Why SSO is critical in SaaS applications

Gartner’s recently published report says that 77% of the organizations surveyed intended to increase their spend on cloud computing and SaaS applications in the coming two years. The huge popularity of cloud computing is growing exponentially with its only pull-back factor being the security concerns. In another related survey titled “IT Security Trends 2013”, the respondents revealed that they had less influence over cloud deployments, thereby increasing their resistance to easy adoption. What was interesting to note though is that 20% of the respondents indicated that they could stall cloud computing projects if there were security risks involved.

However, the situation is not as gloomy as it seems. One of the areas where organizations can clearly take charge of de-risking certain cloud computing security aspects is by adopting Single Sign On (SSO) strategies. As organizations become more SaaS savvy, the number of user id and password credentials that employees need to manage increase. This increases the risk of users using weak credentials across unsecure devices. Another study revealed that 43% of IT managers confess that employees are using spreadsheets or worse, Post-It Notes for managing their passwords. In addition to enterprise security, employee productivity can increase by a significant extent on SSO adoption.

This problem is not unique to cloud computing alone though it does tend to get amplified when moving to a cloud environment. Most organizations that have their internal enterprise-wide SSO policies in place find it easier to extend the solution to the cloud. For organizations that are starting afresh, the key is to first begin from inside and have centralized identity management software in place.

One of the solutions for this issue is to use an on-demand single sign on SaaS service. This service is hosted on the cloud itself and allows enterprises to manage a centralized access control mechanism for their applications, irrespective of whether they are deployed internally or on the cloud. Most of the services use Security Assertion Markup Language (SAML) as the security standard. Developed by OASIS, SAML is the most widely used standard for exchanging authentication information.

Author : Kapila Date : 25 Jun 2013