Single sign-on: Balancing power and responsibility
Single sign-on (SSO) is a powerful tool to increase user productivity. But what are IT's responsibilities to balance that productivity gain with security?
Published January 8, 2018Single sign-on (SSO) is a powerful productivity tool for organizations today. Facilitating access to on-premises and cloud-based applications, it dramatically simplifies the user experience. With SSO, users simply logon once, open a web browser or portal application, and open any and every application provisioned for them by IT.
But as Peter Parker’s Uncle Ben taught us. “with great power comes great responsibility.” And SSO’s potential power is indeed great.
Since the entire goal behind SSO is more about providing access than restricting it, there are going to be some risks involved (as with any other form of access). So, what exactly are the security risks of SSO?
One account for lots of access. From a user’s perspective, this is the dream. But any IT team should get nervous ticks just thinking about the added risks.
One click away from disaster. Not to be dramatic, but a simple provisioning mistake on the part of IT can give a user access to data that has nothing to do with their role in the organization.
Instant extension of the security perimeter. Long gone are the days when the corporate network was defined by endpoints in cubicles and four walls of concrete. The modern enterprise’s IT infrastructure, and especially SSO, gives on-site and remote users alike instant access to your organization’s web or cloud-based data and applications.
A vulnerability for lateral movement. Once external attackers have a foothold in your organization (likely an endpoint infected with malware), their next move is to try to move laterally within the organization. This move usually requires additional credentials. In other words, they try to access applications and data beyond the endpoint itself. But, wait … that sounds familiar, right? Kind of like exactly what SSO does? Sure, SSO only provides access to the applications and data the user needs to do their job (as long as IT implements it error-free…), but it does open up a window of opportunity for the attacker.
Does this mean SSO is a bad idea? Of course not. What’s important to acknowledge is that SSO carries risk.
It makes sense when you think about it: when you simplify access to many applications for users across the globe – on any device, there’s going to be potential for disaster (remember, great power...).
Once the IT teams know and hedge against the risks inherent to SSO, they can harness the full power and benefit of SSO. Not only can SSO improve user productivity, but savvy IT teams can also employ many aspects of SSO to improve their organization’s security.
So, what are IT’s responsibilities, given the great power of SSO?
In general, IT has a responsibility to recognize:
The abundance of access. Uncle Ben’s warning to Peter Parker was as much about self-control as it was simply acknowledging the power’s existence. You can’t do the former without the latter. Similarly, taking responsibility for SSO requires first acknowledging what SSO’s power allows us to do.
The real and present danger. Cyber-criminal organizations today systematically investigate, document, code, and test against vulnerabilities, making them as effective at being “bad guys” as your security providers are at being “good guys.” You need to be in a constant state of alert. One infected endpoint can spell a data breach, lost productivity, or loss of your organization’s reputation.
The advantage of on-premises authentication. Just because you want to give users easy access to the cloud doesn’t mean that you need a new way to authenticate them. Retain your on-premises Windows server directory for user authentication for optimal security, not to mention for ease of management (who has the time to manage duplicate directories?).
The need for multi-factor authentication. In general, SSO supports two or more factors of authentication. Since you’re potentially giving a user “any time, any device” access to a ton of data and applications, validate the living daylights out of them. Combining SSO with multi-factor authentication may require a slight effort from your users, but it’s a critical step to ensuring that your security requirements balance out with this gain in productivity.
The importance of context-aware logon management. For most organizations, SSO is more about productivity than security. So, you’ll want to keep security as lightweight as possible and target it on the single most important point in the SSO process: the logon. You do this for two reasons: 1) no logon, no access, and 2) once logged on, it’s too late to hedge risks. Because the Windows logon is often the only security verification that many organizations use, place as many contextual controls around the logon as possible, whether they’re native to Microsoft Windows environments, or whether you leverage third-party solutions that monitor and manage logon security and session management. These measures will put much-needed “responsibility” around this pivotal action for the security of how you implement SSO.
Ultimately, responsibility is a mindset. And, like most, it’s one that eventually turns into a change in behavior. SSO’s power demands that IT take a responsible approach to ensure the security that SSO requires. By doing so, IT harnesses the power of SSO, wielding it as not just a productivity tool, but as a security tool as well.