To Tame Mobile and Cloud Security Risks, You Need to Become an IdP

IdP
Back to Blog
August 29, 2016
Tim Arvanites

With SecureAuth IdP, it’s Easier than You Think

Remember that old New Yorker cartoon, “On the Internet, nobody knows you’re a dog”? That cartoon is from 1993, and it’s as relevant as ever. In fact, it may be even more difficult than ever to know whether people (or companies) on the internet are who they say they are. For example, in 2012, an attacker hijacked the credentials of Wired writer Mat Honan and then erased data on his iPhone and iPad, deleted his Google account, and commandeered his Twitter account, posting a bunch of racist and homophobic diatribes. Apple didn’t know the hacker wasn’t really Honan, nor did Twitter.
 

This isn’t meant to rake those companies over the coals. The sad fact is that very few businesses take the steps necessary to make people prove they are who they say they are. The root problem is that user identities and identifying personal information (date of birth, hometown, mother’s maiden name) are scattered across the internet. Hackers use identity information that is poorly secured in one location to defeat security measures in others.

We’ve known for ages that user names and passwords are weak tools to protect sensitive data, yet we rely on these for everything from online banking to remote access into corporate applications. Therefore, not only are individuals seeing their personal accounts deleted or hijacked, businesses are being breached as well. In fact, according to the Identity Theft Resource Center, the number of U.S. data breaches tracked hit a record high of 783 in 2014 — and those are just the breaches that were reported.

To Reduce Your Risk, Become an IdP Today

To protect your business, you need to know whether people are who they say they are. Therefore, your organization must become an identity provider (IdP). Despite the word “provider,” an IdP is really just a tool — a tool that obtains identity credentials from your enterprise directory (Active Directory, LDAP, etc.), conducts an authentication session, and then passes the trusted identity to the service provider (SP). It’s not a directory call; it’s not a directory synch. Rather, it’s just some form of web ticket that both sides agree upon.

An IdP can protect your organization by providing single sign-on from your secure enterprise directory to the cloud, software-as-a-service (SaaS) applications, mobile apps, web resources, VPN and whatever else should be protected by strong authentication.

Benefits of Becoming an IdP

1.   Protect yourself against the risks you know about. By becoming an IdP, you can mitigate many online risks that assault your organization each day — phishing attacks, data loss, IP theft, cross-site scripting, buffer overflows, and more.

2.   Prepare for emerging risks, especially cloud and mobile ones. Many software providers are moving away from shrink-wrap software to SaaS and cloud models. Behemoths like Microsoft, Apple, Google, and VMware are all heavily invested in cloud computing and mobility. Becoming an IdP will help you embrace these technologies safely and quickly.

3.   Protect your existing identity investments. Becoming an IdP helps preserve your investment in your existing identity store. Just be sure to find an IdP tool that doesn’t simply sync identities but actually extends the roles and policies you’ve spent years crafting to your cloud-based applications, mobile devices, VPN and more.

4.   Keep your identities safe and in house. Although you can outsource identity management to an identity service provider, this approach involves serious risks. What happens if there is a breach? What happens if the service provider fails or, worse, is acquired by your main competitor? Plus, by not outsourcing identities, you avoid having to worry about insider threats from that identity service provider — which is critical because their insiders can likely do more damage than your insiders can, and you have no ability to train, monitor, manage, and, if necessary, fire those third-party insiders.Also be aware that regulatory compliance will be more complicated. Becoming an IdP yourself avoids these risks.

5.   Guard against expanding insider risks. In this age of outsourcing and partnering, organizations of all sizes must grant access to enterprise resources to contractors, partners, guests and temporary employees. Becoming an IdP will help mitigate the risks associated with that access. And let’s not forget that password sprawl remains a constant challenge, especially now that your resources span so many platforms.  Employees may try but in the end, they can be your weakest link in the security chain without intending to be.  An IdP consolidates access into a single sign-on solution and protects those passwords from being compromised with adaptive two-factor authentication.  Automated solutions make it easy to become an IdP. 
 
An IdP isn’t a product you buy, but rather an ability you acquire — the ability to know people are who they say they are. Although you can acquire this ability on your own, it is a long, cumbersome, error-prone process. Most organizations will find it more cost-effective to turn to market-tested solutions that streamline the process. These tools save you from the trouble of: 

•  Setting up and properly configuring secure web servers
•  Setting up secure connections to enterprise data stores (AD, LDAP, etc.)
•  Authenticating users to multiple third-party apps and services
•  Subdividing the IdP to support multiple service providers
•  Manually logging user authentication and ID assertions
•  Enabling an SSO solution for on-premise, cloud and third-party apps

 

SecureAuth IdP – the World’s First Two-factor IdP

SecureAuth IdP is the only tool that delivers instant IdP capabilities the with variable two-factor authentication built in. With SecureAuth IdP, your organization can quickly become a secure, auditable IdP, so you can better control, enforce and extend security standards to on-premise applications, cloud-based applications, and mobile devices. SecureAuth IdP also enables single sign-on without the need to synchronize to an enterprise directory or to send credentials to a third-party SSO provider, which dramatically increases IT security.

Start with the user directory you already have in place, and you’ll be connecting iPhone users to VPN applications and remote workers to SharePoint in short order. Find out for yourselfRequest a demo of IdP
 

Figure 1. SecureAuth IdP is the only single solution that can verify identities to a range of applications — on premise,  cloud, mobile, web and VPN — while offering built-in two-factor and adaptive authentication alongside single sign-on capabilities. 

Never Miss a Beat
Subscribe to Our Blog

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities

CIAM

Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy

B2E

Workforce Identities

Govern and control access rights for employees, partners, and contractors

Moving Beyond Passwords

Learn how passwords alone no longer provide the appropriate level of protection, nor confidence, required to secure valuable resources

Initiatives

Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution

Industries

Healthcare

Financial Services

Retail

Energy and Utilities

Public Sector

Resources

White Papers

eBooks

Recorded Webinars

Analyst Reports

Innovation Labs

Documentation

Support Portal

Events & Webinars

Events

Webinars

Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth

Leadership

Newsroom

Careers

Contact