Why do you need Cloud SSO? Earlier this year, a malware attack called NotPetya hit multinational companies Maersk, FedEx, and Merck resulting in disrupted supply chains and confirmed losses approaching $1 billion dollars (USD). One reason for the severity of the attack was that these companies conducted company business on poorly protected PCs that were directly connected across office networks.
Cloud hosting with SSO offers protection from malware attacks like NotPetya by controlling network access between machines, enabling rapid restoration from backups, and any other strong security features. For this reason the cloud has become the default hosting option for security minded companies.
For a determined hacker, a single employee password may prove sufficient to bring down a corporate network or abscond with millions of dollars
One way in which the cloud particularly excels is by protecting the way that employees login to business systems. Consider how many people follow poor password practices. One employee may re-use the same password across dozens of websites, another employee uses their dog’s name, while a third keeps their passwords taped to their monitor. By such means are passwords easily stolen and used for nefarious purposes or traded on the dark webs. For a determined hacker, a single employee password may prove sufficient to bring down a corporate network or abscond with millions of dollars.
How Single Sign-On Reduces Exposure
Fortunately there is a superb cloud component that reduces exposure to stolen employee login credentials. This component is called Single Sign-On (SSO) and it unifies the process of employee access to business systems. Administrators are given a powerful interface to protect corporate systems while employees are provided with a safe and easy way to login from anywhere. By using SSO, an employee can log into their email on their phone, their accounting software on their PC, and their ERP software on their home computer -- all with only one set of login credentials.
For security teams and administrators, single sign-on is the solution of choice due to its robust protections and simplified management. By channeling all authentication requests through a single login system, strong security layers are easily added. Rules for long and complex passwords are set at the company level and enforced universally. Algorithms for automatically blocking suspicious access attempts are associated with device profiles and geolocation.
Perhaps most importantly, login access can be quickly revoked. If an employee loses control of their password, a security staff person can reset their password across all systems to block potential intruders. Similarly, when an employee leaves the company or a contractor completes an engagement, their access is immediately shut off.
When we speak with abas customers, we often hear questions about how they can protect themselves from a security standpoint. Many of them find that our SSO product can boost their security posture considerably while being a very good value proposition.
Single sign-on also provides the basis for one of the most critical items on the security must-have list. Multi-factor authentication (MFA) allows employees to authenticate themselves with something stronger than their username and password. MFA generally requires use of an authentication code sent by text message or generated through a mobile app but it can utilize other forms of electronic identification such as biometrics. Once a company adds MFA protection, a stolen password on its own becomes useless to a hacker.
Another core tenet for good security is the logging of login attempts. Comprehensive logs will capture data on user actions, IP addresses, geolocation, device profiles, and which systems were accessed. Security algorithms can analyze these logs in real-time to generate notifications of suspicious access attempts or to automatically block accounts based on activity. Another benefit of logs occur post-attack when forensics teams investigate how attackers infiltrated the system, what systems and data they touched, and what protections might prevent similar attacks in the future.
For security personnel and administrators, an SSO system can greatly increase efficiencies. Administrators can at a glance see which users have access to which systems. With a few clicks, they can create a new user in a predefined role that restricts the business systems the user can access. Dashboards and reports fill in the picture about security health and what areas need attention.
For companies who need to operate under regulatory requirements, such as PCI for credit card transactions or HIPAA for healthcare, an SSO system can assist greatly with compliance. Many SSO features such as MFA, password rules, and logging are requirements for most regulatory security frameworks. Additionally, the centralized nature of SSO means that compliance work only needs to occur within a single system instead of fragmented across numerous business systems.
Installing a new Cloud SSO system can appear seamless for employees. Many SSO implementations are designed around an existing corporate directory such as Active Directory and utilize the same employee data and credentials. The SSO system extends the current employee directory data so that it can be accessed under a strong security framework by any business system. Training for employees migrating to the new SSO might be as simple as linking to a login screen with instructions about security improvements and how to access from different devices.
SSO systems are designed to be extensible. When a new business application is installed for company use, it’s generally a straightforward process of adding a connector to the SSO system. Most SSO systems offer a large list of third-party software connectors along with a set of tools and interfaces for building custom connectors as necessary.
abas SSO is designed for use across any business website and application, including both abas software as well as third-party software
abas ERP and Cloud SSO
An increasing number of abas customers are taking advantage of Cloud SSO to better secure their corporate infrastructure. abas SSO is offered as part of the abas product line in partnership with security industry leader Auth0. According to abas USA VP Nicolas Dormont, "When we speak with abas customers, we often hear questions about how they can protect themselves from a security standpoint. Many of them find that our SSO product can boost their security posture considerably while being a very good value proposition."
abas Cloud SSO is designed for use across any business website and application, including both abas software as well as third-party software. It includes innovative features like password-less accounts that utilizes fingerprints and email/text links to make the login process easier and thus reduce poor password practices. Ongoing password monitoring occurs via a database of exposed passwords from previous breaches that can immediately flag users who attempt to re-use a former password. And with easy tools for embedding, abas SSO can be added into existing websites, mobile apps, and business applications.
With clear benefits for both security administrators and employees, SSO is one of the best examples of the secure cloud.
Want to know more about Cloud SSO and abas ERP in the Cloud? Download our Cloud ERP White Paper or read our post, 8 Ways Cloud ERP Makes Your Manufacturing Business More Competitive