Does Single Sign On Increase Security or only ease of use? Does Secude improve my SAP environment?
With the recent announcement by SAP to purchase the Secude Secure Login and Enterprise Single Sign On applications, what does it mean for you? Does this provide a belated Christmas gift for 2010? Or possibly a new project to implement in 2011? Were you aware that the current SAP Cryptographic library was provided by Secude? Using the secude authentication you can configure the identity to be verified against multiple backend repositories. Secude states that they currently support Active Directory, LDAP, RADIUS, Smart Card, RSA SecurID, SQL DB, and Kerberos Authentication. Once the identity is authenticated the user can log into different SAP systems without having to provide additional user and passwords for authentication. Essentially your TCO should be reduced as fewer forgotten password calls should be received by your help desk.
What does this provide for us as SAP customers? Encrypted authentication credentials? Encrypted data between the server and desktops? I believe SSO is a two edged sword where you receive some benefits such as encrypted data with Secude, but if not implemented properly it can weaken security as it only becomes a convenience item. Have you considered your desktop timeout? How long is the key valid? Are passwords better controlled when a SSO strategy is implemented? Can a user walk up to an unattended workstation and connect into a system as another user? When you consider these questions, you will see that there are some other risks that also need to be reviewed. Implementing SSO needs to be a holistic approach where all of the risks are reviewed. Not just the configuration for SSO, but the security parameters and policies used within a company. You will quickly find that the workstation configuration has increased importance and that policies need to be enforced to maintain a secure environment.
With your data and other intellectual capital being valued very highly, the encryption provided by the Secude application is definitely of value. Reporting an incident where data or login credentials were compromised at your company can be more expensive that implementing a solution. In the end, I believe that the SAP decision is a win for us all. Implementing methods of data protection, encryption and SSO within the core SAP product is a win. If you already have other solutions, this may be another opportunity to lower your TCO. I believe that if implemented with the proper planning, adding Secude and SSO to your environment can both increase security and increase ease of use.