1Password Leverages SSO Service to Better Protect Secrets
1Password announced today general availability of a single sign-on (SSO) capability that makes sure secrets are kept secure by leveraging keys that are stored on an end user’s device.
The Unlock with Single Sign-On capability requires two different keys to decrypt secrets, such as passwords, that are stored in the 1Password vault. The capability is currently compatible with Okta, Google Workspace and OneLogin with Azure AD and Duo to follow.
Steve Won, chief product officer for 1Password, said that approach makes it possible to ensure access to decrypted secrets is secure because with a single click, the SSO services provider has authenticated an end user before access is granted.
That capability ensures the right level of fine-grained permissions and controls are in place to enforce firewall and multifactor authentication (MFA) policies, geographic zone restrictions and other best practices, he noted.
The number of applications that organizations use skyrocketed with the consumerization of IT, Won said, so there’s a greater need to streamline access management without compromising cybersecurity. By leveraging SSO services providers, it becomes simpler to use identity to ensure only authorized end users can access secrets decrypted on the 1Password vault, he added. For all intents and purposes, identity is now the new IT perimeter, Won noted.
As part of an effort to make that case, 1Password published an economic impact study, conducted by Forrester Consulting on its behalf. The report projected that, on average, the 1Password platform reduced time spent on IT support tickets stemming from password issues by 4,310 hours per year, resulting in a 206% return on investment (ROI) that equates to $1.3 million over three years.
Specifically, the Forrester Consulting report attributed those savings to $414,000 in employee efficiency increases, $408,000 to IT team productivity increases, $286,000 saved in IT support costs and $158,000 saved due to employee productivity increases.
Regardless of how ROI is calculated by an organization, the percentage of cybersecurity incidents that are the result of credential compromise remains much higher than it should be. Cybercriminals today find it relatively simple to steal credentials that are often easily guessed or have already been made available on the dark web. As a result, there is a general movement to embrace zero-trust approaches to cybersecurity to better secure those credentials. The challenge is finding a way to implement those policies in a way that provides the least amount of disruption to workflows. Cybersecurity platforms in place today need to enable the business versus attempting to constrain access to a limited number of IT resources, said Won.
By combining SSO services and password vaults, organizations can achieve that goal in a way that leverages two sets of encryption keys that need to be present before access is granted, he added.
It’s not clear how quickly organizations are moving to embrace zero-trust approaches to cybersecurity, but as cyberattacks continue to increase in volume and sophistication, it’s now more a question of when rather than if.
