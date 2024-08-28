4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently conducted a comprehensive study of various small and medium-sized businesses to help identify common challenges and opportunities associated with Single Sign-On (SSO) adoption.
SSO has garnered considerable chatter across several industries, especially regarding its ability to improve security while extending a certain level of convenience to employees using this protocol. However, it hasn’t yet been widely adopted as a best practice standard. Some businesses rave about SSO’s security benefits, while others are skeptical of its value and concerned about the costs.
In 2024, CISA released a report summarizing the viewpoints of multiple SSO vendors and customers while providing recommendations to help companies overcome the common barriers to implementing more secure SSO policies in their organizations.
Single Sign-On (SSO) has gained traction in various industries since the early 2000s, although not all businesses widely understand its practical application. SSO is a centralized authentication protocol that gives users access to multiple applications or systems using a single set of credentials.
By working with a chosen SSO provider, businesses can have their employees use one central login that verifies their identity and gives them access to a set number of authorized applications rather than needing to have employees remember multiple usernames or passwords.
Businesses can experience significant convenience when using this type of solution, but its security benefits are much more pronounced. Since SSO eliminates the need to create and remember multiple credentials, it significantly reduces the risks of employees experiencing password fatigue and opting to reuse credentials across various platforms, leading to weaker security.
With the addition of SSO, organizations can harden their digital security practices while mandating stronger password-building practices, enforcing the use of multi-factor authentication (MFA), and supporting a centralized administration of all their access controls.
When polling various third-party vendors and organizations, CISA identified common barriers associated with SSO adoption. Some of these barriers include:
As with all security initiatives, SSO requires a certain level of financial investment to establish itself. This can be a difficult cost of entry for smaller businesses with more limited budgets.
Since some organizations still don’t fully recognize or accept the importance of SSO adoption, it can often be viewed more as an additional “expense” rather than a long-term investment that can lead to “cost-savings” since it helps to maximize productivity while minimizing the chances of a costly data breach.
Depending on the size of the organization, SSO implementation and management can require varying levels of technical expertise, which may not be immediately available in-house. The configuration of SSO solutions can involve the configuration of various applications and third-party tools, which can take time and resources to manage.
One of the largest barriers to adoption is the need for organizations to be more aware of the relevancy of SSO in their business. Many need to pay more attention to their current security risks by trusting employees to manage a diverse set of login credentials across multiple platforms and applications.
According to a LastPass report, only 3 in 10 employees actually set strong enough passwords for their work accounts. It is hard to police since many organizations make it a point not to let their employees share their credentials with anyone. Other businesses overestimate the effort it can take to set up SSO in their organization and abandon the idea altogether.
SSO implementations are believed to provide the most amount of value to large enterprises with hundreds or even thousands of employees.
However, this demand has created a certain amount of segmentation in the market, with many SSO vendors primarily catering their services (and pricing models) to larger businesses. This has made SSO solutions less affordable to SMBs and with limited options for more flexible deployments.
CISA’s study revealed an apparent disconnect between SSO vendors’ perceptions of what the business market needs and their customers’ actual experiences. While SSO vendors have traditionally focused on providing solutions with a comprehensive list of features and services, they haven’t always considered how to make their solutions more approachable for businesses of all sizes.
In an effort to help bridge this gap and improve SSO adoption rates, CISA has offered recommendations to both SMBs (small and medium-sized businesses) and third-party vendors.
CISA’s guidance on SSO adoption is a timely reminder for third-party vendors and business organizations not to devalue its importance. By working collectively together, vendors and their clients can increase the rate of SSO adoption while improving the overall security posture of all organizations.