Single Sign-On is all the rage these days. Organizations are looking to ease the hassles and expenses related to user passwords. Single sign-on (SSO) is a user authentication process that permits a user to enter one name and password in order to access multiple applications. This can help reduce the number of calls to a help desk for access issues, thereby reduce the operating cost for the organization. The latest market trend is to take this a step further and leverage external companies for SSO. By using products that offer SSO as software as a service (SaaS), an organization can greatly reduce the expense related to the management of these integrations. However, when an organization moves their SSO infrastructure into “the cloud” there are new risks to be considered.
Risky Synchronization Requirements
There are many companies, including Optimal IdM, who offer hosted, single sign-on solutions. Most of the solutions offered (e.g. Microsoft, Okta, Ping Identity) are massed produced, cookie cutter solutions. Optimal IdM’s, The OptimalCloud, on the other hand, is a fully customizable solution that is hosted on globally located, dedicated private servers. Most of these SSO vendors require organizations to synch their on premise identity information into the cloud hosted environment, where as, The OptimalCloud does not. For example, Microsoft has a component called Azure AD Connect, which their clients use to push Active Directory (AD) identities to Microsoft’s Azure cloud. Azure AD Connect can even push your local passwords up into the cloud. Okta in turn, has its own Cloud Data Integration tool. Once again your local identity information is being sent to some shared cloud environment somewhere. Similarly, PingOne has a directory synchronization service that replicates user identities from on-premise identity stores.
Data here. Data there. Data, data everywhere.
Your corporate, sensitive, identity data is residing on shared servers, which are completely out of your control. How are the servers secured? What firewalls are in place? Who has access to the servers and the data? What prevents one client from accessing the information of another client? There are so many questions that need to be answered. What about data leakage or security breaches? These are more and more common these days (T-Mobile, Ashley Madison, the IRS). By allowing someone else to store and secure the identity data, organizations are increasing the risk of unauthorized data exposure.
Your Cloud, Your Way
One of Optimal IdM’s main differentiators from the competition is that The OptimalCloud does not require data synchronization to provide SSO. Your data lives securely on-premise. Your data behind your firewalls and your security policies. The OptimalCloud is a federated cloud service that provides multi-factor and mobile authentication/authorization. If on-premise data is required, standard secure protocols (e.g. WS-Federation, WS-Trust, SAML, oAuth, OpenID Connect) are used. The data does not need to be stored in the cloud. It is retrieved as needed. Synching requirements are just one component of The OptimalCloud which can be completely customized to meet the unique needs of your organization. Your Cloud, Your Way.
Conclusion
As organizations rush to cloud (SaaS, IDaaS) to reduce costs, they must understand the dangers. Having data synchronization and replication as a requirement, the solutions offered by Microsoft, Okta, or Ping Identity may put an organization at risk. If keeping your data secure and under your control is important, The OptimalCloud solution should be considered.