Single Sign-on(SSO) to Cloud based Services and Legacy Applications “Hitting the IAM wall”

Single Sign-On (SSO) projects are a special case of Identity and Access Management (IAM) projects. They are usually undertaken with the aim of increasing the user friendliness of Corporate IT systems’ user log-on processes. This should result in abolishing the use of multiple username and password combinations the user has to remember and change at different intervals. The SSO aim should be achieved without jeopardizing information security in any way. Increasing user convenience in such a manner will increase user satisfaction with the IT department along with general productivity levels. Cost control related to IT help desks resetting forgotten passwords should follow. SSO can also help organizations address information security compliance requirements, through the central logging (and audit facilities) of all access attempts and authorization decisions granted in relation to the organization’s restricted information resources. Sometimes compliance objectives are in fact the major business driver for SSO. In the consumer space customer loyalty and retention rates are often cited as an important commercial driver for SSO projects. With the advent of the de-perimeterized organization and increased scepticism around ‘Cloud Security’ is SSO still a viable worthwhile goal for organisations? This paper takes a closer look at special security issues arising when an organization attempts to create an Enterprise Single Sign-On (ESSO) solution that includes both legacy applications hosted within traditional organizational firewalls and a new breed of ‘Cloud Based’ solutions that are following the Software as Service (SaaS) model and therefore can be hosted with any number of Service Providers (SP) ‘in the cloud’.