The balance between power and responsibility, the secret of SSO.

SSO … Single Sign-On … Single authentication to connect to all services used in the company and more … What are the advantages, challenges and risks of such technology? And discover the great secret of SSO …

Making access to on-premise and cloud applications easier, single sign-on (SSO) is a true business productivity tool. With this, users only need to log in once to gain access to browsers, portals, and applications made available by IT.

But as Peter Parker’s Uncle Ben said “ involved great power some large responsibilities and the potential power of SSO is actually very good.

Understand the security risks associated with SSO

The main purpose of SSO is to enable access, not to restrict it, which creates many risks.

What are these risks?

One connection and multiple access. For users, it is more convenient. But for the IT team it represents an additional source of risk.

One mistake can be disastrous. It seems to have exaggerated, however, a simple configuration error on the part of a member of the technical team, and a user may have data he or she does not need to have within the framework of his or her missions.

Expanding the security perimeter. Unlike the days when the company was defined by concrete walls, modern infrastructure, especially thanks to SSO, provides possible instant access to the company’s applications, whether they are on the web or in the cloud. .

A risk for side movements. Once an external attacker has initial access to your company, usually through an infected workstation, his or her next goal is to move across the network. These trips require additional login information, so it will try to access other applications and data through this infected terminal. Does anyone remember this to you? This is exactly what SSO allows, facilitating access to the data and applications the user needs for his or her projects. But it also represents many opportunities for attackers.

Does this mean SSO is a bad idea? No. But it is important to know the risks associated with it.

It is entirely logical that, by simplifying user access to many applications around the world, the risk of disasters is increased.

Identify IT responsibilities

To take advantage of the power of SSO, the IT team needs to know and cover all the risks associated with it. In addition to improving user productivity, SSO can be a real tool for IT teams to increase business security.

Given the great power of SSO, what are the responsibilities of IT?

They should generally acknowledge:

Lots of access. When Uncle Ben warned Peter Parker, his message was about self -control and about recognizing the presence of power. It is impossible to do the first without doing the second. It is therefore equivalent to saying that before setting up an effective SSO, one needs to know what it is capable of, i.e .: access consent.

Protect yourself from real dangers. Whether they are individuals or organizations, cybercriminals now have more sophisticated techniques. They document, test, methodically coding vulnerabilities. This means they are as disciplined and efficient as “bad people” as much as security contractors as “good people”. Therefore, the IT team must be in a constant state of alert. An infected entry point can potentially mean data breach, loss of productivity, and even damage to business reputation.

On-premises authentication, a security advantage. You can make access to the cloud easier without finding a new authentication method. For optimal security, keep your Windows server directory in place.

Combine SSO and MFA. SSO typically includes two or more validation factors. While this allows users to access large numbers of applications and data from wherever they want, the IT team should secure single sign-on information whenever possible. It is true that the integration of MFA and SSO will require additional effort from users, but above all it is an important step to ensure that security requirements are balanced with the benefit of productivity.

Open sessions with context in mind. Often SSO is more about productivity than security. To keep security as light as possible, you need to focus on the most important thing: the connection. Two reasons for this: 1) if there is no connection, no access, 2) once the connection has been established, it is too late to cover the risks. Since logging into Windows is often the only protection for a company, it’s important to control it as much as possible. This is an important action for SSO implementation.

Make the state of mind the responsibility

Finally, responsibility is a state of mind. And like most states of mind it can be a change in behavior. The power of SSO requires IT to take a responsible approach to providing the necessary security. In doing so, IT departments harness the power of SSO and make it not only a productivity tool, but also a security tool.
___________________

By Francois AmigorenaFounder and CEO of IS Decisions.


Also read:

> Multi-factor authentication remains very little active in companies …

> Strong authentication, the foundation of the Zero Trust model.

> How do hackers bypass multi-factor authentication (and how to prevent them)?

> Password-free authentication is no longer a fiction!

Leave a Comment