enterprisesecuritymag

Bolstering Authentication with Single Sign-On

By Mark Hall, Senior Systems Engineer – IT Security, Interface

Mark Hall, Senior Systems Engineer – IT Security, Interface

As organizations migrate their information operations to the cloud, identity management and access control are becoming more critical. The user identity is the new network edge; segmentation and access control once achieved with firewalls and routers are more often being achieved with an effective identity management and access control strategy. Single sign-on can be a valuable component of an effective identity and access management plan. What is single sign-on? How might single sign-on benefit the organization and its users? And what defines a successful single sign-on implementation?

Single sign-on, often abbreviated SSO, is an authentication mechanism that allows a user to access multiple services or applications using one set of login credentials. A single sign-on system can offer many benefits to the organization. For example, user adoption, reduced risks associated with user profiles, and enhanced controls are some of the more common benefits credited to a single sign-on system.

The most obvious benefit to the user is a reduction in the number of user identification/password combinations that must be remembered. This also benefits an organization’s IT support operations. Since a significant number of support calls are for password resets, reducing the number of passwords and corresponding password-reset calls can have a significant positive impact on the organization’s support operations. As a result, the organization’s user community will be happier too. 

Another benefit of a successful single sign-on implementation is improved security and compliance capabilities. By reducing the number of user identification/password combinations for any given user, the organization can achieve a reduction in risk due to compromised passwords. As users part ways with the organization, access to many organization information resources may be revoked by disabling or deleting a single user profile. A single point of control for system access should produce an improved risk profile by reducing the number of potential unchecked backdoors into the organization’s information systems. 

Organizations choosing to implement a single sign-on solution also may benefit from an opportunity to significantly improve security controls. Because users are managing fewer user profiles, they may be willing to adopt more stringent controls such as passwords with greater complexity, multi-factor authentication, and security applications such as secure file transfer systems. At the end of the day, more stringent security is successful only if these enhanced controls are adopted by the user community. If a user finds a control or system too complicated, it will be circumvented and an opportunity for improved security is lost. Single sign-on may provide a path toward these more stringent controls. For organizations subject to industrial or governmental oversight such as PCI, Sarbanes-Oxley, HIPPA, or C-TPAT, more stringent controls should allow the organization to recognize a quick return on single sign-on investments in the form of more favorable audit findings.

The benefits of single sign-on are enjoyed only if the deployment is successful. As with any other project, a successful single sign-on project will require a well-defined implementation plan. The plan should include clearly defined objectives, the users and applications to participate in a single sign-on system, an efficient, secure architecture with high availability, a reasonable implementation timetable, and adequate training for operations support personnel. 

An important indicator of success for any information systems project, including single sign-on, is user acceptance. To this end, an effective communications and education plan is essential for a successful deployment. Users should understand why a single sign-on system is being implemented, should understand how this new system will change their daily work habits, and should understand how the change will benefit both the user and the organization. 

On par with a good deployment plan is the technical ability to design and implement that plan.  Many organizations will select a technical partner familiar with single sign-on technology and its implementation. Enlisting the services of a technical partner early in the design process can be the key factor in the successful deployment of a single sign-on system. Likewise, a poor technical partner may doom your project before you ever touch a keyboard. The selection of a technical partner should not be rushed. The organization should review references and get the participation of skilled partner personnel commitments in writing. A good technical partner will be well versed in the single sign-on solution selected for implementation. 

A successful single sign-on project will require commitment from the highest levels of the organization. Single sign-on will impact the organization’s culture. Strong leadership will be required to ensure that the entire organization is on board with the project. A single sign-on project will impact business processes, some of which may be essential for the organization. A project champion will aide in keeping the organization focused and moving forward to the goal. As with any other information system project, financial commitments will be made to ensure the project’s success. A project champion will be instrumental in gaining and protecting the financial resources required to see the project to completion. 

Great organizations have clear and executable visions. An organization’s single sign-on system can be the cornerstone of a much larger identity and access management vision. As mentioned earlier, the identity is becoming the new edge of the organization’s network. A clear and executable identity and access management vision will ensure that the single sign-on system grows and evolves to incorporate additional features and services such as multi-factor authentication. These enhancements can offer flexible adaptations that move the organization forward while maintaining a reasonable risk profile. A single sign-on project can be a daunting and rewarding challenge. However, with a solid vision, a good plan, clear and frequent communication, the right people, and good leadership, an organization can successfully implement a single sign-on system.

Weekly Brief

Read Also

How to use Security Assessments to Enhance your Security Program

How to use Security Assessments to Enhance your Security Program

Felipe E. Medina, VP of Information Security Architecture and Operations, BankUnited
What's the root cause of the cycle of fear uncertainty sales?

What's the root cause of the cycle of fear uncertainty sales?

Joshua Brown, Director of Security Solutions at H&R Block
Security Vendors: Leveraging Partnerships and Reducing Risk

Security Vendors: Leveraging Partnerships and Reducing Risk

Michael A. Clancy, Chief Security Officer, Enterprise Resiliency & Security, Fannie Mae
Cyber Resilience Begins with Effective Cybersecurity

Cyber Resilience Begins with Effective Cybersecurity

Shannon Lawson, CISO, City of Phoenix
Top Skills Needed for Security Guards

Top Skills Needed for Security Guards

Titan Samuel Jonas, Head of Global Sales, Titan Security Europe
Cybersecurity 2.0 - 4D (Digital Defense, Detection & Deception)

Cybersecurity 2.0 - 4D (Digital Defense, Detection & Deception)

Umesh Yerram, Vice President, Chief Data Protection Officer, AmerisourceBergen