Date post: | 15-Aug-2015 |
Category: |
Documents |
Upload: | steve-markey |
View: | 10 times |
Download: | 0 times |
Single Sign-On (SSO): The Good, The Bad & The Ugly
Steven C. Markey, MSIS, PMP, CISSP, CIPP/US , CISM, CISA, STS-EV, CCSK, Cloud +
Principal, nControl, LLCAdjunct Professor
• SSO Standards & Categories:– Network: LDAP, Kerberos, RADIUS, RDBMS
–e.g., OpenLDAP, AD, Tivoli Access Manager– Federated: SAML, OpenID, OAuth, WS-Federated, XACML
–e.g., Keycloak, PingFederate, ADFS, RSA Federated
SSO: Good, Bad & Ugly
• SSO Ownership:– Business App Owners– Ecosystem: Partners / Vendors / Regulators– Centralized CIO / CISO– Decentralized CIO / CISO
SSO: Good, Bad & Ugly
• SSO Implementation Pros & Cons:– Pros:
–Consolidated & Centralized –Uniform Standards & Reqs–Cost Savings: Support, etc.– Improved User Experience
– Cons:–Large Effort– Inflexible Requirements–Vendor Reliance–Single Point of Failure–Coding & Rework
SSO: Good, Bad & Ugly
Source: TechTarget
• SSO Requirements = Ugly:– Users:
– Internal / External– Internal: Function, Role–External: Customers / Partners
–On-site / Remote = Jurisdiction– Applications:
–Thin / Thick– Internal / External–API / ERP / Office Automation / Cloud / Mobile / OLTP–Old / New–Prod / QA / UAT
SSO: Good, Bad & Ugly
• SSO Requirements = Ugly:– Synchronization:
–Password–User IDs–Roles–Profile–Security Questions
SSO: Good, Bad & Ugly
• Where Do We Go From Here:– Drive for Cost Savings– Common Standards = Options– Apps Web APIs
• Legacy Apps Will Still Be Around
– Cloud & Mobile SSO Requirements• Blurring Work / Personal Differential
– Users Want Options• Customers & Suppliers• Self-service
SSO: Good, Bad & Ugly
• Examples:– Financial Services
• ICE / NYSE: Multiple M&As, Large Portfolio of Apps
– Higher Education• Traditional / Online: Vendor Reliance
– Healthcare• HITECH / PPACA “Obamacare”: Digitizing Medical Records
SSO: Good, Bad & Ugly
• Questions?• Contact
– Email: [email protected]– Twitter: @markes1– LI: http://www.linkedin.com/in/smarkey