public cloud services.|
As shown above, the process is quick, painless, and secure. Instead of provisioning all the working pieces for PKI, organizations can leverage the powerful bridge that Spinbackup provides between certificate based authentication with public cloud vendors and the decentralized blockchain network.
We have only scratched the surface of what blockchain technology can do. Vendors and organizations are starting to look at how they can incorporate this technology into product offerings and leverage it for new features and functionality. Spinbackup is going to create something really amazing in the realm of security, by leveraging the decentralized blockchain network to store certificate checksums. This makes it really impossible for someone to tamper with or to forge certificates in such a way that identity is compromised. Spinbackup’s technology is innovative, forward thinking, and groundbreaking. The blockchain network security use case is an exceptional example of how the power of distributed computing and the decentralized nature of blockchain nodes combined with innovative companies like Spinbackup are able to solve very complex problems.