Most businesses protect themselves at the perimeter with one or more firewalls, and some also add layers of protection inside their network, including intrusion detection and prevention, email filtering, anti-virus and much more. But although these traditional security solutions add valuable layers of protection, none of them provide a silver bullet. Breaches will happen and eventually, perimeter protection will fail and attackers will get inside of your network.
Once an attacker is inside of your network, they will obtain valid credentials — usually credentials with a privileged level of access or they will create new credentials and remain inside of your network for as long as they need to get what they are there to steal. So what exactly does this mean? Should we all just be aware of these circumstances or is there something your business can do to potentially prevent this from happening?
This is exactly where a Single Sign On Implementation becomes useful because the key element of a successful attack is credentials.
So, what are you supposed to look for during your search for a Sign On Solution for your organization? Below is a list of critical questions you and your team should answer in order to put your business on track to find the right solution for your single sign on implementation!
1. What level of security do you require for users to access business line applications?
This is the first question you should answer to know if Single Sign On is right for your business in the first place. Your business may need an authentication service, but not necessarily need Single Sign On in place. Same Sign On may be an option for your organization if auto login for all business line applications at the same time is not necessary. For example, when one of your employees attempts to access a resource in Office 365 after using credentials to login to their PC, with Same Sign On they will be prompted for authentication credentials again, but these credentials will be the same credentials they used to login to their PC (Same Sign On). However, if you’re in need of a true Single Sign On solution, you will need to deploy both a federation solution as well as your Single Sign On solution.
2. What are your long term goals?
Many of your Single Sign On implementation decisions will be related to your long term goals. For example, if your long term goal is to move your business fully to the cloud, you will want to move away from managing identities and credentials locally to managing your users with cloud accounts. On the other hand, if your specific business is concerned about security and you have the need to touch and manage things on site. This will determine if you will continue to use AD on site or if you will move to the cloud without integration with a local AD. It all comes down to your organizational philosophy and how you embrace the cloud!
3. What are the business line applications that are critical to authenticate to?
If your users require a long list of business line applications they have to authenticate to every day, you may need to look in to solutions that work best with your specific applications if you’d like your end user experience to go as smoothly as possible. What do you want your user experience to be when logging in to these applications and what level of security do you need for these applications? Some Sign On Solutions maintain HIPPA, FINRA, and other compliance standards, while some may not. Make sure the solution you choose fits the security standards you need to maintain in your industry!
4. Are you willing to accept implementing new hardware on site or do you prefer the use of a service?
Your organization may not want to move fully to the cloud quite yet, but are you also willing to accept new hardware on site for identity management purposes? If not, you should solely look into Identity Management services instead that don’t require any hardware on site. Answering this question may check a few options options off of your list pretty quickly.
5. Is multi-factor authentication necessary?
If your business requires additional security measures above and beyond standard authentication for Single Sign On, you should look into multi-factor authentication. With multi-factor authentication, your users will also require a second factor alongside their password during login, which could be a PIN or a security questions. Before deciding if this is right for you, look into your industry best practices or consult with a colleague or expert in your industry!
6. Will you require any additional security guidelines?
Even if your organization goes through with your Single Sign On implementation, you may also want to put additional security guidelines in place if necessary if you don’t already have them. Do you have a security policy in place for mobile devices? Do you have a policy of how long your user can be away from their computer without relying on automatic log offs? Make sure you have any necessary policies in place like this and that your users also have easy access to these policies! It may be a good idea to send out an annual reminder of these policies as well; the new year is coming around!
Single Sign On Implementations are also put into place for various other reasons than security from hackers, including end user productivity and time management, IT management simplification, and access denial for employee turnover purposes. And although access credentials are the major piece of Identity Management, you should also consider how you prefer managing user profiles as well. As mentioned before, all of your decisions should be in line with your long term goals!
In a follow up blog coming in the next few weeks, we will discuss and compare several Single Sign On options, including enterprise level solutions like OKTA, SecureAuth, and ADFS and cloud solutions like Azure AD Basic and Premium.
Would you like to discuss your Single Sign On options with the experts? Request your free consultation and we will be in touch with you shortly!