Page 83 - Cyber Warnings
P. 83
However, by implementing single sign on, a company effectively reduces the number of troops
on the front line, rendering what’s left very vulnerable.
To mix that metaphor with a simile, it’s a bit like putting all your eggs in one basket.
We’re not the only ones who hold this opinion. Gartner financial fraud analyst Avivah Litan
agrees, saying: “It’s just such a massive single point of failure.
And this breach shows that other [cloud-based single sign-on] services are vulnerable, too.
This is a big deal and it’s disruptive for victim customers, because they have to now change the
inner guts of their authentication systems and there’s a lot of employee inconvenience while
that’s going on.”
Single sign-on services are certainly a ‘massive point of failure’. All it takes is one instance of
bad user behaviour to lead to a severe breach, for example, an employee sharing a password
or leaving a workstation unlocked, an employee falling victim to a phishing attack, or a malicious
user stealing colleague’s credentials.
The OneLogin attack has therefore cast doubt over the security of single sign-on services, and
understandably, businesses who use single sign-on services are wondering how to better
protect their corporate systems.
Whatever the method, the key is to protect the basket in which you’ve placed all your eggs.
How context-aware technology can protect single sign-on services
One way to do that is through ‘context-aware’ security. The trouble with passwords is that they
behave exactly like keys.
As long as you have the key, you can unlock the door. Context-aware security, though, goes
way beyond keys, and analyses the situation in which an access attempt takes place to
determine whether the person trying to log in is exactly who they say they are.
For example, context-aware security can analyse what geographical area the login is taking
place, what device the user is logging in on, what time it’s happening, what the IP address is,
and many other pieces of contextual information.
All of this information together builds up a profile of the person logging in, and can shed light on
anything suspicious.
83 Cyber Warnings E-Magazine – June 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
