| Single sign-on (SSO) has long been known in the IT | | | | these two systems are tied together, employees |
| world as an effective way for organizations to | | | | won’t tailgate or forget to badge in because they |
| improve IT security while solving password | | | | won’t be able to do their log onto the network and |
| management and user access issues. More | | | | start their work day. This practice does not require any |
| specifically, SSO provides a means for organizations | | | | additional action on the part of the user but rather it |
| to verify a person’s identity before granting access | | | | enforces the behavior (badging in) that should be done |
| to networks and application data. Some SSO solutions | | | | every day anyway. |
| include monitoring capabilities that can provide records | | | | Centralized Management for Monitoring and Reporting |
| of individual employee access to applications, ensuring | | | | SSO solutions enable enterprises to centrally manage |
| there are no network security breaches, while enabling | | | | passwords, meaning organizations can monitor, |
| organizations to comply with regulatory and corporate | | | | capture and log password-related user access events |
| governance initiatives. In the physical security world, | | | | in one centralized database. This permits administrators |
| building access cards have similar benefits to SSO - | | | | to easily monitor access records for every user, |
| authenticating employees, enabling them to access | | | | application or workstation in one central location. Having |
| authorized areas, while ensuring security of the | | | | this record of application access offers an added level |
| physical facilities and employees. In both cases, a | | | | of protection as administrators can see, for instance, if |
| person’s identity is represented by something | | | | there are users that are sharing credentials to |
| verifiable (a password or an access card) that enables | | | | confidential applications. Without a centralized view, |
| them to access organizational assets (on a network | | | | unauthorized access is not so simple to detect. |
| or in a building). | | | | In the physical world, a user’s location is monitored |
| By bridging together physical access systems with | | | | and recorded based upon where and when he/she |
| single sign-on efficiencies, organizations can provide a | | | | swiped his/her badge. If there is an event at the |
| finer level of authentication, closing security gaps often | | | | physical location such as a fire where people are |
| overlooked when the two security arms of an | | | | trapped inside, you know where people are based |
| organization are kept in separate silos. Here are three | | | | upon their last badge in. By managing this in one place, |
| ways in which bridging these typically disparate | | | | the physical security team has finer data in order to |
| systems together can offer greater efficiencies: | | | | have more confidence when making security-related |
| Increased Usability without Compromise to Security | | | | decisions and can more accurately monitor the building |
| Passwords prevent unauthorized users from | | | | for any potential breaches, just as SSO enables the IT |
| accessing applications to keep networks secure. | | | | team to monitor the network for any security |
| However, as users are required to remember more | | | | infractions. |
| and more passwords, they often resort to writing | | | | The same efficiency can be realized with a |
| them down and leaving them in plain view where a | | | | converged security solution. By uniting an |
| nefarious person could find them and use them to gain | | | | employee’s identity across networks and building |
| unauthorized access. This results in every desktop | | | | access, an organization can create one converged |
| becoming another point of vulnerability in the corporate | | | | access policy for allowing or denying network access |
| security armor. | | | | based on a user's physical location, role, and/or |
| To combat this, strong password policies are typically | | | | employee status. By incorporating events from |
| put in place to mandate the use – and frequent | | | | physical security access systems into network access |
| changing – of passwords that, in the interest of | | | | decisions, organizations have broader monitoring and |
| preventing password theft, are intentionally complex | | | | reporting capabilities from which to better demonstrate |
| and difficult to remember. This too exacerbates the | | | | regulatory compliance and ensure corporate security |
| problem, resulting in password policy non-compliance, | | | | procedures are adhered to enterprise-wide. |
| increased security risk and spiraling help desk costs. | | | | Security Policy Automation SSO solutions enable IT |
| SSO solutions were developed to tackle these | | | | administrators to implement a clear, straightforward |
| challenges, offering a relatively simple, effective and | | | | password policy across all SSO-enabled applications |
| affordable way to ensure that only authorized users | | | | based on users’ primary authentication. With SSO, |
| can gain access to important business applications. In | | | | administrators can change automatically password |
| organizations that have implemented SSO solutions, | | | | constraints (minimum/ maximum length, reset intervals, |
| users are thrilled to eliminate the password | | | | auto resets, etc.), manage authentication challenges |
| management struggles, enabling them to work more | | | | and accommodate application-generated password |
| productively, while the IT department can be sure that | | | | reset requests. This automation of password policies |
| the security of the network is in tact. More simply, they | | | | significantly reduces the IT burden. |
| make accessing applications easy for the user without | | | | Access cards on the physical security side perform in |
| complicating security. | | | | a parallel way. Tying building access to the card |
| In the physical access world, buildings are akin to the | | | | automates the enforcement of the physical security |
| networks in the logical world. Access cards take the | | | | policy of everyone in the building signing in and out |
| place of passwords, enabling authorized users to enter | | | | when entering or leaving the building. Physical security |
| a building or a specific room or area within a building. | | | | administrators can also change access constraints and |
| However, users often skip the step of badging in by | | | | manage authentication challenges in order to maintain |
| following closely behind the person who badged in | | | | appropriate levels of building security. Just like with |
| before them (a practice known as tailgating). While | | | | SSO, the access cards automate building access |
| authorized users are often guilty of tailgating, this | | | | polices that, in turn, significantly reduce the physical |
| creates a security hole that needs to be patched | | | | security burden. |
| because if tailgating is not eliminated, the physical | | | | By converging these two typically disparate systems, |
| security team has no idea who is and who is not | | | | an enterprise’s entire security posture is covered |
| inside. | | | | from the building doorway to the user’s computer. |
| Just as SSO solutions eliminate the bad password | | | | As a result, the security team can apply policies that |
| management behaviors, tying building access to | | | | dictate what an individual can access under what |
| network access can eliminate tailgating and close that | | | | circumstances based on specific criteria, such as |
| security hole. The best way to get employees to | | | | location and employee status. Organizations can thus |
| badge in is to tie that action to things they need | | | | easily authenticate employees, enabling them to |
| (network access). Establish a procedure that links the | | | | access authorized areas within the building and on the |
| swiping of a card for building access to the ability to | | | | network, while ensuring security of the physical |
| get online once the user reaches his desk. When | | | | facilities, IT systems and employees. |