So, where might SSO fit in? Section 404 of the Sarbanes-Oxley Act requires that companies prove they have sufficient IT controls in place to protect the broader financial controls mandated specifically by the legislation. Although Section 404 is vague when it comes to specific recommendations, it sheds light on auditor requirements. IT controls should be documented and prove that there are adequate policies and procedures for protecting...
data, including access control, encryption, firewalls and antivirus protection.
With that in mind, one secret to SSO implementation is the centralization of authentication on specialized SSO servers and architectures. Unlike standard authentication systems, SSO is usually pretty complicated. It requires a lot of planning – that could mean documentation – and has to integrate into existing authentication systems. Aside from the documentation, these systems also require more tuning, auditing and logging to stay healthy and hacker-free than simpler authentication systems to single applications or networks.
It's this centralization, combined with the documentation of logging and auditing of systems needed to run SSO that will probably impress your auditors trying to boost your compliance efforts.
More on single sign-on and compliance:
Dig deeper on Enterprise Single Sign-On (SSO)
Related Q&A from Joel Dubin, past SearchSecurity.com expert
The security of RFID chips and smart cards may not be fully mature, but there are best practices to keep facilities safe. Identity and access ...continue reading
Picture passwords for mobile device security aren't a new idea, but they have been recently improved. Identity and access management expert Joel ...continue reading
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.