Just about anywhere you look these days, there are articles about a company getting hacked or a breach gets reported. As you read through the news story, the author throws around terms and jargon that can get confusing. Let’s go through some of the common terms and how they interact.
First of all, let’s go over some basic security terminology that you may have come across:
Authentication — Strictly speaking, this is one identity proving its identity to another entity. For instance, every time you log into your computer, WorkSpace or website, you authenticate who you are to that computer, etc. Up until recently, authentication was simply done with a name and password. Nowadays, most services require Two Factor Authentication (2FA).
Two Factor Authentication (2FA) — Simply put, it is an additional way to authenticate your identity you are when attempting to log into a website, application or computer. The methods used to verify you include text messages, emails, phone calls or an additional application on your mobile device.
Single Sign-On (SSO) — Single Sign-on is used to describe the method in which one can authenticate, both through user credentials and 2FA once to successfully log into several network resources with just a couple of clicks.
Active Directory — Active Directory is a database of all users, passwords, computers and servers on a domain. Network Authentication is done through the use of Active Directory.
Microsoft Azure — Azure is Microsoft’s Cloud platform. It is very similar to Amazon’s offering in that there are a lot of services, platforms and other offerings available. One key component of Microsoft Azure is Azure Active Directory. This service is hosted on a domain controller on a network. Azure Active Directory is a hosted service that doesn’t require a server.
Federated Identity Management — This allows one to use one set of credentials to log in to many different websites or domains.
Security Assertion Markup Language (SAML) — This is a method of Federated Identity Management to allow one to use one set of credentials to log onto different websites or domains.
These services and methods are used on your network daily to help ensure that your firm’s resources, data and accessibility is secure.
Next, let’s talk about other security concepts and how they are used.
HTTP (Hypertext Transfer Protocol) — When you get a website address, it will have either HTTP or HTTPS at the start. HTTP is used to establish a connection to the server for a website. This communication protocol does not require any authentication to access the information hosted on that server.
HTTPS (Hypertext Transfer Protocol Secure) — Like HTTP, it is a protocol used to connect to a server, however, HTTPS is an encrypted connection for the website. A website using HTTPS is far more secure than using HTTP.
VPN (Virtual Private Network) — A VPN is a secure “tunnel” between your computer and the company’s network when out of the office. This tunnel requires one to authenticate to open the connection between your computer and the office. It provides you the functionality of being in the office while working remotely.
VPN connections are tunnels to access domain resources, whereas HTTP\HTTPS connections are purely for data retrieval or deposit. VPN tunnels are used to linking the office to the cloud or your home computer to the office. They are useful for printing to the office copier or disaster recovery for the office servers. HTTPS sites are used to uploading or downloading files or data. Both are used for connecting to another location but serve different functions.
There is a lot of jargon and nebulous terms are thrown about when describing the security measures we all use every day. It is easy to get lost when trying to discern what it all means. Hopefully, this brief explanation helps clarify and organize some of those terms.
When you have questions about your firm's information security, contact an Innovative Account Executive at 1-800-541-0450 or firstname.lastname@example.org.