Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Single Sign-On Increasingly Connected In The Cloud

Behind the scenes, identity and access solution providers continue a broad effort to integrate to cloud services -- the biggest hurdle to SSO adoption

The difficulty in integrating single sign-on (SSO) with service providers almost spelled the end to the ambitions of e-learning firm Edulabs Global Learning Solutions.

A provider of all-in-one tablets for education, the Bangkok, Thailand-based company packages a growing suite of educational cloud services for students in developing countries in Asia, starting with Thailand, where the government is rolling out a commitment of one tablet per child. The company aims to provide students with a sub-$60 per-year tablet that includes more than three dozen educational services.

Yet, in December, problems in integrating its SSO system with one virtual-school provider nearly put a heavily scrutinized pilot on hold. Getting the two systems working together required a great deal of integration work by Edulabs' cloud-identity provider, Symplified, says Craig Hovendove, chief visionary officer for Edulabs.

"That was a critical piece," Hovendove says. "It wasn't really anyone's problem, but I can't tell you the stress it put everyone under."

While the decade-old Security Assertion Markup Language (SAML) used for online authentication has become a mature standard, connecting applications to online Web or cloud services continues to remain a headache, say vendors and customers. Cloud identity and access solution (IdAS) providers -- such as Okta, Ping Identity, and Symplified -- have created hundreds of connectors, also known as adapters, to bridge the gap, but new services require new code, and that has slowed adoption.

However, the market for better SSO services is expanding because the vendors have laid much of the technological tracks in the form of integrations between cloud services and SSO technology. Last week, for example, cloud security service Zscaler announced it had partnered with Okta, OneLogin, Ping Identity, and RSA to integrate their identity and access solutions into its product.

"Vendors who want to integrate with each other are taking the initiative and forming partnerships that ultimately take the hard work out of establishing single sign-on interactions," Patrick Foxhoven, chief technology officer of emerging technologies for Zscaler, said in an e-mail interview. "Enterprises no longer have to (blindly) implement, and then test and validate, integrations between two different third parties."

[Anyone with access to your cloud providers' servers has access to your data. Don't think burglars or Ethan Hunt of 'Mission Impossible': Think insiders and search warrants. See The Physical Security Factor With Cloud Providers.]

The trend will continue, according to business-intelligence firm Gartner. By 2016, one in four purchases of identity and access management software will be an IdAS rather than on-premise technology, up from about 5 percent today.

Of course, many times it's the small and midsize businesses that are investigating cloud solutions. Smaller companies with a growing investment in software-as-a-service (SaaS) and that are having a hard time finding people to manage an identity and access solution internally will typically choose an IdAS. Companies that have an IAM solution on their premises already will have a lot more legacy equipment and will likely look to extend their current in-house solution, says Gregg Kreizman, research vice president for Gartner.

"It is not a one-size-fits-all thing," says Kreizman.

Other complexities exist, as well. Companies have to worry about making sure that the use of a single authentication portal does not hide an employee's activities from the auditor, says Darren Platt, chief technology officer of Symplified. And companies need to be aware that an attacker that has access to an employee's password has access to every service, and plan for better authentication measures.

"When you do single sign-on, you have aggregated your risk behind that one password," Platt says. "You need to make sure that you make it a harder and stronger form of authentication."

With more companies opting for cloud services rather than on-premise technology, and employees bringing in their own mobile devices and their own preferences for applications, the case for SSO services will only get stronger. Solving the password problem will become even harder, says Patrick Harding, chief technology officer of Ping Identity.

"The biggest problems looking forward relate to how to allow SSO to scale to a point where billions of users, devices, and applications can seamlessly work together so that passwords go the way of cassette tapes, typewriters, and calculator watches," he says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-11
By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5
PUBLISHED: 2020-08-11
Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure.
PUBLISHED: 2020-08-11
An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and 'encMigrationAuth'...
PUBLISHED: 2020-08-11
HUAWEI Mate 20 versions Versions earlier than;HUAWEI Mate 20 Pro versions Versions earlier than,Versions earlier than,Versions earlier than;HUAWEI Mate 20 X versions Versions earlier than
PUBLISHED: 2020-08-11
In PACTware before 4.1 SP6 and 5.x before, passwords are stored in a recoverable format, and may be retrieved by any user with access to the PACTware workstation.