enterprisesecuritymag

Bolstering Authentication with Single Sign-On

By Mark Hall, Senior Systems Engineer – IT Security, Interface

Mark Hall, Senior Systems Engineer – IT Security, Interface

As organizations migrate their information operations to the cloud, identity management and access control are becoming more critical. The user identity is the new network edge; segmentation and access control once achieved with firewalls and routers are more often being achieved with an effective identity management and access control strategy. Single sign-on can be a valuable component of an effective identity and access management plan. What is single sign-on? How might single sign-on benefit the organization and its users? And what defines a successful single sign-on implementation?

Single sign-on, often abbreviated SSO, is an authentication mechanism that allows a user to access multiple services or applications using one set of login credentials. A single sign-on system can offer many benefits to the organization. For example, user adoption, reduced risks associated with user profiles, and enhanced controls are some of the more common benefits credited to a single sign-on system.

The most obvious benefit to the user is a reduction in the number of user identification/password combinations that must be remembered. This also benefits an organization’s IT support operations. Since a significant number of support calls are for password resets, reducing the number of passwords and corresponding password-reset calls can have a significant positive impact on the organization’s support operations. As a result, the organization’s user community will be happier too. 

Another benefit of a successful single sign-on implementation is improved security and compliance capabilities. By reducing the number of user identification/password combinations for any given user, the organization can achieve a reduction in risk due to compromised passwords. As users part ways with the organization, access to many organization information resources may be revoked by disabling or deleting a single user profile. A single point of control for system access should produce an improved risk profile by reducing the number of potential unchecked backdoors into the organization’s information systems. 

Organizations choosing to implement a single sign-on solution also may benefit from an opportunity to significantly improve security controls. Because users are managing fewer user profiles, they may be willing to adopt more stringent controls such as passwords with greater complexity, multi-factor authentication, and security applications such as secure file transfer systems. At the end of the day, more stringent security is successful only if these enhanced controls are adopted by the user community. If a user finds a control or system too complicated, it will be circumvented and an opportunity for improved security is lost. Single sign-on may provide a path toward these more stringent controls. For organizations subject to industrial or governmental oversight such as PCI, Sarbanes-Oxley, HIPPA, or C-TPAT, more stringent controls should allow the organization to recognize a quick return on single sign-on investments in the form of more favorable audit findings.

The benefits of single sign-on are enjoyed only if the deployment is successful. As with any other project, a successful single sign-on project will require a well-defined implementation plan. The plan should include clearly defined objectives, the users and applications to participate in a single sign-on system, an efficient, secure architecture with high availability, a reasonable implementation timetable, and adequate training for operations support personnel. 

An important indicator of success for any information systems project, including single sign-on, is user acceptance. To this end, an effective communications and education plan is essential for a successful deployment. Users should understand why a single sign-on system is being implemented, should understand how this new system will change their daily work habits, and should understand how the change will benefit both the user and the organization. 

On par with a good deployment plan is the technical ability to design and implement that plan.  Many organizations will select a technical partner familiar with single sign-on technology and its implementation. Enlisting the services of a technical partner early in the design process can be the key factor in the successful deployment of a single sign-on system. Likewise, a poor technical partner may doom your project before you ever touch a keyboard. The selection of a technical partner should not be rushed. The organization should review references and get the participation of skilled partner personnel commitments in writing. A good technical partner will be well versed in the single sign-on solution selected for implementation. 

A successful single sign-on project will require commitment from the highest levels of the organization. Single sign-on will impact the organization’s culture. Strong leadership will be required to ensure that the entire organization is on board with the project. A single sign-on project will impact business processes, some of which may be essential for the organization. A project champion will aide in keeping the organization focused and moving forward to the goal. As with any other information system project, financial commitments will be made to ensure the project’s success. A project champion will be instrumental in gaining and protecting the financial resources required to see the project to completion. 

Great organizations have clear and executable visions. An organization’s single sign-on system can be the cornerstone of a much larger identity and access management vision. As mentioned earlier, the identity is becoming the new edge of the organization’s network. A clear and executable identity and access management vision will ensure that the single sign-on system grows and evolves to incorporate additional features and services such as multi-factor authentication. These enhancements can offer flexible adaptations that move the organization forward while maintaining a reasonable risk profile. A single sign-on project can be a daunting and rewarding challenge. However, with a solid vision, a good plan, clear and frequent communication, the right people, and good leadership, an organization can successfully implement a single sign-on system.

Weekly Brief

Read Also

A Different View for Effective Cyber Risk Management

A Different View for Effective Cyber Risk Management

Kevin Morrison, Managing Director, Enterprise Information Security and Chief Information Security Officer, Alaska Airlines
Managing a Crisis in 2021

Managing a Crisis in 2021

Robin Hillman, Senior Director, Global Continuity, Crisis Management and Security Awareness,cxLoyalty
Cyber Security and the Importance of this vital and indispensable technology for a CXO

Cyber Security and the Importance of this vital and indispensable...

Elliott Franklin, Director of IT Governance & Security, Loews Hotels
 Market Growth

Market Growth

Ioannis Roussos, Head of Deposits & Investment at Eurobank
Enterprise Agility in the face of rising cyber threats

Enterprise Agility in the face of rising cyber threats

Jonathan Sinclair, Associate Director, Cyber Security, Bristol Myers Squibb
Cloud At The Edge

Cloud At The Edge

Duncan Clubb, Head of Digital Infrastructure Advisory, CBRE