Q

How does single sign-on affect compliance efforts?

In this Identity Management and Access Control Ask the Expert Q&A, resident Joel Dubin examines how using single sign-on influences enterrprise-wide compliance efforts.

Does SSO help or hinder compliance efforts?
By itself, single sign-on (SSO) neither hinders nor helps compliance efforts. Compliance is a very broad category and, depending on your industry, can mean many different things. However, while each regulation has different requirements, they all share a commonality: each must prove that confidential customer information is adequately secured.

So, where might SSO fit in? Section 404 of the Sarbanes-Oxley Act requires that companies prove they have sufficient IT controls in place to protect the broader financial controls mandated specifically by the legislation. Although Section 404 is vague when it comes to specific recommendations, it sheds light on auditor requirements. IT controls should be documented and prove that there are adequate policies and procedures for protecting...

data, including access control, encryption, firewalls and antivirus protection.

With that in mind, one secret to SSO implementation is the centralization of authentication on specialized SSO servers and architectures. Unlike standard authentication systems, SSO is usually pretty complicated. It requires a lot of planning – that could mean documentation – and has to integrate into existing authentication systems. Aside from the documentation, these systems also require more tuning, auditing and logging to stay healthy and hacker-free than simpler authentication systems to single applications or networks.

It's this centralization, combined with the documentation of logging and auditing of systems needed to run SSO that will probably impress your auditors trying to boost your compliance efforts.

More on single sign-on and compliance:

  • Attend our Identity and Access Management Security School and learn how implement an authentication strategy.
  • Visit our Compliance All-in-One Guide and learn how to maximize compliance efforts
  • This was first published in August 2006

    Dig deeper on Enterprise Single Sign-On (SSO)

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close