The emerging challenge for IAM solutions is the trend for enterprises to run or access applications across multiple Cloud - private and public - and on-premises platforms.
This will require an IAM system that manages application security across all and multiple platforms.
EB2BCOM is the deployment partner for the Cobalt multi-cloud IAM solution from ViewDS Identity Solutions.
Enterprise single sign on solutions
Enterprise single sign on solutions allow an organisation to centralise authentication and minimise the number of credentials a user needs to use and remember.
Forcing users to maintain many credentials usually results in bad password practices such as using the same weak password on many systems and using easily guessable passwords. Alternatively, if good password practices are employed on each system, it is more likely that users will forget passwords and require resets, which increases the amount of internal administrative overhead.
An enterprise single sign on solution can deliver a single place of authentication that makes password management and security easy to manage. A central authentication system makes it easy to employ higher grades of security (e.g. Strong or Two Factor Authentication) in circumstances that warrant it – for example, accessing services remotely.
Cloud single sign on
As enterprises adopt more cloud based services, the number of usernames and passwords the user must maintain will grow. These credentials can be used to obtain online services, which make them even more important than the passwords used for internal systems, which are typically protected within an internal network.
Cloud services will not typically offer an elaborate password policy system, or allow password resets to occur in an automated manner. This can lead to increased costs and overheads and a decrease in security.
A cloud single sign on solution provides a centralised authentication system that is used to authenticate users. A centralised system allows an enterprise to enforce security policies that are suitable for service being accessed by the user. Once authenticated, a user will then be able to leverage the login to access cloud based services.
Federated single sign-on
As enterprises interact electronically with each other, the number of user accounts an organisation must maintain will grow. Not only will an enterprise need to maintain access accounts for its own employees, but also the employees of external organisations that need to obtain access to a service. Conversely, for an organisation wishing to access another’s services, their users will need to begin maintaining additional credentials.
A federated single sign on solution facilitates password-less authentication for business to business interactions. A federated single sign on solution may provide an enterprise with an authentication solution that can allow a user to authenticate internally and seamlessly access external services. Alternatively, a federated single sign on solution may allow an organization to allow their web applications to operate in a Single Sign On mode and not require a username/password authentication.
EB2BCOM’s solutions for cloud, enterprise and federated single sign on incorporate standards based technology that support a wide variety of authentication methods, including strong two factor authentication.
Two factor authentication
Two factor authentication solutions offer enterprises with an authentication system that requires multiple forms of authentication to satisfactorily identify a user. An example of a single factor authentication might be the use of a username and password, whilst a typical two factor authentication would be username/password + the supply of a one time password (e.g. from an RSA token).
Most two factor authentication systems have the following drawbacks:
- Susceptible to Man in the Middle attacks since server is not authenticated (e.g. User supplies One Time Password, however user does not authenticate the server)
- Require purchase and lifecycle management of hardware
- User must carry a physical device
- Soft tokens often require thick client download
- Fraught with user installation errors
- Hard to manage in large environments
- Impossible for B2C deployments
- Classic PKI solutions are very difficult and expensive to implement