Q

Identity management SSO security: Hardening single sign-on systems

Get information on how to harden single sign-on systems for greater security in this response from IAM expert Randall Gamby.

What would you say are the key best practices for hardening a single sign-on (SSO) system? Our organization has grown to the point where we could really use SSO to tie together several dozen systems, but some senior managers are concerned that a compromise to the SSO system would instantly grant unauthorized access to every system we tie into it. What would you recommend in terms of managing that risk?

Two recommendations come to mind. One is to establish a good security and compliance awareness program. Generally, if people are told not to do something -- like access another person's account without proper authorization -- they'll comply.

Second, for extremely sensitive data applications, use two-factor authentication. Username/password authentication in an SSO environment is much riskier than two-factor authentication, as you note. And two-factor authentication doesn't mean all users have to carry a smart card; tokenless two-factor authentication services are readily available and not as expensive as their hard-token counterparts.

But the biggest recommendation I have to offer is to do a market study on whether hardening single sign-on environments is even necessary. (Ask the single sign-on vendor(s) you're working with to help with this.) Generally, organizations are able to implement single sign-on internally with few to no issues of compromise using username/password schemes. Also, be sure to discuss security concerns with the senior managers to better understand what their actual fears are and address them directly.

This was first published in June 2010

Dig deeper on Enterprise Single Sign-On (SSO)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close