The benefits of SSO: An interview with Bonfire’s Director of IT, Security, and Compliance
Single-sign on (SSO) is becoming a critical criteria in public sector software, and when looking at the benefits of SSO—not to mention, how lax many people are with password security—it isn’t hard to see why.
Perhaps your passwords aren’t as bad as “password123,” but maybe you reuse the same password on different accounts—adding a “!” to the end of your tried-and-true password when you’re asked to include a special character.
We don’t blame you! As public sector organizations continue to invest more and more in software-as-a-service, the amount of online accounts that you log in to every day is growing. To keep things as simple as possible, it makes sense to try and recycle passwords.
Unfortunately, that simple act of repeating a password opens up your organization to disastrous data breach risk.
You’re likely no stranger to some of the high-profile data breaches of the past few years or the spread of ransomware attacks in the public sector. The truth is, no one is exempt from being a target; in 2019, a collection of 2.7 billion identity records, consisting of 774 million unique email addresses and 21 million unique passwords, were posted on the web for sale. And if you think you’re exempt because your agency is small, think again—43% of data breach victims are small businesses.
To protect your organization from a data breach resulting from a stolen or weak password, SSO is here to help.
We sat down with Jay Rosenberger, Bonfire’s Director of IT, Security, and Compliance to get a better idea of what SSO is, why public sector organizations especially should be investing in SSO, and what the benefits of integrating SSO into your Bonfire platform are.
What is SSO?
Jay: Single sign-on (SSO) is a method to authenticate the user to a website or system against a centrally managed identity provider (IdP). For Bonfire clients, this means your users can log into Bonfire using their existing username and password without the need to create and remember a new password.
How does SSO work?
Jay: When a user logs into Bonfire, the request to authenticate is sent back to your IdP (your authentication server) instead of ours. If the username and password are correct, access will be granted. The passwords used to authenticate against your IdP are never stored in Bonfire.
Why is SSO especially important in the tech stack for public sector organizations?
Jay: Data breach attacks happen every day and the chances of passwords being stolen from these breaches are increasing. With the rapid adoption of cloud-based services, ensuring that identities and credentials are controlled and protected becomes a challenge for organizations of all sizes.
Should one of your users leave the company, as soon as you disable their access on your IdP, they will no longer be able to access Bonfire. This helps reduce the time and risk of missing items during your employee offboarding process.
What security regulations should public sector IT teams be aware of and how can SSO help with compliance?
Jay: Many compliance regulations require a robust identity and access management program. As organizations offload services into third-party systems in the cloud, their risk increases. The use of SSO is a great way to help meet your compliance obligations and reduce risk.
How does SSO improve user experience for employees?
Jay: Without the need to remember yet another password, your employees will be able to log into any service that supports SSO with their existing credentials. That means they won’t need to write a complex password down where it might be seen and the frequency of password resets is reduced. The result is a far less frustrating experience for employees which ultimately leads to greater employee satisfaction.
How can SSO lower IT costs?
Jay: SSO can reduce time and effort in employee offboarding and reduce the complexity of identity and access management.
Are there any other benefits of SSO you’d like to mention?
Jay: At the end of the day, the biggest benefit of SSO is greater security and compliance. With fewer passwords for employees to remember, reduced recycled passwords, more visibility into login activities, and a guarantee to meet compliance obligations, you can sleep easy knowing that your employees’ weak or reused passwords aren’t risking a security breach in your organization.
Why should Bonfire clients invest in SSO for their users?
Jay: There are lots, but to name a few…a simpler user experience, reduced IT costs, increased security, reduced risk, and better compliance. Why wouldn’t you want SSO integrated into your Bonfire account?
To take your Bonfire account security and compliance to the next level with SSO, connect your IT manager with your Bonfire client success manager today.