By François Amigorena, IS Decisions
Single sign-on (SSO) is a powerful productivity tool. By making it easier for users to access line-of-business applications, it streamlines and simplifies the user experience. With SSO, users log on once, open a web browser or portal application, and get access to any and every application that IT has provisioned for them.
But as Peter Parker’s Uncle Ben taught us “with great power comes great responsibility,” and SSO’s potential power is great indeed.
Acknowledge The Security Risks Of SSO
The driving force behind SSO is providing access (not restricting it), so it makes sense that it comes along with risks (as do all forms of access). What security risks are inherent to SSO?
- One login allows a lot of access. It’s a dream for the user. But any IT team will get anxious just thinking about the additional risks.
- One mistake can cause disaster. It sounds dramatic (and it is): just one provisioning mistake from the IT team could grant a user access to data that lies far beyond the scope of their role.
- It enlarges the security perimeter. The corporate network is no longer defined by endpoints in cubicles and the four walls of the office. A modern IT infrastructure, and especially SSO, allows both on-site and remote users to instantly access an organization’s web or cloud-based data and applications.
- It brings vulnerability to lateral movement. As soon as external attackers gain access to the organization (through an endpoint infected with malware, for example), their next step is often to move laterally within your organization. In general, they’ll need additional credentials for any lateral movement. And once they have them, they’ll attempt to access data and apps beyond the initial endpoint. Sounds familiar? Well, that could almost describe what SSO does. While SSO only allows access to the data and applications a user requires for their role (as long as IT’s implementation was error-free!), it opens an opportunity for the attacker.
Does all this mean that SSO is a bad idea? Of course not. But it’s important to acknowledge that there’s an inherent risk to using it.
After all, when you simplify access to many applications for users across the globe, on any device, there’s an inevitable potential for catastrophe (remember, great power...).
Recognize IT’s Responsibilities
Only after the IT team acknowledges the risks of implementing SSO can the organization benefit from SSO’s true potential and power. Not only is SSO a boost to user productivity, but it’s also useful to IT teams as a tool to improve the organization’s security.
So, what exactly are IT’s responsibilities?
IT’s responsibility is to recognize:
- SSO allows a lot of access. When Uncle Ben warns Peter Parker, his message is about self-control as much as acknowledging the power’s existence. It’s impossible to do the former without also doing the latter. Along the same lines, a prerequisite to the responsible use of SSO mandates first acknowledging what SSO is capable of: namely, opening up access.
- There’s a pressing need to guard against real dangers. Today’s cybercriminals, whether individuals or organizations are increasingly sophisticated. They methodically investigate, document, code, and test against vulnerabilities. In other words, they are just as disciplined and effective at being “bad guys” as security providers are at being “good guys.” The IT team needs to adopt a constant state of alert. A single infected endpoint can mean a data breach, a loss of productivity, or the loss of the organization’s reputation.
- On-premises authentication is a security advantage. You can give users easy access to the cloud without the need to find a new way to authenticate them. For optimal security, retain your on-premises Active Directory for user authentication. Not to mention, this also simplifies management – because who has the time to manage duplicate directories?
- The need to combine SSO with multi-factor authentication (MFA). SSO generally supports two or more factors of authentication. Since SSO potentially gives a user “any time, any device” access to a lot of applications and data, IT teams need to make that single login as secure as possible. Yes, combining SSO with MFA might require a bit of effort from users, but it’s a key step to making sure the organization’s security requirements balance out with the productivity gains from using SSO.
- The need for context-aware logon management. SSO is more about productivity than security. This means you’ll want to keep security as lightweight as possible and target it on the single most important point in the SSO process: the logon. You do this for two reasons: 1) no logon, no access, and 2) once logged on, it’s too late to hedge risks. Because the Windows logon is often the only security verification that many organizations use, place as many contextual controls around the logon as possible, whether they’re native to Microsoft Windows environments, or whether you leverage third-party solutions that monitor and manage logon security and session management. These measures put much-needed “responsibility” around this pivotal action to secure how you implement SSO.
Make Responsibility A Mindset
Ultimately, responsibility is a mindset. And, like most, it’s one that eventually turns into a change in behavior. SSO’s power demands that IT take a responsible approach and ensures the security that SSO requires. By doing so, IT harnesses the power of SSO, wielding it as not just a productivity tool, but as a security tool as well.
About The Author
François Amigorena is the founder and CEO of IS Decisions, a global software company specializing in access management and MFA for Microsoft Windows and Active Directory environments. A former IBM executive, François is also a member of CLUSIF (Club de la Sécurité de l'Information Français), a nonprofit organization dedicated to information security.