Businesses are leaving themselves exposed to potential
security breaches by deploying enterprise-wide single sign-on
technology without deploying stronger authentication.
A survey of more than 400 firms in the UK, Germany and Italy
found that only 10% of companies that had implemented single
sign-on technology had deployed it with either smart tokens or
smartcards to secure their systems.
And, out of 40% of firms that planned to deploy the technology
in the next two years, only 25% planned to deploy any sort of
strong authentication, the research by US-based online security
group RSA Security found.
“Before, you had six or seven applications with different
passwords. If one password was compromised that meant one
application was compromised. In a password management solution, if
one is compromised they all are compromised,” said Tim Pickard, RSA
Security area vice-president.
Graham Titterington, an analyst at research firm Ovum, said
strong authentication was the ideal solution. However, he said that
organisations did not necessarily face higher risks by moving
employees to a single password.
“The counter argument is that the more passwords you have, the
more chances there are that some will go astray, and more people
will be inclined to write them down because they cannot remember
them,” he said.
The survey concluded that UK organisations were more aware of
the security risks of single sign-on technology than those in
Germany and Italy.
The research suggested that enterprise single sign-on systems
could save IT departments up to £800,000 a year by reducing the
amount of calls made to helpdesks over forgotten passwords.
More than 60% of the firms surveyed said they had seen a
reduction in helpdesk calls after deploying single sign-on.
However, businesses cited cost and implementation difficulties
as the main reasons for not deploying the technology, while
organisations in the UK also cited security as a barrier.
Read article:
London NHS trust set for biometric
single sign-on