As hackers become smarter and organization data breaches keep rising, the CISO (Chief Information Security Officer) is fighting a battle on two fronts: Should he sacrifice user productivity in exchange for a highly secure but difficult to use single sign-on or let the systems be vulnerable to threats.
In addition to the need to protect against data breaches, the reality is that organizations are dealing with infrastructures and application deployments that are increasingly complex. Application user counts are now in the hundreds if not thousands. Many of these applications could have different requirements for accessing their systems ranging from valid Passwords, Biometrics and combination keys. Cloud computing can further complicate the situation as enterprises have no control of those applications and their identity management systems.
With the increased applications, there is no central repository for password storage across the different applications.
The enforcement of password policies is primarily through the Active Directory. But with a multitude of applications not integrating with AD for password management, this is an area of concern.
Each application requires its own password following its own password policy structure. Therefore, an employee who uses 8 different applications might have 8 unique passwords. With an employee base of 1000, this results in 8000 unique passwords to maintain. To avoid being forced to look up passwords, users tend to use easy to remember passwords which unfortunately results in the possibility of unauthorized access by unauthorized users which is a critical area of concern.
Although some Web applications store and “remember” the password for the user, they don’t enforce strong password policies. Moreover, this method is not secure as passwords can be stolen by malware or lost when users upgrade their desktops. This again is an area of concern.
When users forget passwords, they call IT support. Password-related help desk calls cost money and take IT personnel away from core tasks. Password reset calls may represent as much as 40 percent of the help desk workload, with the cost of the average call estimated at $25.00 per reset.
ILANTUS Single Sign-On, Xpress Sign-On (XSO) meets these challenges better than any other technology on the market today. At a basic level, Enterprise Single Sign-On (ESSO) technology absolves users of all password responsibilities except for the Network logon. However, with applications not complying with network password policies, ESSO technologies are able to bring both AD integrated and non-AD integrated stacks under the same umbrella, giving the user quick and secured access to all daily productivity needs. ILANTUS Xpress Sign-On is the ESSO that addresses it all with one platform.
Business Objectives for Enterprise SSO:
Increased Employee Productivity. Removing the need for multiple sign-on’s per day eliminates most password lock-outs and resets allowing users to gain quick and secured access to the applications.
Lower User Support Costs. With only one password to remember, the need for support staff to handle password resets is dramatically reduced thereby freeing up support staff which in turn reduces support costs.
Increased Application Adoption Rate. Most applications used in the enterprise have a value associated with usage. SSO solutions have been shown to dramatically increase usage rates.
Secure Storage of Passwords. Security is assured with the usage of highly encrypted centralized vaults of up-to AES 256bit.
Multi-level Security. Eliminate risk by using secondary level of authentication using modules such as Image Captcha, SMS OTP, Email, Biometrics and many others.
A comprehensive ESSO solution significantly strengthens an organization’s overall security.