Yet despite the renewed level of interest in SSO, there are a number of myths that persist regarding the technology, how it works and how it is best used to provide business value. Here are four myths about SSO that in my experience persist among enterprise and government CIOs.
First, a baseline understanding of what SSO does
To first understand SSO, let’s establish a few baseline concepts about how SSO can help simplify IT operations and increase security.
Single sign-on is an approach that simplifies the management of access to more and more services by a growing constituency of users – users within your environment, that you know, and want to make as productive as possible. It allows you to manage access based on parameters – be it time of day, location, device used to access data or other parameters. This allows you to enable internal users to access what they need when they need it – no more and no less access than that required to do the job efficiently. It also simplifies removing access from a broad range of services quickly when necessary.
The right approach to SSO, enables organizations to build controls around the concept of identity. That’s important, because with the current rate of rapid changes in where the data resides, how it is accessed and where it is accessed from, user identity is often the only constant. Therefore, organizations must build their thinking around the processes of providing access and simplify the management of identity because these will enable them to meet the challenges of an increasingly complex and interconnected business environment. How do you simplify this process? Single sign-on is one solution.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.