A senior executive recently raised the worry that a single sign-on (SSO) environment may be less secure than silos of authentication, because “if someone cracks it once, they have the keys to the kingdom.” Before offering points in favor of SSO, a quick caveat: SSO should only ever be the authentication component of the 5A model (authentication, authorization, access control, audit, and accounting) and is not a tool that should be relied upon in isolation, or without further controls in place.
Strong control of identity helps in a number of ways:
- Better control: There is only one point of control to switch off when a compromise is suspected or in the separation process, and a limited window of opportunity to attack. Every independent system gives a hostile actor an additional chance to glean credentials, with a high risk of then being able to exploit that access window further–especially if passwords have been reused elsewhere.
- Better user experience: With fewer passwords to manage, users will be less tempted to reuse passwords across systems or store many passwords insecurely.
- More pervasive security: A single identity management solution reduces the overall cost of implementation, especially when there is a need for additional layers of protection, such as 2-factor authentication at key points in the digital landscape.
- Faster detection and notification of compromised accounts: An account that’s used frequently will be noticed if locked out or changed, as opposed to one that’s only used some of the time.
- Easier integration with outside organizations with only one point of contact to connect, monitor, and manage
Changing to, or extending, an SSO environment brings its own design considerations:
- Separation of authorization (what the user can do or access) from authentication (who the user is). Managers/owners of individual data stores or applications should still have control over who may access data or take actions within their span of control.
- More robust monitoring of use, or attempted use, especially of attempted access outside of the user’s permitted scope. Again, with fewer identities, to monitor suspicious or out-of-place activity will be more obvious than if those attempts are spread over multiple identities.
- More frequent checks of identity at all levels of the system(s) being protected
- Multiple factors including smart security tokens or location-based services (e.g., restricting certain functions or access to data unless the user session originates from a trusted device or network)