Ali Kaddoura, Country Manager UAE, Citrix discusses the pros and cons of having federated identity, an arrangement that allows subscribers to use the same identification data to obtain access to the networks of all enterprises in the group and what the future might look like for enterprise security in this respect.
IT departments across the UAE are appreciated for their ability to solve issues that interrupt productivity, everything from poor internet connectivity to a malfunctioning laptop or cable. While it might be difficult to describe the benefits that come with stellar tech support, we can all be certain that its absence would result in office chaos. Like any team, IT employees experience their own share of workplace frustrations. Like most issues at the office, Identifying and understanding what the challenges are, is the first step in alleviating them.
One of the most pressing, is ensuring that passwords aren’t compromised, which is growing increasingly easier in today’s threat landscape. It’s not just external threats that are a concern, but poor security habits practiced by employees themselves that place the entire organization at risk. Even with single-sign-on technology, it can be difficult to manage as innovation means new services, and each new service tends to come with its own password.
Enter a new approach – federated identity, an arrangement that can be made among multiple enterprises that lets subscribers use the same identification data to obtain access to the networks of all enterprises in the group. Instead of each service having its own password database, they can rely on an identity provider to run authentication for them. A version of this method is gaining popularity in the UAE, especially so with public sector. For example, in 2016 the Telecommunications Regulatory Authority (TRA), launched the first phase of “SmartPass” which facilitates government transactions online using a single access point.
It’s true that many web services now support public identity providers; however, it isn’t utilized enough for a few reasons. Such providers tend to be expensive, hence if it makes business sense large organizations opt to run their own service rather than outsourcing.
Some companies may feel uncomfortable with relying on a third-party service for authentication. However, it’s not a question of security alone as identity providers also need to be highly resilient since a single failure could result in denial of access for a customer’s entire network of systems. Protocols and standards are still evolving and require standardizing and more algorithms before being widely implemented. This means that organizations can’t take for granted that all moving parts will work together automatically, though it’s important to note that interoperability is improving on a consistent basis.
Problem here is that IT professionals are hesitant to bear the burden of managing two separate worlds for authentication: one with federated identity and the other with existing enterprise logon. The rationale being that it would most likely lead to a poor experience for employees, and gaps in accountability or auditing – a major concern depending on how many users are contractors.
An efficient way to counter this and link both areas is through federation fluent gateways and services. In doing so, businesses no longer need to issue and manage passwords for their partners’ personnel, or worry about how to lock down their access specific entry points and apps. Since external employees won’t receive passwords for the entire environment, they’re only granted access via the gateway configured to accept them. Effectively placing the responsibility for confirming the authenticity and status of the external users where it belongs, with the partners themselves.
Most IT personnel would agree that passwords are a poor way to authenticate, as they can be reused and also easily stolen. Studies show that eighty-one per cent of hacking-related breaches leveraged stolen and/or weak passwords. Hence the introduction of tools such as fingerprint readers or iris scanners which were once only reserved for sci-fi movies or for buildings that require high security clearance, these inventions have now become commonplace across mobile devices. The common denominator here is that these innovations rely technically on a form of federated authentication. Ultimately, a world where passwords are rare is a better one all around, much to the relief of the average IT team.