Beyond the financial considerations, there's another shadow cast - incomplete SSO implementations!
Picture this: session tokens reused, vague session length parameters, or worse, negligence in terminating sessions upon browser closure!
It's like getting a puzzle with missing pieces. Surely this is NOT the norm? Hmm, well, umm, yeah... Whilst SAML IS an agreed standard, and the majority of the Identity Providers (IdP's) are compliant, there are few controls on how the Service Providers (SP's) action the session tokens - unfortunately, it is often left up to the application user to validate what works and what doesn't!
Yep, so not only do you get to pay the SSO tax, you then have to work out what you get for your "investment" - somehow, this just doesn't seem quite right.
๐ Beyond Trust: Auditing Your SSO Environment
Are you still confident in your (planned/actual) SSO deployment?
I once read that to be truly secure you should trust no one, assume nothing and test everything - with SSO, this has never been more true.
If you have an existing deployment, audit it. Verify that each app vendor in your ecosystem adheres to the security standards you've set - test every action and expectation on every application. Then document and date the findings.
It's a proactive step that can uncover potential vulnerabilities before they turn into security breaches.
#SSO #MSP #SecurityMatters #SecurityIsAMindset
Curious to dive deeper into SSO excellence? Let's start the conversation! ๐