Companies and organizations, within their increasingly integrated environments, with multiple digital business applications, face challenging security risks when managing individuals digital identities. This presents a significant management challenge for businesses to the extent that they must ensure that information stored with the various databases is protected and made available only to users with the correct credentials. This challenge can be tackled by having individual users create multiple user-IDs and passwords, however, this solution is inefficient, costly, and not at all user friendly.
Many businesses have turned to Identity Management software (IdM) systems in response to the challenges of organizing and securitizing multiple individual identities within or across the system(s) of an organization. Imbedded within such systems are the management capabilities of the ordering the individual identities, their authentication, authorization, and their roles and privileges. The goal of such systems is to provide increased security and productivity while decreasing costs.
IdM systems provide a large measure of confidence to businesses in helping them deal with user and data security, however, the evolving complexity of managing identities across internal and external external systems has given rise to an evolved approach to identity management known as Federated Identity Management (FIM). A Federated Identity permits the linking of a user’s electronic identity and personal attributes, stored in multiple and distinct IdM systems. In other words, FIM systems allow individuals to use the same identity to access networks of different organizations. This phenomenon is becoming increasingly commonplace with the decentralization of many functions and responsibilities within many businesses and organizations.
Closely related to Federated Identity is Single Sign On software (SSO). This is a scheme by which a single authentication ticket is trusted across multiple IT systems or organizations. It operates as a subset of FIM, as it relates exclusively to authentication. An example of an SSO is the use of Microsoft Windows credentials to connect to business software solutions like Enterprise Resource Planning, Customer Relationship Management, etc.
There are significant advantages for a company to adopt SSO as a method of authentication between applications and networks. Here are a couple of the more important ones:
- Productivity increases thanks to the user’s ability to access all applications via their unique digital identity. The need to remember only one password might encourage a user to be more diligent about password selection, i.e., not using the same password on all systems, etc.
- The simplification of User and Password management is a big advantage for IT administrators. Dealing with staffing changes with regard to their authentication process is simple and straightforward with SSO. Instead of dealing with all service providers, the IT administrator would only need to decommission the one user identity set up with SSO.
There are challenges as well to consider and a few of the more common ones are as follows:
- In the eventuality that the SSO provider’s account is hacked, it would imperil the security and safety of all the linked applications.
- Related to the above, if the SSO provider experiences system problems and their system is down, all users would be locked out of all systems linked to their identity.
- Users leaving computers unattended can expose the information on that computer to a security breach, potentially allowing access to that information to a user without the proper clearance.
- The cost of moving from a multiple password system to SSO can be quite expensive, and can increase with the number and the complexity of the applications required.
Addressing these and other challenges can be fairly straightforward and do not require additional investment in software solutions. For example, automatic log-off from applications after a defined period of time of inactivity can provide a solution to computers that are left unattended. Additionally, to add a protective layer to very critical information, a 2 step authentication process can be established. This would require a user to provide an additional piece of information before having access to the application. Finally, the IT administrator can exercise their prerogative to limit the functionality within one application or to limit the access to specific systems.
The management of digital identities in business environments has become an important issue with the increase of business applications used across an organization and between organizations. Businesses must be able to guarantee the integrity and security of all information stored in their business applications, but, at the same time, they must administer their users’ digital identities with maximum efficiency and security. Many companies have successfully adopted FIM systems along with SSO capabilities to achieve their security expectations.
Contributed by Gabriel Gheorghiu – Experienced consultant and analyst focusing on business software and customer interactions