Single sign-on delivers both convenience and security
SSO manages 100s of username and password combos in one secure login process
06 September, 2016
category: Corporate, Digital ID, Financial
Trying to keep track of 100 different usernames and passwords can be like trying to store 100 keys on a single key ring.
To simplify this process, enterprises are increasingly deploying an authentication system known as single sign-on to grant users access to multiple applications using just one set of login credentials. SSO enables users to access applications both on-premise and in the cloud.
“Research shows the weakest point in the enterprise right now is users and their credentials, specifically compromised credentials. It’s the number one vector of attacks for cyber attacks,” says Corey Williams, senior director of products and marketing for Centrify, an identity management firm that offers single sign-on as a service.
Knowing employees, authenticating users and provisioning access across networks and in the cloud |
SSO enables enterprises to provide just the resources or applications that a specific user should have access to, based on that user’s roles and responsibilities, explains Teresa Law, senior product marketing manager for cyber security firm Symantec.
“When done properly, a single sign-on solution enables enterprises to easily provide a consistent level of authentication across many resources and applications,” Law says.
Convenience and security are the two primary advantages of single sign-on. The fact that SSO is both more secure and more convenient is unusual in the security world, says Pam Dingle, principal technical architect for Ping Identity, a provider of single sign-on and identity management services.
“Usually in security, if you’re going to add more, it means you’re making your user’s life harder,” she says “But in this case, we can make the user’s life easier and also increase security.”
From a security angle, single sign-on works much like a passport. When a traveler hands over a passport to a border control guard, the traveler’s country is essentially vouching for that person – ensuring he or she is a valid, current citizen. The same thing happens when a company sets up a single sign-on system. A user can start off in any application, but the system redirects that person back to their home organization for authentication.
Consolidating 100 logins into one
Single sign-on authentication came about to address a pain point that many companies were experiencing: their users needed to sign into numerous applications separately, each with a different username and password.
“All of these little pools of passwords didn’t seem like such a bad thing when we were thinking about one app or two apps. But when there were 1,000 apps, it became a management disaster trying to understand who had what accounts in what applications using what passports,” Dingle says.
This issue came to a head with the emergence of the cloud. Until then, security wasn’t as much of a problem because employee login information was kept inside the organization’s network perimeter. In the early days, if a company fired an employee and took away that person’s building key, it didn’t matter if the person still had active accounts. Later, revoking network access served a similar function as all applications were managed within corporate network walls.
As the cloud became more prevalent, however, applications started moving outside the control of company IT departments. “You still had to access 100 applications and you still had to type in 100 passwords, but now you were typing them into websites on the open Internet,” Dingle explains. As a result, disabling a user became much more complicated than simply taking away a building key.
“Having the control to understand which users are using which applications under what circumstances is a very big deal, especially for companies that have compliance and regulatory requirements,” Dingle says.
Individuals and enterprises alike are becoming more familiar with SSO, with giants such as Google and Microsoft using single sign-on to enable user access to all of their products. In the past year, Google has been making a bigger play to gain ground in the SSO space.
Google’s SSO tool allows users to leverage their Google Apps credential to sign in to enterprise cloud applications via single sign-on. Google wants business users and other administrators to use Google as an identity provider to access other online services. In March, Google extended its single sign-on support to include Microsoft Office 365, Facebook at Work, Slack and several other products.