By: Bob Tarzey, Service Director, Quocirca
Published: 5th October 2012
Copyright Quocirca © 2012
There is nothing new about single sign on (SSO) systems; they have been on the market for many years as a way providing a single point of authentication of users before providing them access to IT resources. What is new is the increasing capability of SSO systems to better manage the changing way applications are being deployed and accessed.
Here are some examples:
It is clear that SSO systems have evolved way beyond the early use-case of saving employees from remembering a range of passwords. One of the down sides pointed to by the detractors of SSO is that it provides a single set of keys to the castle. However, linked with strong authentication this should not be an issue and should instead increase security, especially with the rise of BYOD.
Another criticism has been the complexity of deployment, but this has decreased with the rise of standards such LDAP (lightweight directory access protocol), SAML (security assertion mark-up language) and SCIM (originally simple cloud identity management) and the sophistication and increased of use of many current SSO systems.
A third criticism that could be levelled for all the above use cases is an SSO system becoming s single point of failure but this is true of any network device that is used to provide user access to applications. Resilience can be built into SSO just as with any other system. Furthermore, for ease of access and to open up SSO to smaller organisations SSO itself is now available as a SaaS-based resource, for example Ping One and SaaS-ID.
For those organisations that have looked as SSO in the past and rejected it, perhaps now is time to take another look. The sophistication of the new offerings that have come to market in the last few years help address a broad range of problems and provide a secure policy based identity-bridge between users and the resources they need access to.
Quocirca’s report “The identity perimeter” is freely available here https://www.pingidentity.com/support-and-downloads/download.cfm?item=62593 (registration required)
We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.
Published by: electronicdawn Ltd.