Key Findings from the OneLogin Blog From Q1 and Q2 2018

onelogin blog

From time to time here at Solutions Review, we review the blogs of the top identity and access management solutions providers. With the deluge of data breaches, insider threat studies, and authentication innovations flooding the news feeds, studying the reports from the literal boots on the digital ground can give us insight into what’s important when making IAM solution selections.

This week, we read the OneLogin blog, which posts the research and opinions of the titular Californian identity and access management vendor. Here’s the key findings enterprises should take heed of:    

How To Be A True Password Champion by Jonathan Bennun

We’ve written before about our dissatisfaction with passwords as an authentication factor and with single-factor authentication platforms in particular. Passwords are a weak part of any enterprise’ security posture: an easily crackable attack vector and a target of much user hatred. The OneLogin blog shares our sentiments but acknowledges that passwords are here to stay for now—especially because so many legacy identity and access management solutions hinge on passwords.  

In light of this unfortunate reality, the OneLogin blog argues on behalf of having a Password Champion on staff. This member of your IT security team would focus on strengthening your employee’s password policies, protecting asset access, and educating your users on overall better password practices. This individual needs to balance password best practices with more modern approaches to authentication and access management. If you have the resources and staff, it may be time to find the Password Champion for your enterprise.

What is Unified Access Management? By Jack Shepherd

The OneLogin blog defines unified access management as the access integration of Security-as-a-Service and on-premises application environments. It also extends access management to enterprise networks and devices, unifying their corporate user directories.

The aim of unified access management is to simplify the administrative experience—an oft-neglected but nonetheless vital aspect of any IAM solution experience—reduce your overall costs, and improving the end-user experience. The OneLogin blog states that this kind of access management solution can be a huge boon to enterprises undergoing a digital transformation or otherwise embracing cloud application adoption; unified access management can unify cloud directories and existing user stores to provide greater scalability.

How Financial Organizations can Keep Biometric Data Secure by Alvaro Hoyos

Again we have to confront the reality that passwords are a poor identity authentication factor for enterprises of any size. In this blog post, OneLogin examines the upcoming biometric authentication revolution which is poised as a response to this frustration. As part of multifactor authentication schemes, fingerprint and facial recognition are becoming all the rage among security-conscious enterprises and professionals.

But biometric authentication haven’t been met with universal approval by end-users. As the OneLogin blog points out, plenty of end-users are reluctant to hand over their biometric data to enterprises, especially financial enterprises. One of the reasons for this reluctance is a well-known issue among biometric authentication experts: a password can be changed in the event of a theft, but a fingerprint cannot.

The OneLogin blog advises reducing the attack surface on biometric data to help secure the information from threat actors and increase user trust. Restricting the number of employees that can access to your users’ biometric data and carefully selecting what databases and assets require biometric authentication (not every login should) will help make sure that the digital attack surface is as small as possible.

Top 3 Reasons Why Enterprises are Modernizing their Access Management by Jack Shepherd

Legacy solutions, as the OneLogin blog is quick to remind its readers, are not equipped for the realities of securing cloud applications or the modern hybrid enterprise. Therefore enterprises can see increased costs and hidden costs, increased IAM complexity, and more difficult maintenance requirements.

And these issues tend to interweave with each other. As legacy solutions continue to age, finding the right personnel to manage them becomes increasingly tricky. These experts, in turn, can be more expensive and require more time to manage your legacy solution, taking their focus from more relevant security threats and limiting their productivity. This requires the hiring of more cybersecurity experts…and a vicious cycle begins. In other words, legacy IAM solutions can’t keep up with modern threats and it can drag the rest of your cybersecurity solution down with it.

Maybe it’s time for your enterprise to change their IAM solution? It could save you time, energy, money, and security concerns.     

Ben Canner