Our belief is that an open cloud is a more secure one and it begins with identity.
Online security has a very important element of authentically identifying users and recognizing patterns of behavior. Take enterprise travel planning for example. More and more business travelers, fiercely loyal to airline and hotel loyalty programs and wary of travel agency fees, are making their own travel arrangements through online booking tools.
These sites, hosted and managed by outside travel vendors, can be accessed via the company intranet and charged back to their corporate credit cards, and potentially directly to central billing.
Thanks to the fact that an employee’s authentication can be recognized across platforms, one login to the employee Intranet can identify that user as currently employed, authorized to book travel within preset travel policies, and able to complete a transaction all the way through to the airline, hotel or car rental company.
Without open standards for user identity and authentication, an employee would have to re-authenticate themselves at every step – the Intranet, the travel agency, the airline, etc. Open standards like OAuth, and SAML allows us to establish identities across platforms.
That’s why we’re seeing increased adoption of open standards around identity. Without interoperable means to authenticate and assert identities, employers carry the burden of creating, updating and validating a set of identities for every provider and notifying each every time someone leaves the company. If the administrator resigns and there is no mechanism to invalidate their password, they can still get into the system and access the data. A trusted source for federated identity can prevent that issue.
Without open standards, authentication data gets lost or becomes much more difficult to follow. When data must be made available across platforms, security and privacy may be compromised and the importance of established identities across applications becomes clear.
While from the user experience perspective entering your password once instead of three times is simply convenience, for the enterprise, identity is fundamental to security. Who's doing what, when and from where, revolves around identity. In the travel example, if an airline requests a $5K trip to Hawaii, the employer needs to verify for whom and why to determine whether the itinerary will be denied, or if it has already been charged, by whom.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.