While it’s widely accepted that the “perimeter is dead,” current realities are forcing many organizations to evolve their security approaches faster than planned.
Traditional firewall and VPN-based security models simply weren’t built to protect the highly distributed IT environments of today. As organizations adopt cloud and hybrid infrastructure, embrace an increasing number and variety of SaaS applications, and encourage employees to work remotely, it’s clear that identity really is the only true perimeter. Effective enterprise security today hinges on the ability to securely manage and authenticate identities and control privileged access for every human, application and machine – whether they’re within or outside of the network perimeter. In today’s environment all identities can become privileged under certain conditions, based on the systems, environments, applications or data they’re accessing, or the types of operations they’re performing.
The Problem with Passwords
With this as a backdrop, it’s not surprising that cyber criminals target privileged user credentials above all else – based on the tremendous access they can provide to an organization’s most critical data and infrastructure. According to the 2020 Verizon DBIR report, more than 80% of data breaches tied to hacking involve the use of lost or stolen credentials or brute force. With compromised privileged credentials, attackers can access internal resources, obtain confidential data and disrupt the business. Yet many organizations continue to rely on passwords to secure user credentials. This is a problem for numerous reasons.
There are over 300 million fraudulent sign-in attempts to Microsoft Services each day, and yet, 53% of users haven’t changed their passwords in the last 12 months. Even if they have, chances are good the new password is weak or used in multiple places. According to a Google study, 52% of people use the same password for multiple accounts.
Of course, many organizations have taken measures to secure identities, such as mandating unique passwords, requiring frequent password changes and enforcing password complexity policies. However, these controls can actually do more harm than good, by driving end-users to adopt risky password practices (like writing them down!) and putting unnecessary burden on IT teams charged with manually managing access.
Remembering, forgetting, entering and resetting passwords is a giant pain and productivity suck. Especially in the era of remote work where employees and third-party vendors rely heavily on applications to collaborate and access corporate resources. Today’s typical employee loses about 12.6 minutes per week entering and resetting their passwords. A PwC study found about 30% of all help desk calls are related to passwords, which pulls valuable IT resources away from more strategic initiatives. Some simple calculations put the productivity cost of using passwords at approximately $725 per employee per year.
Four Reasons to Add SSO to Your Security Toolkit Today
Single sign-on (SSO) solves this pervasive password problem and shrinks the attack surface by enabling organizations to:
1. Consistently enforce stronger password policies and reduce the risk of poor password practices by eliminating the need for individual passwords altogether. With SSO, organizations can utilize a single secure identity for all applications, endpoints and resources.
2. Enhance the end-user experience by enabling one-click access to assigned cloud and on-premises applications for both local and remote users. To help keep workers productive and moving at the speed of business, some SSO solutions only require additional security controls for high-risk, privileged access requests.
3. Break down silos and simplify the management of users and accounts with seamless directory integrations.
4. Gain comprehensive visibility into users’ access activity – helping to meet compliance requirements around access, ease reporting and improve overall security posture.
Not All SSO Solutions Are Created Equal
The immediate benefits of SSO are clear: by bolstering Identity Security controls, organizations can reduce risk, enhance user experiences and simplify access to corporate resources, all while easing the burden on IT.
However, there are many additional, long-term benefits organizations can realize by implementing SSO solutions that are frequently overlooked during initial discussions. For example, with properly configured self-service tools, companies can significantly reduce their IT costs by reducing the number of password-related help desk tickets and calls. In addition, SSO can eliminate the possibility of accounts that remain active when employees change roles or leave the company. The right SSO solutions can even extend security capabilities beyond passwords to include multi-factor authentication (MFA) and passwordless authentication methods.
Join us for a live webinar, “The Extended Benefits of Single Sign-On Solutions,” on Thursday, November 12, 2020 at 10:00 am EST to explore the benefits of modern SSO and key considerations to help you to select the best solution for your organization.
*** This is a Security Bloggers Network syndicated blog from CyberArk authored by Stas Neyman. Read the original post at: https://www.cyberark.com/blog/four-reasons-to-strengthen-identity-security-with-sso/