Does SSO make my company more secure?
A 2014 survey commissioned by Intermedia found that the average large organization gives employees access to 15 applications. Add to that the thousands of web apps such as QuickBooks, Twitter, and Salesforce that employees can sign up for (with or without informing IT). This proliferation of apps and their passwords makes it very difficult for IT to protect the network and all of the company data it contains. By enabling employees to use just one sign on, SSO solves the IT problem of managing far too many passwords.
But the very thing that makes SSO so convenient for users and IT departments alike is what can also make it dangerous. By enabling employees to access all the apps they have been given permission to use with just one login, SSOs can potentially give that same broad access to hackers. To realize the full security benefits of SSO, IT departments must first institute some form of identity governance. Many companies do this by centralizing identity authentication on special servers that act as SSO gatekeepers. When an employee signs in, their authentication passes through the SSO server, which then passes on the credential it has stored for authenticating that person to use that app.
To make SSO even more secure, many companies implement two-factor (2FA) or multifactor (MFA) authentication. Both of these approaches improve security by asking users to provide one or more additional authentication factors in addition to their SSO login. This additional factor could come from software on the user’s smartphone, a fingerprint or voiceprint or a security code transmitted to the user via email or SMS. With these protections in place, hackers who get hold of an SSO login would still have to provide the additional factor(s) to gain access to sensitive corporate, customer or partner data.