Enterprise single sign-on: It's simple economics

Share this article:
Jackson Shaw, Quest
Jackson Shaw, Quest

The common challenge for all of us is keeping track of all our passwords and system identities, says Jackson Shaw, Quest Software.


I think all of us would agree that we use more “identities” (that is, user ID / password, or smartcard / PIN used to log into an application or system) in our jobs than ever before. As enterprises have become more complex, distributed and diverse, there has been a corresponding rise in the identities associated with any one individual. Gone are the days when we could get by with one identity for an all-encompassing client-server app, and another one for your local PC.

The common challenge for all of us is keeping track of all our passwords and system identities. Password security requirements have gotten more stringent, with minimum requirements on length, alpha, numeric and mixed case, change intervals. IT managers are struggling to manage this cost-effectively. How can we reduce the help desk costs associated with forgotten passwords? How can we get staff to avoid writing down their passwords on post-it notes? How can we secure, control and audit the passwords associated with privileged accounts?

These challenges led to the development of a variety of single sign-on solutions that essentially enable a user to enter a user ID and password once, and log on to multiple applications or systems. The industry has settled on Active Directory as the foundation – as the primary directory for over 75 percent of enterprises (according to Microsoft), it is logical to base single sign-on efforts around the user ID and password users use to log on to their Windows desktop each day.

Single sign-on (in all its forms) has become a mature technology that now holistically addresses virtually all aspects of the challenge – going way beyond the traditional password synchronization approach. Building on Active Directory there is a spectrum of single sign-on solutions now available:
  • For Windows clients, servers and applications, single sign-on is a feature built into Windows. Many users do not realize that access and authentication to nearly every Microsoft application or system occurs transparently without having to re-enter credentials. In a Windows-only environment, you logon in the morning when you arrive at work and that's the last time you have to enter your credentials.
  • For some non-Windows platforms and applications (such as SAP, Linux or Java applications), Active Directory can be extended to these systems, which is the best way to provide single sign-on seamlessly to end users.
  • Lastly, for the rest of the applications that do not directly support Active Directory (such as some third-party applications and websites), a logon automation solution is needed. This solution should, once configured, automatically recognize the system being accessed and transparently look up and supply the credentials that system requires.

Now that blended single sign-on solutions, tailored to the needs of each organization, exist and are proven, the issue is now one of simple economics. When the operational, security and efficiency costs of having so many user IDs and passwords are measured, most enterprises will realize that the savings they can realize by eliminating these costs far outweighs the cost of investing in a single sign-on solution.



Jackson Shaw is the senior director of product management for Active Directory and Integration products at Quest Software. Mr. Shaw has more than 15 years of industry experience and was a key member of the identity and access management team for Windows Server at Microsoft Corp. Check out his Identity Management blog at: http://jacksonshaw.blogspot.com/

Share this article:
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Unfair competition: Proactive preemption can save you from litigation

Unfair competition: Proactive preemption can save you ...

With each job change, the risk that the new hire will bring confidential information or trade secrets with him or her to the new company grows.

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, ...

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.