Federated Identity Management vs. SSO

Last time I wrote about how much it costs to protect yourself, so I want to follow up  with another topic that hits close to home: your wallet. Federated identity management (FIM) and single sign-on (SSO) are not synonymous — FIM gives you SSO, but SSO does not give you FIM. That minor detail is very important to understand, as you make the leap to the cloud and adopt more SaaS applications. While you will have some initial startup cost with FIM by building out an identity service provider (IDP), it is cheaper in the long run than using simple SSO with FIM….

Pass(word)ing the buck!

The start of the New Year is always an interesting time in the security community. Out come the statistics and stories about the worst passwords and the most common ones chosen by online users during the previous year. A recent story in the UK national press suggests that half of all online users worldwide use just 25 passwords between them — and of course, none of the passwords are very secure and hackers could easily crack them. In what seems like Groundhog Day the most common password is once again 123456, followed by 123456789 (so we can assume some popular…

Commission on Enhancing National Cybersecurity: Implement MFA

At the end of 2016, the Commission on Enhancing National Cybersecurity, a nonpartisan committee charged with developing actionable recommendations for securing and growing the digital economy, presented its report to then President Obama. While Obama has left office, the report still provides a valuable path towards ensuring cybersecurity, mapped out in a series of key action items. The most relevant for readers of this blog are found in Recommendation 1.3, summarized below. Recommendation 1.3: The next Administration should launch a national public–private initiative to achieve major security and privacy improvements by increasing the use of strong authentication to improve identity…

Does Multi-Factor Authentication Have to Be Difficult?

Before we go into how Multi-factor authentication (MFA) has changed, let’s have a quick look at what MFA is. With MFA, users must provide two or more “factors” of authentication when they access applications, networks and resources. MFA implementations use a combination of the following factors: Something you know: such as a username, password, PIN or the answer to a security question. Something you have: such as a smartphone, one-time pass token or smart card. Something you are: biometrics like your fingerprint, retina scans or voice recognition.   Now that we understand what MFA is, I’d like to point out that in today’s IT…

Modernizing Legacy Apps to Boost Security: Part II

As we discussed in part I of this article, many companies are still in the process of modernizing their legacy apps. There are a number of reasons to do this, but securing your environment is typically the main goal. We’ve already identified that a (software) token-based system as essential. Let’s continue with a couple more best practices. Provide for User Provisioning An application needs user data — not for authentication, but because it needs to know the role and responsibilities of the person logging in so that privileges inside the app can be managed and regulated. Therefore, a database of…

SSO for Cloud-Based Apps a Key to Collaboration Success for Shiseido

At the end of last year, PC Magazine published an article about the five collaboration trends to expect in 2016. The article stated that, “Distributed teams have more ways than ever to communicate and collaborate in real time, and 2016 is set to bring another wave of innovation around cloud-based connectivity, cross-platform integration, and next-generation multimedia conferencing.” They were pretty accurate. Collaboration between employees and contractors — working from anywhere but the office – is more common every day. And, as the article predicted, “cloud-connected everything” (the #2 trend) and “seamless interoperability” (#4) are the name of the game. But building a truly collaborative…

Modernizing Legacy Apps to Boost Security: Part I

The subject of modernizing apps has been around for years, but while talking to a partner organization recently, I was reminded that there are a number of companies with legacy apps that are just now getting around to dealing with them. What Apps Need Modernization? The commercial apps you’re implementing into your environment today should not need to be modernized. If, however, you’ve developed your own apps or you continue to use legacy commercial apps developed several years back, you may have some work to do. Why Modernize an App? Companies most often modernize apps as a method of improving…

Why is Single Sign-on for Mobile Applications Important?

The Growing Threat of Mobile Malware The world’s projected population by 2020 is 7.8 billion people. By 2020, the expectation is that the population will have 11.6 billion mobile-connected devices, more than 1 device per person. As a result, mobile malware is becoming an increasing threat as cybercriminals seize the opportunity to access personal information for monetary gain and damage to both personal and business reputation. The proliferation of mobile devices has meant that mobile security risks are growing by the day, and businesses are recognising the increased threats they present to sensitive information as more and more companies allow…

SAP Security and Cyberattacks Do Not Mix

Let’s face it — if you’re using SAP to run your business, you simply can’t afford to allow a cyberattack to affect your critical business application. Until now, security for SAP has not been at the forefront of addressing a prevalent cause of data breaches — compromised credentials. Within a typical SAP landscape, organizations may have ordinary users, power users/basis admins and mobile users, all of whom access the network from different user interfaces. And, of course, you need infrastructure to power the SAP applications, as the infrastructure is vital to a high-performance environment. All too often, these two worlds rarely intersect…

Sights and Sounds from Centrify Connect 2016 Day One

Hundreds of Centrify customers descended this week on NYC at the Park Central Hotel to meet up with peers across dozens of industries and geographies. Customers of Centrify hail from some of the largest banks and financial institutions to the most sensitive areas of the government, from the most premium brands of retail to some of the largest healthcare and pharmaceutical companies. All of these customers have gathered with a common goal of improving identity security across their respective organizations. Day one started with a bang with a special performance from actors who performed a Centrify-themed Hamilton act. After that was…