At Prialto, we believe that our distributed model requires the same level of security and privacy as any onsite service.
To achieve that level of security and privacy, we approach information security strategy from three simultaneous directions:
- Physical – Tangible objects such as key cards, video monitoring, alarms, and security guards are used in our centers.
- Human – We utilize background checks, phone monitoring, conflict rules, and clean desk policies (e.g. no passwords on post it notes, etc).
- Electronic – Software limitations such as secure servers, encrypted communication, and unique but revocable passwords are utilized in our centers.
Because our security strategies are meant to both protect and inspire the enterprises that we work with, we pride ourselves on proving the roadmap to replicate them.
Learn more below.
password security at the enterprise level
Years ago, we partnered with Bitium (our longtime ally in electronic security) to explain the how and why of password security at the enterprise level.
Passwords themselves, the keys to most online information, are at the forefront of electronic security. Designed as a generic way to establish and authenticate identity, passwords have become the most vulnerable piece of electronic security.
Despite numerous studies and policies that suggest the usage of a single password across multiple apps is a security risk, a 2013 survey by Ping Identity showed that 83% of the tech security officers they surveyed did exactly that. Expand this practice to include every corporate employee that accesses enterprise information on their mobile phones, tablet,s or home computers and the scale of the problem becomes evident.
Corporations and Information Security 101
As enterprises large and small shift their information to the digital cloud, an explosion of SaaS tools are making it easier than ever for employees to collaborate and innovate. Much of this sharing is being done across time zones and physical locations, by workers who are telecommuting, working in shared or public spaces, and from open networks.
Information is stored on central, third party servers that are accessible across the company and the world by anyone with an internet connection and a browser window. As a result, online security is increasingly being pushed to the forefront as a major corporate expense.
Yet, 89% of the global information workforce lack clarity on how security applies to the cloud. An article in Britain’s Guardian newspaper lays out the basic problem in this way:
“Data is suddenly everywhere, and so are the number of people, access points and administrators who can control – or worse, copy – the data.”
A few other trends are also compounding the problem:
- The democratization of information technology, with the growing usage of enterprise SaaS applications like Salesforce or Box that are pushed out at the central level.
- The need for companies – especially newcomers eager to carve out an industry niche – to be fast, nimble and permeable in today’s market.
- Highly distributed workforces comprised of full-time employees, long-term contractors, and outsourced support services scattered across the world.
- BYOD – bring your own device – work environments, which allow employees to share enterprise-level access controls across less secure personal environments.
- The rise of cloud-based environments, over which companies lack complete control.
- Confusion about how to best manage insider threats, mobile access, and compliance issues.
All this makes information security more important and difficult than ever.
single sign-on solutions
One potential solution for the password pain points is a single sign-on (SSO) system.
The Open Group concisely defines SSO as “[a] mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where he has access permission, without the need to enter multiple passwords.”
From a technical perspective, a single sign-on solution eliminates the redundant entry of ID and password information by providing seamless and rapid entry into multiple applications and resources, regardless of network or domain. The SSO will provide or connect to a centralized authentication repository, and will store and service requests for authentication and authorization for the varied applications and systems that a user needs to access.
Benefits of a modern SSO solution to enterprises include:
- Reduction in the time taken by users in sign-on operations to individual domains, including reducing the possibility of such sign-on operations failing.
- Improved security through the reduced need for a user to handle and remember multiple sets of authentication information.
- Reduction in the time taken, and improved response, by system administrators in adding and removing users to the system or modifying their access rights.
- Improved security through the enhanced ability of system administrators to maintain the integrity of user account configuration including the ability to inhibit or remove an individual user’s access to all system resources in a coordinated and consistent manner.
From the end-user’s perspective, an SSO solution is password fatigue relief; they need only one username and password combination to gain access to all their protected apps and services.
Additionally, they are able to more easily collaborate with co-workers and suppliers, as they can delegate and share access without having to share actual passwords.
flexible security across the organization
- Onboarding/Offboarding – One of the most significant impacts of SSOs is in the offboarding space. In earlier days, employees would leave the company, taking confidential passwords and information with them on their smartphones and home computers. With SSOs, the employee is never handed a password. So, when he/she leaves the company there is nothing to wipe away or reset. Besides removing the person from the SSO, Human Resources doesn’t need to offload passwords from the person leaving, reset passwords once the person is gone, or even request an exit memo with the details.
- Co-Worker Access – SSOs allow co-workers to share access to applications and shared accounts. This spurs collaboration, optimizes information sharing and data updates, and allows supervisors to manage exactly who can access which account without providing easily shareable passwords to everyone.
- Client Confidentiality – SSOs retain the privacy of a company’s clients by preventing non-essential employees from accessing client information or access to client accounts. In some cases, this is coupled with encryption keys and other security methods that enhance the SSO’s capacities.
- Blanket Security Controls – SSOs allow password managers to set up additional security controls across all applications. For example, Prialto uses Bitium’s IP blocking feature to prevent certain employees from logging in to certain HR or sales accounts. Instead of doing this on an app-by-app basis, they are able to do it across all platforms with a simple click.
Single sign-on solutions make it easier to secure passwords across companies and multiple individuals, and are most companies’ best solution to the perils of passwords in a corporate setting.
learn more about what we do at prialto