While the country as a whole has had more than seven years of recovery time since the Great Recession, many government agencies and institutions still find themselves struggling to fully mend. Across the U.S., many are still working to do more with less—a reality that is particularly true in public colleges and universities.

In enterprises around the globe, it’s becoming increasingly clear that implementing mandatory password changes is no longer considered best practice for securing key systems and data.

Of course, we’ve long known that passwords are a weak link in the security chain. Eighty percent of hacking-related breaches in 2017 leveraged either stolen passwords and/or weak or guessable passwords, according to the latest Verizon Data Breach Investigations Report.

While every business faces some level of transience in its operations—namely employee or customer churn—community colleges, by the nature of their business, face the issue on a massive scale. For example, At Lone Star College, the nation’s third-largest higher-education system, up to 40 percent of the schools’ 100,000 students are transient users.

When we engage with a new IT team and ask how they are currently managing user identities and access, more often than not, they simply point to a single sign-on (SSO) portal. This inevitably prompts a clarifying discussion around the meaning of SSO.

In previous installments of this series, we discussed the emergence of Identity as a Service (IDaaS) and the benefits it offers. We also cleared up some of the most common misconceptions surrounding IDaaS. Now that you have a better understanding of the technology and its potential, let’s examine the most common IDaaS models, so that you can choose the right one for your organization.

In our last post, we discussed some of the most compelling reasons for adopting identity and access management (IAM) in the cloud. Like most other cloud services, identity as a service (IDaaS) offers cost-effective, high availability and affordable scalability. However, as you consider the possibility of moving from your legacy, on-premises IAM system to the cloud, it’s vital that you begin with a clear understanding of common misperceptions that haunt the emerging IDaaS market; here are the two biggest ones:

Whenever I am involved in the initial discovery phase of an Identity and Access Management (IAM) project, the term Single Sign-On (SSO) always comes up. SSO is often desired or a hard requirement of customers, which inevitably prompts a clarification discussion around just exactly what SSO means to them.

The customer’s definition of SSO is usually something along the lines of “customers have one set of login credentials for all of their web applications instead of a different set for each.” For example, a single “scarter” account and password can get me access to Salesforce and Google Apps versus having a separate “scarter1” account for Salesforce and then an “scarter2” account for Google Apps.  

However, this interpretation of what SSO means is actually only half correct.

The easiest way to show success is through tangible measurement. When you roll out a new project or implement a new system, you can say that you think it’s working, but without evidence, you really can’t be sure. That is why metrics are so important to a business. Metrics enable an organization to know if productivity is up or if costs are down. They can also measure whether security has improved and identify opportunities to enhance processes. These reasons are precisely why it is so crucial to track identity and access management (IAM) metrics.

From the massive Target data breach in 2013 to the Wendy's, UC Berkeley, IRS, and U.S. Department of Justice breaches of 2015 and 2016, today's enterprise exists in a security minefield in which a single misstep could lead to a massive breach and public blowout. As IT departments shutter and make sure to shore up their perimeter security, unfortunately, many overlook the fact that it was actually legitimate user credentials that were used in most 2016 data breaches, with some 63% being the result of weak, default, or stolen passwords, according to the new Verizon Data Breach Investigations Report (DBIR). These results drive home the point that passwords are the weakest link in the security chain and malicious intruders know it.

There is no doubt that single sign-on (SSO) capabilities are an important part of any identity and access management (IAM) solution. SSO reduces user frustrations by eliminating the need to keep a list of separate login credentials for individual applications and lowers support costs by helping to reduce the amount of time IT spends addressing login issues and resetting forgotten passwords. Single sign-on can also be utilized for documenting user account activity.