Adoption of federated identities is increasing among businesses and can have particular benefits at the enterprise level. By creating one central identity to access all network applications, companies simplify workflows and remove barriers to productivity. However, a unique set of security challenges must be met when using federated identity technologies.
Why Federated Identities?
With 83 percent of enterprise workloads expected to be handled by public, private and hybrid cloud environments by 2020, the adoption of more efficient sign-on methods is critical. The extensive number of applications, projects and use cases at the enterprise level can’t be managed adequately using a system in which employees must sign in with a different set of credentials each time they move between platforms. Doing so creates several problems:
• Each login is a point of vulnerability
• Repeated logins reduce productivity
• The login process creates distractions and undermines efficiency
A federated identity makes it possible for users to sign in to any application within the “federation” using the credentials from a single application. This centralized identity forms the basis of single sign-on and is independent of platforms and technologies. By using federation, an enterprise can integrate multiple applications into a single system without the need to create a custom authentication protocol.
Security Concerns of Identity Federation
Switching to federated identities as an alternative to outdated authentication methods isn’t without its risks. Most companies adopting federation only do so for a handful of applications and find it difficult to build a network in which all programs can be accessed using a single identity. This makes some areas of the network subject to common security risks, including breaches caused by the use of weak passwords. Complicating the matter is the lack of federated identity management plans in many businesses. The rapid spread of technology has left enterprises without the capabilities to implement the level of management necessary to ensure security across the board.
For federated identities to work, user information must be shared with the third party entrusted with authentication. The nature of this information and how it’s shared, processed, stored and protected has an impact on the safety and privacy of users. Not all providers within a federation conform to the same security standards, and the use of multiple providers creates additional points of vulnerability. Enterprises must understand the security protocols and compliance measures used by third-party providers before committing to any partnerships.
Insider threats and identity theft, two common and troubling security concerns for modern enterprises, remain problematic even with the use of a federated system. Companies need to be completely certain of the trustworthiness of users in the network and have authentication protocols designed to ensure each user is who he or she claims to be. Employee education is necessary to minimize the risk of human error, because a single compromised set of federated credentials can grant hackers access to multiple applications and allow a breach to spread rapidly across a network.
Improper provisioning leading to privilege creep can also leave the door open for devastating breaches. A user’s federated identity should allow only the level of access required for his or her job, and any temporary access necessary for short-term projects should be revoked as soon as it’s no longer needed. Automated solutions for granting and revoking access are becoming more common as enterprises seek to improve network security and reduce the risk of data loss or theft.
Creating a Reliable Federation Strategy
Despite its potential drawbacks, the use of federated identities has significant advantages for enterprise-level businesses. Unifying diverse applications to eliminate bottlenecks and silos creates a smoother user experience and empowers employees to work efficiently.
To meet the security challenges posed by federated identities and leverage the associated benefits:
• Focus on applications designed for federation
• Determine the standards required to maintain interoperability
• Establish strong security standards for proprietary and third-party applications
• Seek a provider with minimal data sharing requirements
• Ensure the provider is in compliance with relevant regulations
• Automate user provisioning
• Perform routine identity audits
• Remove dead, abandoned or orphaned accounts
Enterprises relying on applications with which federated identities can’t be used should consider if the same functionality can be achieved with newer applications or if the existing application can be updated for integration into a federated system. Critical programs lacking the functionality for federation require additional considerations to ensure security.
As identity federation becomes more common, the resulting partnerships between providers and businesses are likely to drive the establishment of tighter security policies across the board. Recent changes in regulations governing data privacy require diligence on the part of all parties involved in the creation and management of federated identities, so businesses desiring to enjoy the benefits of this modern authentication method must understand the risks and take steps to mitigate as many as possible.