“Identify is the new perimeter” is something I heard the other day and I have to say, for a sound bite it's not bad. It got me thinking about the different ways we authenticate users and the fact that they are not all created equal. Before we had Single-Sign On (SSO) and Consistent Sign-On (CSO) we had Island Sign On (ISO) which is where each system has its own user database resulting in proliferation of user accounts and passwords. For a long time, SSO was the holy grail and it definitely an improvement but I really want to make the following points:
- SSO can be implemented many ways
- You probably have to leverage all SSO methods at first
- But your long term security strategy should be Federation
The best way to explain this is to compare the 2 most popular methods used behind the scene of today's popular SSO solutions:
- Stored credentials
- Federation
In both cases the user authenticates one time to the SSO portal and then seamlessly/transparently accesses application A and B. But behind the scenes let’s suppose the SSO portal uses federation to log on the user to application A but for application B it pulls that user’s credentials previously provisioned on application B from its database and transparently plugs them into the logon form or dialog for application B.
The experience is the same for the user but the risks and security opportunities are not. Now, I'm talking about the obvious stuff like the extra labor involved in provisioning and maintain Application B credentials for each user in the SSO database. And I'm not referring to the credential theft risk with all those passwords stored in the SSO database. Although both of those are legitimate issues that must be addressed.
What I'm getting at and what I'll delve into in this webinar are the deeper issues that differentiate stored credential authentication and federation. Why you probably have to use stored credentials where necessary but why federation is so much more secure and offers so many opportunities to mitigate risk.
In this real training for free ™ session I will look at the following 3 scenarios and spotlight the benefits of federation:
- Authenticating to cloud apps
- Authenticating employees from partners, customers and vendors
- Authenticating to internal applications
Here are some of the issues in play:
- The difference between your identity as a person and your current role and status at an organization
- Centralized audit and visibility
- Real-time risk factors
- Dynamic and responsive authentication/mitigation techniques
This webinar is sponsored by Dell Software and Joe Campbell will briefly show you how their Cloud Access Manager gives you the flexibility to support all authentication methods and maximizes your ability to leverage the security benefits of SSO and Federation – not too mention how much easier they make federation compared to what you might be used to.
Please join me for this thought provoking security discussion. I feel confident you will come away with new insights, a better understanding of why federation is so important and how it fits into the overall landscape of identity and access management.