SecureAuth Named a Leader in KuppingerCole Leadership Compass Report for Customer Identity and Access Management

To Tame Mobile and Cloud Security Risks, You Need to Become an IdP

Tim Arvanites
August 29, 2016

Get the latest from the SecureAuth Blog

With SecureAuth IdP, it’s Easier than You Think

Remember that old New Yorker cartoon, “On the Internet, nobody knows you’re a dog”? That cartoon is from 1993, and it’s as relevant as ever. In fact, it may be even more difficult than ever to know whether people (or companies) on the internet are who they say they are. For example, in 2012, an attacker hijacked the credentials of Wired writer Mat Honan and then erased data on his iPhone and iPad, deleted his Google account, and commandeered his Twitter account, posting a bunch of racist and homophobic diatribes. Apple didn’t know the hacker wasn’t really Honan, nor did Twitter.

This isn’t meant to rake those companies over the coals. The sad fact is that very few businesses take the steps necessary to make people prove they are who they say they are. The root problem is that user identities and identifying personal information (date of birth, hometown, mother’s maiden name) are scattered across the internet. Hackers use identity information that is poorly secured in one location to defeat security measures in others.

We’ve known for ages that user names and passwords are weak tools to protect sensitive data, yet we rely on these for everything from online banking to remote access into corporate applications. Therefore, not only are individuals seeing their personal accounts deleted or hijacked, businesses are being breached as well. In fact, according to the Identity Theft Resource Center, the number of U.S. data breaches tracked hit a record high of 783 in 2014 — and those are just the breaches that were reported.

To Reduce Your Risk, Become an IdP Today

To protect your business, you need to know whether people are who they say they are. Therefore, your organization must become an identity provider (IdP). Despite the word “provider,” an IdP is really just a tool — a tool that obtains identity credentials from your enterprise directory (Active Directory, LDAP, etc.), conducts an authentication session, and then passes the trusted identity to the service provider (SP). It’s not a directory call; it’s not a directory synch. Rather, it’s just some form of web ticket that both sides agree upon.

An IdP can protect your organization by providing single sign-on from your secure enterprise directory to the cloud, software-as-a-service (SaaS) applications, mobile apps, web resources, VPN and whatever else should be protected by strong authentication.

Benefits of Becoming an IdP

1.   Protect yourself against the risks you know about. By becoming an IdP, you can mitigate many online risks that assault your organization each day — phishing attacks, data loss, IP theft, cross-site scripting, buffer overflows, and more.

2.   Prepare for emerging risks, especially cloud and mobile ones. Many software providers are moving away from shrink-wrap software to SaaS and cloud models. Behemoths like Microsoft, Apple, Google, and VMware are all heavily invested in cloud computing and mobility. Becoming an IdP will help you embrace these technologies safely and quickly.

3.   Protect your existing identity investments. Becoming an IdP helps preserve your investment in your existing identity store. Just be sure to find an IdP tool that doesn’t simply sync identities but actually extends the roles and policies you’ve spent years crafting to your cloud-based applications, mobile devices, VPN and more.

4.   Keep your identities safe and in house. Although you can outsource identity management to an identity service provider, this approach involves serious risks. What happens if there is a breach? What happens if the service provider fails or, worse, is acquired by your main competitor? Plus, by not outsourcing identities, you avoid having to worry about insider threats from that identity service provider — which is critical because their insiders can likely do more damage than your insiders can, and you have no ability to train, monitor, manage, and, if necessary, fire those third-party insiders.Also be aware that regulatory compliance will be more complicated. Becoming an IdP yourself avoids these risks.

5.   Guard against expanding insider risks. In this age of outsourcing and partnering, organizations of all sizes must grant access to enterprise resources to contractors, partners, guests and temporary employees. Becoming an IdP will help mitigate the risks associated with that access. And let’s not forget that password sprawl remains a constant challenge, especially now that your resources span so many platforms.  Employees may try but in the end, they can be your weakest link in the security chain without intending to be.  An IdP consolidates access into a single sign-on solution and protects those passwords from being compromised with adaptive two-factor authentication.  Automated solutions make it easy to become an IdP. 
An IdP isn’t a product you buy, but rather an ability you acquire — the ability to know people are who they say they are. Although you can acquire this ability on your own, it is a long, cumbersome, error-prone process. Most organizations will find it more cost-effective to turn to market-tested solutions that streamline the process. These tools save you from the trouble of: 

•  Setting up and properly configuring secure web servers
•  Setting up secure connections to enterprise data stores (AD, LDAP, etc.)
•  Authenticating users to multiple third-party apps and services
•  Subdividing the IdP to support multiple service providers
•  Manually logging user authentication and ID assertions
•  Enabling an SSO solution for on-premise, cloud and third-party apps


SecureAuth IdP – the World’s First Two-factor IdP

SecureAuth IdP is the only tool that delivers instant IdP capabilities the with variable two-factor authentication built in. With SecureAuth IdP, your organization can quickly become a secure, auditable IdP, so you can better control, enforce and extend security standards to on-premise applications, cloud-based applications, and mobile devices. SecureAuth IdP also enables single sign-on without the need to synchronize to an enterprise directory or to send credentials to a third-party SSO provider, which dramatically increases IT security.

Start with the user directory you already have in place, and you’ll be connecting iPhone users to VPN applications and remote workers to SharePoint in short order. Find out for yourselfRequest a demo of IdP

Figure 1. SecureAuth IdP is the only single solution that can verify identities to a range of applications — on premise,  cloud, mobile, web and VPN — while offering built-in two-factor and adaptive authentication alongside single sign-on capabilities. 

Related Stories

Pin It on Pinterest

Share This