Posts

Single Sign On Misses the Mark for SMBs

Directory as a Service
As you move your small or midsize enterprise into the cloud, you will face new challenges around identity management.  Historically, identity management was an operational issue that managed user logins to desktops and local area networks. As you move to the cloud, the network is no longer local. Your network includes the suite of applications and services run and hosted by others. Identity management is now a security issue that should control access to your cloud applications, data, and services as well as your computers and mobile devices.

Single Sign On for SMBs

Even with the proliferation of usernames and passwords, most SMBS are not investing in Single Sign On (SSO).  With many applications using federated or 0Auth login services from platforms like Google Apps or Office 365, SMBs expect users to adapt and manage their identities. The result is a mix of usernames, passwords, and connections without a clear system of record and no centralized management. And while Single Sign On can help eliminate this mess, most SMBs struggle to justify the value.  In addition, SSO solutions lack the ability to manage access to devices, WiFi services, and other resources.

With SSO in place, you still need to manage and maintain a directory service. Directory services, such as Microsoft’s Active Directory and the many LDAP solutions are, in theory, capable of managing more than on-premise systems. Actually integrating directory services, however, is complex, costly, and requires regular maintenance.

Directory-as-a-Service and Identity Management

Directory-as-a-Service® (DaaS) is a modern identity platform that centrally manages user connections to this new world of cloud and SaaS-based infrastructure. Features of a cloud-based directory service include:

  • Mac, Windows, and Linux devices are all treated as first-class citizens
  • Tight integration with Office 365 and Google Apps, centralizing control over the productivity platform and enabling single sign-on capabilities for end users
  • Single Sign On integration with other cloud applications and services
  • Improved WiFi security that connects the authentication request to the directory service
  • Multi-factor authentication at the system level
  • Hosted LDAP capabilities can eliminate the need to have an on-prem LDAP server

In short, Directory-as-a-Service covers what contemporary organizations need in a modern identity management platform.


Learn more about Directory-as-a-Service and JumpCloud (our preferred DaaS solution) at our 3T@3 Webcast on October 18th, or contact us for a free, no obligation Cloud Advisor Session.


 

Chromebook SSO Eases Access Administration

google-chromebook
Single Sign-On (SSO) enables users to access multiple systems and applications with a single username and password, and a single login screen.  And while many schools and businesses use SSO for Google Apps and related solutions, Chrome devices have always required a separate login.

To easy access administration and simplify user logins, Google has launched SAML-based SSO login for Chrome devices.   Organizations running current versions of Chrome on devices registered via Chrome Management licenses can now extend their Google Apps SSO login to the registered Chrome devices.

Feel free to contact us if you would like more information or assistance with your setup.

 

Tuesday Take Away: DLP in Google Apps

In at least one prior post, we have written about the nature of data protection and the reasons for backing up information in the cloud.  Backupify, one of the vendors we work with often, recently conducted  a study of known data loss incidents in Google Apps with known resolutions.   Here is what they learned:

  • 0.00% = Due to Google systems or software
  • 4.05% = Due to an integrated, third party application
  • 10.81% = Due to unauthorized use of a users’ credentials
  • 85.14% = Due to user action

What does this mean?

For most Google Apps users, the best mechanism for Data Loss Prevention (DLP) is to protect your data from user error and malicious acts.  In other words, back up your data!  Assess your needs with respect to retention period and retention points, and pick the backup solution that best meets your business needs.  And remember, backups solutions for Google Docs should do more than export with conversion.

In addition, users should understand the importance and risks involved in sharing account information or using weak passwords.  If you want to enforce best practices, consider Google Apps Directory Sync or an affordable Single Sign-On (SSO) solution.

Drop us a note if you want to know more.