To end-users, passwords may be a necessary nuisance, but to many organizations weak passwords are a potential legal liability. A growing number of regulations stipulate that organizations be able to prove they have established an infrastructure that protects data from destruction, loss, unauthorized alteration or other misuse. Key to meeting those regulatory requirements is the ability to restrict end-user access to data, enforce proof of identity and audit online events.
Many organizations have established security policies to aid in regulatory compliance, but enforcing those policies can be a challenge. Simple human nature comes into play. Most of us are faced with a mind-boggling number of passwords to recall. Various studies have shown that most end-users have up to 10 passwords to remember, with some survey respondents reporting that they have as many as 20 passwords to recall.
As a result, many of us resort to some sort of memory-jogging technique to save time and avoid being locked out of needed applications. Rather than supply a unique, robust password for every application and network function, we tend to use the same password for most or all programs, or simplify passwords to the point they’re easy for others to guess. If we do keep multiple, distinct, cryptic passwords, we’re likely to post them somewhere handy lest we forget.
Single sign-on (SSO) technology can help reduce password overload. As the name implies, SSO gives each employee a single user name and password to remember. Instead of logging into various network resources individually, the end-user logs into the SSO system once and gains access to all the files and applications he is authorized to use.
A SSO system creates a single, secure identity for each end-user by consolidating their credentials into their specific object within their network directory. Once they have a single identity, users simply authenticate once at the network login to launch their enterprise single sign-on solution, which handles their subsequent application authentications for them. The system serves as a proxy for each end-user, managing the authorization process for each application he needs to access. It does the job of remembering the various user names and passwords associated with each application on the end-user’s behalf.
More than just a relief for forgetful end-users, SSO benefits organizations facing increasing regulatory scrutiny regarding their security practices by helping to ensure that password policies are followed. By consolidating user credentials into a single identity, SSO enables enterprises to set up the fundamental security framework necessary to enforce strict proof of identity. Doing so enables enterprises to meet regulatory requirements and better protect data by restricting user access to data and auditing online events.
Enterprises can restrict access to sensitive information by leveraging the role-based access rights for each user’s identity established in the network directory. Leading enterprise SSO solutions reference this information to allow an administrator to configure end-user access to applications based on their functional grouping within the directory. This ensures only authorized users gain access to confidential information.
When integrated with multi-factor authentication technologies, SSO systems can require employees to verify their identity at the network login via a biometric, smartcard or token device — or any combination of these — as well as a complex password. When a user authenticates with multi-factor authentication, the enterprise has irrefutable evidence of the user’s identity.
The enterprise can apply this strong proof of identity to report and audit the user’s online events. For instance, once the SSO system has confirmed the user’s identity, it captures the time, number of attempts and authentication used to access the network. It also records the user’s online events, the systems accessed or information altered, as well as the time he logs out.
Regulatory compliance isn’t the only benefit of SSO technology. SSO greatly enhances network security since passwords are generally the first line of defense for applications and data. Just as most burglars come in through the front door, many hackers will first try to guess a password to gain entry into the network. It doesn’t take technical knowledge to access sensitive information if the password is posted on the monitor. SSO can result in an immediate improvement in security for sensitive applications and data. With a single password to remember, end-users are more likely to choose one that’s difficult to crack, and change it frequently.
SSO can also relieve IT workloads. Despite the use of memory aids, most end-users forget passwords from time to time. When an employee forgets Password No. 4, his recourse is to call the help desk and have the password reset. In an enterprise, the sheer volume of password-related help desk calls adds up to significant productivity losses for both end-users and IT staff.
SSO can eliminate 95 percent of password-related help desk calls, and reduce IT staff time devoted to password management and resets. That can result in significant cost savings. Experts estimate that the average password-related help desk call costs about $25. An enterprise with 2,000 employees fielding 1,400 such calls per month could save nearly half a million dollars per year through password management.
Passwords may seem like a necessary evil, but failing to establish and enforce strong password policies can have dire consequences. Easy-to-remember passwords not only threaten network security but expose organizations to potential regulatory penalties. SSO helps solve these problems by providing employees with one, strong password to access all their applications and data, and organizations with the ability to control and audit that access.
