Introduction of a central cloud-based authentication
During a working day, a normal user in most companies accesses countless applications and resources and, in many cases, has to juggle different identities. From either a security or a convenience point of view, it makes no sense to leave this task to the user themselves. In the best-case scenario, this is done with a password safe; in the worst case, an all-too-familiar sticky note is stuck to the monitor. IT departments are faced with the challenge of preventing this, providing a centralized solution and offering as much flexibility as possible to support all applications.
How does single sign-on work?
From the user’s point of view, single sign-on requires only one password, similar to a password manager. With a password manager, however, this master password allows access to a wallet in which all other passwords are stored. If it falls into the wrong hands, unwanted persons will also gain access. With single sign-on according to the zero trust principles, on the other hand, the identity is additionally checked for each access attempt, among other things with the help of criteria such as the device and location from which the access is made. This provides far greater security without compromising the user experience.
With a view to harmonization in particular, it is important to set only one central instance here and to make this the company’s standard, whether it is single sign-on as an on-premises service or as a cloud solution. If the company already relies heavily on Microsoft products, then Azure Active Directory (Azure AD) is the ideal successor to the “classic” AD. Modern authentication based on federation technologies, smooth transition from AD and necessary prerequisites for all products from the Microsoft 365 portfolio are just a few of its advantages. In addition, it will also be possible to use other SaaS products from Microsoft in the future, for example with regard to security, without building up your own infrastructure.
Following a clear application strategy
The introduction of a central authentication solution should be paired with a clear application strategy and governance that is in line with the IT, data and business strategy. In harmonisation, the 5 Rs (retire, replace, retain, rehost, reenvision) help to assess what needs to be done and in what cost-benefit ratio, and what the concrete roadmap for applications modernising authentication should look like. Especially in the case of long-lived business applications, today’s decisions shape the application landscape and thus the security profile of the next 5 to 10 years. Their sustainable design and continuous modernisation capability are decisive for this.
If you would like to discuss this topic further, please feel free to contact our expert Dr Jan Ciupka directly: You can contact him here.