Aujas US

An IDG Ventures Company

Single Sign-On – Choosing Practical over Paranoid Security

Security with single sign-onAs various business processes are automated in enterprises, a complex IT landscape is created. Multiple applications and platforms require different authentication checks before granting user access. Users need to sign on to multiple systems, each involving a different set of credentials. As a result, accessing systems gets increasingly complicated and frustrating for users and hampers their daily tasks.

Implementing a single sign-on (SSO) security functionality can significantly simplify systems access. SSO provides a unified mechanism to manage user authentication and implement business rules determining user access. As only one set of credentials are needed to access multiple systems, SSO improves usability, increases productivity and reduces helpdesk expenses, without compromising system security.

SSO also reduces human error, because the user logs in once and gains access to all systems without being prompted to log in again for each, a major component of systems failure.

Why is SSO relevant?

The need for SSO is accentuated by several issues enterprises face including:

  • Enforcing strong security and password policies at a central level
  • Multiple helpdesks
  • Need for helpdesks to engage in more value-adding tasks rather than be consumed by resetting passwords for users
  • Management of multiple platforms and application models
  • Risk of unsecured, unauthorized administrative and user accounts

SSO types you need to know

Two of the most important types of SSO are:

Enterprise SSO

Enterprise single sign-on (ESSO) systems are designed to minimize the number of times that a user must type their ID and password to sign into multiple applications. The ESSO automatically logs users in, and acts as a password filler where automatic login is not possible. Each desktop/laptop is given a token that handles the authentication.

Web SSO

Single sign-on for web-based applications and few supported proprietary closed source web applications. It is a browser-based mechanism, with single sign-on to applications deployed on web servers (domain).

The main differences between ESSO and Web SSO approaches are given in the table below.

SSO comparison

ESSO can provide tangible benefits to an enterprise through:

  • Enhanced user productivity – users are no longer bogged down by multiple logins and they are not required to remember multiple IDs and passwords
  • Improved developer productivity – developers get a common authentication framework – developers don’t have to worry about authentication at all
  • Simplified IT administration – the administrative burden of managing user accounts is simplified. The degree of simplification depends on the applications since SSO only deals with authentication
  • Reduced password fatigue from different user name and password combinations
  • Reduced IT costs due to fewer help desk calls about passwords
  • Improved security through reduced need for a user to handle and remember multiple sets of authentication information
  • Reduced time spent re-entering passwords for the same identity.
  • Integration with conventional authentication such as Windows username/password.
  • Centralized reporting for compliance adherence like ISO 27001, etc.

Clearly, SSO functionality is a practical approach to security management in an enterprise. Its detractors highlight that once a password is breached through SSO, then other systems become highly vulnerable. However, while weighing the pros and cons of the SSO approach, its benefits in the form of lesser maintenance and increased usability far outweigh the disadvantages. It can even ensure a better protection of the single password, with stronger policies in place, which may not be practically possible if there were multiple passwords to remember. SSO can be a suitable choice for most enterprises which are struggling with the burden of managing multiple accesses.

Advertisements

December 7, 2010 - Posted by | identity and access management, IT security, Physical Security controls | , , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: