This week we looked at Single Sign-On, and standards that can allow authentication even outside the organizational boundaries. We also familiarized ourselves with these technologies in our case study review. In this week’s discussion, let’s continue the conversation… are there any security concerns with using authentication services outside our organizational boundaries? When would the benefits outweigh the risks? How can we mitigate risks?
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
The main concerns with using authentication services outside of our organizational boundaries are that we may not have control over the service. If the service provider is compromised, then we are also compromised. If we are compromised, then depending on the level of access we have to their services, they can also be at risk (if we provision using their services, have access to the logs.etc.). There are also cost concerns and concerns of who else has access to our data.
The benefits outweigh the risks when the appropriate financial and business factors (loss of reputation, chance of breach, financial costs from such events, our ability to recover from such events and so on) show us that it’s better to use external authentication rather than internal authentication services.
The risks can be mitigated using SLAs, contracts.etc. that dictate how the service is going to work (measures taken to mitigate breaches, measures taken after a breach happens, availability and so on) and looking at who else has used the provider. Inquiring about these prior users service history with the authentication service provider can help us see if the risks are actually being mitigated or if we need to accept the risk (what the prior users got vs. what their agreements with the provider said they would get – this could help us find out if the provider actually provides what they say they will provide.)
JR, good analysis of the risks involved with SSO. I think another major risk of SSO that piggybacks off of compromised credentials is that once a single set of credentials is compromised, the hacker has access to a multitude of an organization’s applications.
As an employee and student of Temple I like to approach these questions as they relate to Temple. In the case of our single sign on applications we’re able to log into TUPortal from anywhere which gives us access to our TUMail, Blackboard, human resources (via the TUPortal) the library resources, Temple currency (diamond dollars, more important to undergrads) and many other things. Once I leave a Temple machine or the Temple network, Temple has no control over how secure my system is. There could be keyloging malicious software on my home system that rips my credentials. I could have the credentials saved on a word document on my desktop. I’m sure there are many other vulnerabilities, that’s the first that came to my mind.
Using an authentication system outside of a company’s organization poses several inherent threats. For one, your organization is no longer directly storing and monitoring logon credentials. While the company handling authentication most likely allows your organization input on the process and the handler is probably experienced in handling these credentials, some organizations might be averse to the lack of direct control and supervision over the data. Another threat is that every time a logon occurs, your company’s applications have to communicate with the authentication servers. This communication occurs through internet connection and could be intercepted. If your company’s intranet could operate independently offline, then adding this online component significantly increases risk.
Despite these risks, there are times when Single Sign On’s benefits warrant its implementation. For one, if the logon credentials don’t yield access to sensitive information, there is little to no risk. Additionally, if the convenience factor of Single Sign-On increases productivity significantly, the financial gains the company reaps could outweigh the risk of logon credentials being compromised.
The risks of Single Sign-On can be mitigated through requiring reasonably complex passwords, mandatory periodic password resets, a second means of authentication such as biometric or possession based authentication, and a detection and reporting system for compromised credentials. These precautions, especially when layered, can significantly reduce the frequency and severity of breaches by making an initial breach more difficult and by quickly detecting and rectifying any breaches that do occur.
Anthony,
“For one, if the logon credentials don’t yield access to sensitive information, there is little to no risk. Additionally, if the convenience factor of Single Sign-On increases productivity significantly, the financial gains the company reaps could outweigh the risk of logon credentials being compromised.”
I think this is key to the benefits of using single sign-on (SSO).
Let’s say I’m a big fantasy sports guy and I can use my Google account to log into multiple sites across the major sports/leagues. If I don’t want to remember all those login details, it’s very convenient to simply use a single sign-on option. However, I could mitigate my risk by registering a new Google/Gmail account to use for my fantasy sport accounts. In the event that I piss off some rival sports fan and he decides to pwn me, I’ve only left myself open to ditching a throwaway Google account, not my personal/professional account.
There are always security concern once your services leave the comforts of the network you trust. It all depends on the businesses appetite for risk. I don’t think when it comes to using SSO it’s seen as a cost savings. It could be cost savings that the workspace they are using is moving out on the cloud but they want to keep the control of the SSO as services move towards the clouds. If someone leaves the company then the business has the control to remove the access to all services at once. SSO was unsecured when it was internal and as services move or come online a requirement to mitigate risk would to be only allow encrypted communication to certain IP addresses that are allowed to communicate to each other. Temple is starting to use encrypted SSO for Learn aka blackboard which is now externally and internally for such things as Remedy ticketing system.
I think you’re right that for the most part, SSO isn’t seen as a cost-savings program. However, I think that if the situation is framed properly by IT personnel, senior management could see the cost-savings benefits of SSO. SSO results in less downtime (due to employees spending less time logging in to different applications) which can add up to significant cost savings across a large organization. The readings consistently harp on the importance of IT personnel understanding business and being able to communicate to business people and in situations like these that skill is critical. If an IT person can put SSO in terms of business operations and the financial impact it could have, business leaders are more likely to see SSO as a cost savings mechanism versus a risk/expense.
