Tuesday, April 21, 2009

Single Sign-on
by Gerald Trites, FCA

As the need for security has grown in the face of identify theft, viruses and unwanted intruders, the number and scope of applications implementing passwords has grown immensely. It means that within many companies employees need to remember a large number of passwords. Of course, in many cases, they cannot remember them all, and therefore need to record them somewhere. And so they write them on sticky notes, in little notebooks hidden away in a drawer, in files on their computer, in software applications like Roboform that host all the passwords they need to know, and are themsleves proctectd by a single password. Or they store them on their PDA or smartphone.

The fact is that because of the inability of a normal human being to remember a large number of passwords, especially when they need to be changed every month or so, the proliferation of passwords is a growing security risk. Thus the need for single sign-on.

But single sign on can't work in a secure manner just by giving everyone a single password to gain acccess to the whole system. That would seriously erode security. Instead single sign involves a whole review and definition of the systems needs of the users, through a process known as identity management.

Carefully implemented, identity management can improve the overall security of the company's systems and at the same time simplify the lives of the users, while making it possible to open up new areas of information for more users.

Such an approach was taken by New York Transit with their applications and a short case study was written up by the provider - Novell, which highlights the benefits of this approach to a single sign-on environment.

No comments: