Whether you should extend SSO outside your company is really a business decision you have to make. You need to
ask yourself if there's a real business purpose for allowing a partner or vendor to have complete access to your system.
If the answer is yes, you need to perform two thorough risk analyses, one on your systems that will be accessed, and one on the outside party who will have SSO access to your system. If the risk analysis determines that the systems being accessed are low risk, meaning they don't have sensitive customer data or aren't used for financial transactions, then it may be worthwhile. For example, your company might be partnering with a marketing outfit that uses demographic data from your sales for market research. Such data usually can't be traced back to individual customers, where it could be used for draining accounts or stealing identities.
Make sure you perform a complete security review of any outside vendor you allow to access your system to verify that they meet your stringent security standards. The review should include tours of data centers for both physical and information security, whether employees go through background checks and if they have an information security policy or security awareness training program. Otherwise, they could be the weak link that allows malicious access to your system.
For More Information on SSO and authentication:
Dig deeper on Enterprise Single Sign-On (SSO)
Related Q&A from Joel Dubin, past SearchSecurity.com expert
The security of RFID chips and smart cards may not be fully mature, but there are best practices to keep facilities safe. Identity and access ...continue reading
Picture passwords for mobile device security aren't a new idea, but they have been recently improved. Identity and access management expert Joel ...continue reading
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.