There is an audit report called an Statement on Standards for Attestation Engagements (SSAE) 16, where an independent party goes in and audits an organization that provides services to other organizations, and attests that that organization has adequate controls in place to protect the organizations they are providing services to. For example a company like an IBM that provides server hosting services to other companies would have an independent third party come in to perform an SSAE16 review, and then that audit report would be set out to all organizations that they provide services to. This audit standard came about because of the risk agreements to third parties pose to your data and environment. If you’re using an authentication method outside your organization you may want to review the other parties audit reports, or SSAE16, to verify that they are reliable and have the proper controls in place before choosing to use them as your authentication method.
With the increase of applications that cross multiple platforms, I feel that the benefits of SSO outweigh the risks. Competitive advantage is forcing business to deal with third party applications to remain relevant in their respective industries, and multiple authentication methods such as multiple id’s and passwords can hinder efficacy and prove to be dangerous in some cases as employees resort to storing their passwords in files or writing them on stickies on their monitors. SSO also makes the administration of these services easier which lifts considerable strain from the IT professionals who are tasked with ensuring data is readily accessible. Additional investment in infrastructure, such as additional web servers to facilitate key signatures to harden these authentication systems may be needed, but depending on the sensitivity of the data this may be a necessary evil for larger companies to remain competitive in today’s technologically infused marketplace.
Using other websites to provide a SSO solution of course presents problems because it ultimately is not controlled by the organization. By using Facebook for example to login to a website essentially puts the accounts and their security in the hands of Facebook. If these accounts were to be compromised it would not only compromise your own SSO but also the integrity of your site. Of course Facebook is a very reputable website to use as a SSO and the benefit definitely outweigh the risks since it allows users to use a password which they most likely use daily. In order to mitigate risks other outside websites can be used as a SSO solution that have stronger requirements such as longer characters or require special characters.
Using authentication services outside our organizational boundaries will come along with several concerns:
Easy to be hacked if hacker obtained one combination of password and username-bad practice to use the same password and username on all our various web services. It is also dangerous to let one password and username combination unlock all the resources an individual employee has access to.
If employee forgets the password, he/she will unable to log in any work resources which will lost productivity until he/she gets the password back.
When benefits outweigh the risk:
For user-end: it is easier to log in by using existing account which will make their experience more comfortable. Taking fewer steps to get what they desire.
For organizations: the centralized authentication service makes it easy for IT to control the security profiles of individual users
How to mitigate risks:
Organizations should require multi-factor authentication and certain password requirements. It will reduce the risk of unauthorized individuals from gaining access to the system.
Organizations that use single sign-on should still have an automated password reset program in place to reduce the risks of social engineering schemes used to get passwords from Help Desk staff.
I summarized what I found in this website: http://aspg.com/risks-single-sign-password-systems/#.V94ZA63Gmyk
I found it is easy and helpful for me to understand SSO, hopefully my summary and the article can help you guys too.
Using authentication from outside your organization posses the risk in that you do not have control over the users accessing your system as user credentials are by a third party system.In that case our organization is basing it’s authentication mainly on trust that the third party is a trusted source. However the issue is if their is systems are down then traffic to your portal is affected or if worse still if hacked your business is affected too. Another issue can be with the integration of two different APIs there could be a flaw in the system which could expose confidential information that could be broadcast on the third party site. Such as in the case were a critical flaw was discovered by Egor Homakov, security researcher for Sakurity, which allowed hackers to abuse an oversight in the Facebook code. The flaw stemed from a lack of appropriate Cross-Site Request Forgery (CSFR) protection for three different processes: Facebook Login, Facebook Logout, and Third-Party Account Connection. The vulnerability essentially allows an unwanted party to perform actions within an authenticated account. Facebook however has chosen to do little in this area as it would compromise their own compatibility with a vast number of sites.
To mitigate this risk it’s best an organization gives users the option to sign up to their website and safeguards can be put around protecting their credentials.However this means dedicating recourse to safeguard the information which can be quite expensive which would have been the reason they opted for SSO in the first place.
However the benefits outweigh the risks more in that the third party service is the one tasked with securing user information. Resources do not have to be dedicated to security and can be put to other uses in the business.
The risk of using the authentication services outside the organizational boundaries can always be regarded as the risk posed by employees by putting company data at risk.The home computer are not necessarily configured to run the proper security patch files and it poses a serious risk to breach of employee authentication data .
This risk increases more as most of the companies now use SSO so the employees prefer to check their company or client mails from outside the company and this credentials when hacked can be also used to access the important organization information’s
There are also a lot benefits of using the SSO. A SSO solution can greatly reduce the number of passwords a user has to remember, which might encourage the user to choose a much stronger password. Provides convenience to the users.
In order to mitigate the risks i think companies should provide the laptops with security measures configured in it and employee should be made educated to keep the security patches updated
In a SSO environment, users enter their credentials once and can access all resources in the network. Obviously, SSO has many benefits such as ability to login to all resources once authenticated, use single strong password. access resources much faster and efficiently, simplicity of passwords administration and management.
