Nine times out of ten, when you improve cyber security, things get more difficult for users. It won’t be long before users will need to use a 67-character password with letters, numbers and gang signs. Oh, and they will have to change it at every login.
Luckily, there is one thing you can do to make users actually enjoy a cyber security improvement. You just need to implement single sign-on, or SSO. Instead of your users being required to enter a password for every application they access, they will only have to enter one password, and then they will receive a virtual ticket that allows them to access all other applications that they are permitted to access... without having to complete any more login forms.
The first time you experience SSO, it feels like magic. In fact, it feels so easy, you’ll think it just HAS to be insecure. But implemented properly, SSO is more secure than having individual logins.
So how can SSO be more secure? The secret is to make sure you choose an SSO solution that has conditional access. That way you can put very specific controls around user logins. For instance, in the office you can forego multi-factor authentication, but outside of the office you can require it, and outside of the country you could even lock-down login to certain pre-approved devices. Also make sure your SSO provider has login monitoring and auditing. That way you can monitor for unusual activity, like impossible travel where an account is used in one location, and then minutes later logs in on the other side of the country.
Once you have all of those great login controls in place, they will all apply across all of the apps you use with SSO. That lessens misconfigurations, and also allows you to use more sophisticated security controls that many times aren’t available with most SaaS applications.
Want to know more? Here are the basics:
Defining Single Sign-On
Single sign-on allows a website or application to “trust” users who have been verified by another system. Using a single sign-on authentication process allows you to use just one set of log-in credentials to access multiple applications. SSO is most commonly used in large enterprise businesses so that employees can work across multiple resources without having to enter and re-enter usernames and passwords.
It’s found outside the corporate world, too. For example, you may have noticed some social media applications allow you to open your account through Facebook. In essence, your Facebook account is acting like a ticket to get you into another platform.
Is single sign-on right for your team? Some of the benefits include:
- Decreased security risk, because user passwords are not stored or managed outside a third-party site
- Not having to generate unique username or password combinations
- Allowing users to bypass the steps required to enter and re-enter passwords, which can improve productivity and decrease errors from passwords entered incorrectly
- Fewer calls to the IT department for help in recovering passwords
- The ability to easily delete SSO credentials when an employee leaves a company
While there are many advantages to SSO, the risks need to be addressed, as well. Having one set of login credentials can be a security issue: Hacking into the system could allow entry into a range of other applications. Therefore, with SSO, it’s critical that passwords be robust and well-managed.
Any interruption of service by the SSO system could mean downtime for everyone using it to work on multiple applications. It’s imperative to choose an exceptionally reliable SSO system. Your company should also formulate a back-up plan for dealing with outages.
Your SSO provider could be hacked, leaving your company vulnerable. Using cyber security scores is a good way to vet SSO providers and feel assured they can provide service without exposing your company’s valuable data.
Given these drawbacks, we still believe that SSO improves the overall security of enterprises. If you’re considering an SSO system, contact us to discuss your options.