Single Sign-On Raise Concern Amongst Security Experts

By | May 30, 2006

Over 60 percent of companies that have implemented enterprise single sign-on (ESSO) technology have seen a reduction in calls to the IT helpdesk according to independent research carried out by Winmark and launched today by RSA Security, the expert in protecting online identities and digital assets.

An average of 1,924 helpdesk calls are logged each week by UK enterprise organisations1, each at an estimated cost of $25 – $50 cost per call2. With analyst group Gartner reporting up to 30% of all helpdesk incidents request password resets3, password management represents up to $1.5m (Ј800,000) of IT operations spend every year.

Tim Pickard, Area VP of International Marketing, RSA Security, commented: “Password resets continue to demand considerable IT resource which is purely a cost centre for UK businesses. Our research shows that reducing the number of passwords users are required to remember can reduce the volume and thereby cost of managing the IT helpdesk.”

ESSO technology allows users to gain access to all authorised applications automatically through a single logon process, for example by entering a username and password or through a username and physical two-factor authentication device, without having to prove their identity again. This in turn reduces the number of calls to the helpdesk to reset user logon details, as users only need to remember one logon.

The research data also reveals that awareness and understanding of ESSO technology in the market is low. Half of the IT decision makers surveyed in the UK do not have a good understanding of ESSO technology and therefore are not realising the cost benefits of the technology to their organisation. However, the research indicates that amongst those who do have a sound knowledge, adoption is high. 24% of UK businesses currently utilise an ESSO system, and 50% of respondents claimed to have a good understanding of the technology.

Pickard continued: ”Interestingly this research shows that the primary drivers for UK businesses to deploy ESSO technology are cost savings, ease of use and increased security for remote workers. In today’s economy where the IT department is told to do more with less, implementing ESSO can significantly reduce the helpdesk burden by cutting password resets. This alone limits sunk IT operations costs and frees up budget for revenue generating IT projects. The lack of awareness regarding the potential savings through using ESSO solutions is both surprising and disappointing.”

Enterprise single Sign-On, a security risk?

The findings clearly demonstrate the potential and perceived benefits of ESSO technology; however the research also raises concerns for the security of businesses using it in isolation. Although UK businesses that have deployed ESSO solutions are realising significant cost savings, experts are concerned that security is not front of mind for IT decision makers. Only one in ten companies implementing ESSO use it in conjunction with strong authentication. Even more alarming is that 40 percent of those surveyed plan to implement within the next two years but only a quarter plans to use it in conjunction with strong authentication.

Strong (or two factor) authentication involves the use of personal passwords in combination with additional authentication technology to positively identify users before they are allowed access to company systems. The research shows that the most common strong authentication technology is the time-synchronised hardware token, followed by smart cards.

Pickard commented: “The benefits of users being able to access all applications with a single log-in reduces the complexity of user logon and password management for IT administrators. However, businesses also need to be mindful of the security implications to the business. When implementing ESSO technology companies need to ensure that strong authentication is in place to verify who the user is without the fear of compromise.”

Leave a Reply