The benefits outweigh the risk when there is an opportunity for users to login to multiple websites such as LinkedIn and other accounts with one single Facebook’s credential offering a significant convenience for customers provided by OAUTH standard. Also, business partners can share centralized authentication systems using SPML standard.
However, SSO has its disadvantages that pose security risks. If a user obtains systems access through initial SSO login, a user is able to access ALL resources to which he is granted access. If user’s credentials are compromised, attackers would have access to all same resources to which user has access as well.
Therefore, it is important to create mitigation strategy that would reduce probability of SSO compromise. An effective examples of risk mitigations would be establishing a certain level of Business Partnership Agreement to include interconnectivity security communication responsibilities, service-level agreements, a memorandum of understanding. A technical risk mitigation may include creation of an SSO system that would provide Dual-Factor authentication such as DUO Security in which case a user’s mobile phone is used to further prove user’s identity,
As we have learned in class and probably more from working experience, SSO provides great advantages to any organizations that has a suite of applications and software that typically requires login credentials. SSO provides the organization the flexibility to centrally manage their user accounts and provide users access to the resources that they need. Within the organizations network, SSO is a viable solution.
Outside of the network, it may pose some risks to the organizations. Using third-party authentication services lowers the organization’s security level to that of the third party. If the external vendor have weak controls, the organization’s controls also becomes weak and vulnerable to the threats that may exploit the third party’s vulnerabilities. Hackers may use the vendor systems as a backdoor into the organization’s system.
For larger companies who may the resources to use internal controls for authentication mitigating risks is less challenging. But for the smaller it may become a challenge to build up the IT infrastructure to become “proficiently” secured. Some ways to mitigate the risk associated with third-party system access are to conduct assessments on the vendor’s Security Management Process to ensure that they meet SANS Critical Security Controls, ISO 27000 series, or compliance with the NIST 800-53. This depends on the organizations and how they classify their data, resources and information.
One great security concern with using authentication services outside organizational boundaries is the reliability of the partners. No matter our organization is a resource server or an authorization server, one thing we need to ensure on SSO cross organizations is that our partner is trustworthy and reliable. If the identity credentials of the server’s users are stolen due to attacks, attackers will be able to access all resources in the SSO network. It is like using the same username and password for different servers or sites. Therefore, it is important for organizations to cooperate with reliable partners that can provide good integration supports. For example, if we are a website game company, we may consider to use accounts of google or Facebook that are reliable organizations that are able to protects identity credentials. However, we have to realize the there is no 100% secure even for Google and Facebook.
Even though SSO is convenient to users, but I think the SSO’s risks outweigh its benefits overall. It makes company exposed to attacks. To mitigate the risk, I think the resource server should ensure the reliability of authorization server, and ensure the identity credentials are combinations with unique usernames and complex passwords. The passwords should be changed periodically to ensure its security. It should be able to automatically sign out if the user close the applications.
For a University, especially one like Temple, Single-Sign on services occur outside the boundaries of the organization daily. It is not uncommon for Universities not to have authentication leave the boundaries of their network because of all of the necessary online resources instructors and students need on a daily basis. For example, a student can go to TUPortal and click on Blackboard, TUmail, WebEx, Microsoft Download, etc., and you are directed to a site, not hosted on-campus, but you are already logged in. This is possible due to SSO authentication with technologies such as Shibboleth. “Shibboleth is among the world’s most widely deployed federated identity solutions, connecting users to applications both within and between organizations.” How it works is by a user authenticating with his or her organizational credentials, and the organization (or identity provider) passes the minimal identity information necessary to the service provider to enable an authorization decision. Although SSO services are convenient to users because they do not have to create and remember numerous accounts and passwords, they can also pose a security risk. You may have heard many times, DO NOT use the same username and password for all of your accounts. SSO essentially provides a lock with a combination to access everyone web service an employee has access to. If an employee is involved in a phishing attack, a hacker can now get access to all of the systems an employee has access to. No SSO would mitigate the risk, and the amount of information that could be compromised. Multi-factor authentication, and strong password policies can assist in mitigating risks for organizations that decide to use single-sign-on authentication.
A single sign-on lets an organization have a convenient solution to the issue of having multiple usernames and passwords by requiring employees to just remember one sign-on. In order to sign on, the username and password must be authenticated by a server. This server can be either inside the company or an outside authentication service. The latter option comes with certain security risks. Several different attack methods become available to your sign ons such as a man-in-the-middle style attack. You are also trusting that the authentication service’s security standards are up to a similar level as your organization.
There are reasons to take these risks as an organization. Smaller organizations may realize that bigger organizations have put more resources into protecting their data. This also frees up your IT employees to focus on other issues as the problem has now been outsourced and they don’t have to learn a new set of skills. The risks can be reduced by repeated auditing of the process of the other organization. Figuring out how much each company is responsible in the event of a breach is also important to mitigating risk.