Eugenio Marongiu - Fotolia
- Eric Klein, VDC Research
The increasing use of mobile devices and cloud applications in the enterprise means more data is in transit -- and potentially at risk -- than ever before. Single sign-on technology and identity federation can help keep things secure.
Protecting data on a server is hard enough. Protecting data in motion across mobile devices brings a whole new level of challenges. Strong cryptography can help increase mobile security, but unfortunately, enforcing passwords on employee-owned devices and third-party apps is difficult. Most medium-sized and large organizations have implemented identity and access management (IAM) platforms to control interactions with their enterprise applications and enable single sign-on (SSO), but those tools also come up short once users access corporate data from multiple devices and domains.
Access control is not completely effective because many applications are moving to the cloud. Business software is becoming increasingly distributed, and the number of users needing to access applications from outside organizational boundaries is expanding. Companies now need to implement security with mobile and cloud-based access in mind, by integrating single sign-on technology across all in-house and external applications and platforms.
SSO integration matters
One of the biggest issues organizations struggle with is providing secure and easy access to external applications, such as software as a service (SaaS) or business partner apps, to internal employees. Similarly, many companies struggle to provide secure access to internal applications to partners, customers and vendors without managing third-party identities and passwords.
Fortunately, the security practices and IAM tools implemented on-premises are also applicable to cloud-based applications. IT may already have an SSO tool from a vendor such as Centrify, CA Technologies, Okta, Onelogin, Oracle or Ping Identity. But as the number of devices and cloud applications increases, the key is to integrate SSO across all the different mobile platforms that users, partners and customers access.
A lot of enterprise SaaS apps can integrate with IAM and Active Directory to provide SSO. That means any user can log in with his or her existing Windows credentials instead of creating new user names and passwords that IT wouldn't have any visibility into or control over.
Integrating identity management with existing apps can be time consuming and costly, however, depending on the complexity of the applications and the level of security expertise in an organization. Fortunately, most SSO products support key authorization flows such as SAML and OAuth 1.0a and 2 out of the box. Plus, the market has evolved to incorporate standards-based identity federation, which helps organizations meet this need for single sign-on technology across all access points.
Time to add identity federation
Federation technology allows users to use the same identification information across many platforms and applications, often without even having to manually enter passwords. Best of all, it lets users bring their authenticated identity with them when accessing applications outside of the organization.
Identity federation improves security as well. Standards such as SAML 2.0 and OpenID Connect can help to simplify federation to SaaS applications. Plus, since users' identities are tied to the organization and not the application provider, if they leave the company or change roles, their access to third-party applications is automatically restricted.
This article originally appeared in the January issue of the Modern Mobility e-zine.
Video: How to manage third parties with IAM
Biometrics brings a new way to authenticate
How identity federation standards work