Single Sign-On Increasingly Connected In The Cloud
Behind the scenes, identity and access solution providers continue a broad effort to integrate to cloud services -- the biggest hurdle to SSO adoption
The difficulty in integrating single sign-on (SSO) with service providers almost spelled the end to the ambitions of e-learning firm Edulabs Global Learning Solutions.
A provider of all-in-one tablets for education, the Bangkok, Thailand-based company packages a growing suite of educational cloud services for students in developing countries in Asia, starting with Thailand, where the government is rolling out a commitment of one tablet per child. The company aims to provide students with a sub-$60 per-year tablet that includes more than three dozen educational services.
More Security Insights
- 10 Steps to Cleaning up Active Directory
- The Active Directory Management and Security You've Always Dreamed of
- Innovations in Integration: Achieving Holistic Rapid Detection and Response
- COBOL in the Big Data Era: A Guide
Yet, in December, problems in integrating its SSO system with one virtual-school provider nearly put a heavily scrutinized pilot on hold. Getting the two systems working together required a great deal of integration work by Edulabs' cloud-identity provider, Symplified, says Craig Hovendove, chief visionary officer for Edulabs.
"That was a critical piece," Hovendove says. "It wasn't really anyone's problem, but I can't tell you the stress it put everyone under."
While the decade-old Security Assertion Markup Language (SAML) used for online authentication has become a mature standard, connecting applications to online Web or cloud services continues to remain a headache, say vendors and customers. Cloud identity and access solution (IdAS) providers -- such as Okta, Ping Identity, and Symplified -- have created hundreds of connectors, also known as adapters, to bridge the gap, but new services require new code, and that has slowed adoption.
However, the market for better SSO services is expanding because the vendors have laid much of the technological tracks in the form of integrations between cloud services and SSO technology. Last week, for example, cloud security service Zscaler announced it had partnered with Okta, OneLogin, Ping Identity, and RSA to integrate their identity and access solutions into its product.
"Vendors who want to integrate with each other are taking the initiative and forming partnerships that ultimately take the hard work out of establishing single sign-on interactions," Patrick Foxhoven, chief technology officer of emerging technologies for Zscaler, said in an e-mail interview. "Enterprises no longer have to (blindly) implement, and then test and validate, integrations between two different third parties."
[Anyone with access to your cloud providers' servers has access to your data. Don't think burglars or Ethan Hunt of 'Mission Impossible': Think insiders and search warrants. See The Physical Security Factor With Cloud Providers.]
The trend will continue, according to business-intelligence firm Gartner. By 2016, one in four purchases of identity and access management software will be an IdAS rather than on-premise technology, up from about 5 percent today.
Of course, many times it's the small and midsize businesses that are investigating cloud solutions. Smaller companies with a growing investment in software-as-a-service (SaaS) and that are having a hard time finding people to manage an identity and access solution internally will typically choose an IdAS. Companies that have an IAM solution on their premises already will have a lot more legacy equipment and will likely look to extend their current in-house solution, says Gregg Kreizman, research vice president for Gartner.
"It is not a one-size-fits-all thing," says Kreizman.
Other complexities exist, as well. Companies have to worry about making sure that the use of a single authentication portal does not hide an employee's activities from the auditor, says Darren Platt, chief technology officer of Symplified. And companies need to be aware that an attacker that has access to an employee's password has access to every service, and plan for better authentication measures.
"When you do single sign-on, you have aggregated your risk behind that one password," Platt says. "You need to make sure that you make it a harder and stronger form of authentication."
With more companies opting for cloud services rather than on-premise technology, and employees bringing in their own mobile devices and their own preferences for applications, the case for SSO services will only get stronger. Solving the password problem will become even harder, says Patrick Harding, chief technology officer of Ping Identity.
"The biggest problems looking forward relate to how to allow SSO to scale to a point where billions of users, devices, and applications can seamlessly work together so that passwords go the way of cassette tapes, typewriters, and calculator watches," he says.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.