The growing need for SSO
Part of Solutions Review’s Premium Content Series – a collection of columns written by industry experts in maturing software categories –Nelson Cicchito, President and CEO of Avatier company, shares some expert insights on single sign-on (SSO) solutions you need to know about in 2022.
Experts have been proclaiming the death of the password for some time. New authentication technologies such as biometrics, security keys, and token encryption have been touted as making passwords obsolete. Yet we still use passwords to access everything from personal finances to social media accounts.
IT managers have struggled with password security to protect corporate digital assets. To maintain enterprise security, CSOs should implement password security protocols such as two-factor authentication, password encryption, changing user passwords regularly, etc. . The more layers of password security, the greater the administrative overhead. That’s why single sign-on (SSO) will be with us for some time to come.
Passwords are widespread and persistent
The use of passwords continues to grow at a rapid rate. For example, there are now more than 4.66 billion internet users, more than 59.5% of the world’s population. This means over 300 billion passwords need to be protected, up from 80 billion in 2017. The average user needs to track over 100 passwords.
The use of passwords is particularly prevalent in the workplace. Research from the Ponemon Institute shows that more than 50% of employees rely on their memory to save passwords. Sixty-five percent of these employees use the same password for multiple agent applications. Of those who use different passwords, 26% say they save passwords on a spreadsheet and 26% write down passwords in a notebook or using sticky notes.
Since employees aren’t good at managing password security, it’s up to IT to handle authentication and password security, and it’s getting more and more expensive. Gartner estimates that between 25% and 50% of help desk calls are password-related and take 2-30 minutes to resolve. With the average cost of a help desk call at $70, password reset fees can add up quickly. A Widmeyer survey estimates that employee-related password issues cost businesses an average of $200,000 per year.
Despite the risk and expense, businesses continue to use passwords for authentication because they are easy to implement and cost effective. That’s why corporate security managers need a simpler strategy for managing password security. Users will continue to use one password for everything or use their birthday or mother’s maiden name for authentication, leaving businesses wide open to hackers. Since you can’t change user behavior, you need to enforce better password security, but it also needs to be easy for employees to use or they’ll find a workaround. This is why SSO is attractive. It creates that extra layer of security while making it easier to access password-protected digital assets.
Why companies need SSO
Passwords remain the weakest link in corporate data security, especially as attacks targeting remote workers have exploded with the pandemic. Ninety-four percent of businesses reported a cyberattack in 2020. There was a 128% increase in malware in Q3 2020 and a 29% increase in botnet traffic. Experts estimate that 90% of data breaches are the result of human error. This problem is exacerbated by employees working from home. Only 34% of remote workers follow security guidelines, while 27% ignore or circumvent cybersecurity policies, and 36% delay updating their devices. Security managers estimate that only 56% of their employees take adequate steps to protect corporate digital assets.
Single sign-on gives users a single set of login credentials to access SaaS apps and websites, and access is protected using data encryption. There is no need to use multiple passwords or create new passwords. SSO simplifies user access to the data they need and simplifies identity management for IT.
The benefits of single sign-on
Deploying the right SSO solution not only provides remote workers with secure access to the enterprise, but also provides administrative benefits. For example, SSO makes it easier to manage user access to data resources. User passwords are automatically synchronized when directory passwords are changed. This means IT can take advantage of native directories to keep passwords up to date. Each time a user changes a password, that change is reflected in the company directory.
And, of course, there are the user benefits. Users can be logged in automatically. They don’t have to remember multiple passwords whether they’re logging in from a desktop, laptop, or mobile device. It also means fewer help desk calls when they forget their credentials. As it is estimated that one third of workers enter 4,000 passwords per year, which represents approximately 24 hours of work, it is also an excellent tool for productivity.
Passwords are here to stay, which means security managers need to adopt new strategies to secure employee passwords. The best approach with more employees working remotely is to consolidate password management with SSO. It provides better security and gives IT more control over remote data access while improving productivity and making life easier for employees.