By allowing users to execute a master sign-on to authenticate themselves, single sign-on (SSO) improves user experience in terms of convenience as well as security. However, while SSO takes away the hassle with logins, successful implementation requires diligent management and the proper tools. Because the truth is implementing SSO requires some work and an unerring sense of responsibility: Knowing what can go wrong and understanding how they can go wrong down the line is crucial in responsible SSO management. This allows you to make the necessary improvements before anything goes wrong.
So what mistakes and oversights need to be avoided that can go wrong with SSO management?
1. Misplaced confidence in SSO as a cure-all for cybersecurity problems
New technology can get people overly enthusiastic about things getting easier and the past issues being gone for good. This can keep them from properly considering the new solution to determine what it can actually do and what it can’t; and this lack of a realistic perspective prevents them from planning for contingencies that may arise.
2. Implementation without stakeholder buy-in
Implementing a new process within an organization is not a solitary endeavor. Effective implementation requires the buy-in of those who need to adopt the process and those who are affected by it.
Depending on your organization, your stakeholders can be or include the following individuals and groups:
End users – The employees who will have to adopt the process.
Human resources – The personnel who are instrumental in coordinating the adoption of the processses with employees and leadership
Leadership – The last word and the party responsible for financing the implementation and management of the process
Neglecting to enlist your stakeholders’ support may introduce implementation and management hiccups later on, rendering the process ineffective.
3. Failure to update organizational cybersecurity protocol after SSO implementation
The fact that cybercriminals will continue to figure out how to get around any new obstacles, as well as employee turnover are two of a number of justifications why it’s necessary to regularly update and modify your security protocol.
Here are three ways you can update your cybersecurity program post–SSO implementation:
Metrics – Inventory the IT metrics being tracked each month to drop the ones that are no longer relevant.
Adjustments in cybersecurity training – Evaluate your training scope and focus and make the necessary updates—adding tips on strengthening passwords or replacing passwords with passphrases, especially ensuring complexity by creating passwords that are not easily associated with the user or a minimum of unrelated four words to make up a passphrase (e.g., railway, courtyard, thyme, and wheel):
Evaluation of goals – Now that you have adopted SSO, determine what new direction you may refocus resources dedicated to security measures.
4. SSO accounts that are in place for too long
With an SSO account, an employee can quickly access files and applications. It’s a scenario that’s bound to result in data compromise: all it takes is one employee with a grudge, who has been influenced to act against you, or who simply lacks the technical savvy to understand the gravity of a situation where they end up sharing corporate data to the wrong people.
To preempt this disaster, enlist the help of your HR and IT departments to accurately identify the risk—starting with a clear idea of individuals who might need to be checked and the necessary response to a possible insider threat.
5. Neglect of SSO gap monitoring
Full SSO implementation covering every system can get challenging for a huge organization. You may have to manage some systems outside the coverage of your SSO implementation or choose whether roll the dice and live with the risk or plan to bring those systems in.
A comprehensive SSO program today will need to be modified down the line when new cloud services are introduced, which requires you to identify the pertinent changes that will need to be integrated in our SSO solution.
6. Developing an internal SSO solution
Creating your own SSO solution is not a good idea, unless you’re a large organization with personnel to spare for this specific task. It’s more practical to pick an SSO solution off the shelf, to save time for your managers on top of improving your employees login experience. Assign role-based SSO application access instead of customizing the setup every time.
7. Failure to address password reuse
A recent Google/Harris Poll found that 52 percent of users reuse the same password for multiple (but not all) accounts, while 13 percent reuse their passwords for all their accounts.
Password reuse naturally results when users are required to manage multiple passwords, as though it can’t be helped. It also occurs in these two common instances:
- Users using the same password multiple times within an organization.
- Users using a password for their home devices at work.
Having to manage multiple passwords results in password fatigue, which results in additional problematic user behavior, like writing passwords down in scraps of paper that can easily be misplaced.
This is where single sign-on comes in—to make it possible to take password reuse out of the equation. However, implemening SSO alone does not guarantee this poor password habit goes away.
Level up SSO by going passwordless.
Alternatively, you can do away with the fuss over passwords and shift to passwordless single sign-on. SSO with biometrics, keys, tokens, and other non-password factors will remove all password-related threats altogether, and that’s a great thing.
What’s even greater is to pair passwordless single sign-on with passwordless multifactor authentication for layers of security and game-changing convenience.
Ready to level up and say good-bye to your password headaches for good?
Contact TraitWare to explore our enterprise-level solutions.