In the past, signing on to access your network and resources wasn't such a big hassle. Sure, the login procedure might have been clunky, but at least you only had to do it once — because you only had one network to which you needed to sign on. Once you got on, there you were! Then came the web, followed by cloud resources, and suddenly things got complicated. After all, practically everyone uses multiple resources, which can be a pain to keep track of. This is why single sign-on (SSO) is such a popular, tempting choice. You no longer have to struggle to remember a dozen different usernames, let alone which password goes with which account.
Cloud-Based IAM and Single Sign-On: What's Not to Love?
For end-user consumers, the joys of SSO are fairly straightforward. By having fewer accounts to remember, users face less of a hassle when trying to get to where they want to go. For organizations, the joys of SSO are almost as simple. After all, customer-facing employees want to keep the customer as happy as possible. In addition, SSO leads to fewer help desk hassles when it comes to forgotten usernames and passwords. As Information Security Buzz points out, these types of interactions can waste time and money.
And handling the process via cloud-based identification and access management (IAM) is a particularly popular strategy, largely for the same reasons that cloud resources are popular in general. While you don't own the cloud in the way that you own onsite resources, this means that you also don't have to handle all of the associated hassles by yourself.
Putting All of Your Eggs In One Basket...
Of course there is a catch. When hackers steal one of your many passwords, it's a cause for alarm. But when hackers steal your SSO password that you use for everything, you have found yourself in a dangerous situation. And users may feel slightly uneasy about entrusting a cloud provider with access to everything.
Means Watching That Basket!
That being said, the security issue with cloud-based IAM and single sign-on can cut both ways. The simple fact is that access is always going to be a potential security risk, because it is easier for malicious parties to break through a door than to smash through the wall. At the same time, it's easier to carefully guard one door than it is to carefully guard a dozen of them.
SSO also has a related but more subtle security advantage. Getting users to devise and remember a strong password is never easy, but getting them to do the same with multiple passwords is even more challenging. Given the need for multiple passwords, many users default to using the same password over and over, or variations that are almost as vulnerable. But the fewer passwords that end users (customers, employees or you) need to use, the better the chances of getting those passwords to be decently strong.
In short, yes, there are known security risks related to cloud-based IAM as well as any form of single sign-on, but these risks can be taken into account. And the risks of security fragmentation due to multiple sign-ons are both greater and trickier. As such, in this case, convenience is a pretty safe bet.