Security and technology professionals understand the importance of keeping systems and services as secure as possible. Whilst there is no way to make anything 100% secure, there are layers of protection that can be applied to mitigate the risk of a breach. However, there is always a payoff to highly secure systems: the user experience.
Here we look at the impact security measures can have on user behaviour, user experience, and overall appetite for improving security posture and how SSO can mitigate these.
Security Breeding Bad User Behaviour
Bad Password Practices: Human nature is to find the path of least resistance to achieve a result. The increasing need for users to remember passwords for these systems, passphrases for that, and forced password expiries, has created password fatigue for users. We still hear, often, about unsecure user practices of excel spreadsheets full of corporate passwords, post-it notes on screens, notepads of credentials, and emailing round updated passwords for shared systems. This is still happening, and it’s happening because IT departments often consider Single Sign-On (SSO) to have been effectively deployed once it works with a set of “core” applications. However, the user optic on this often portrays a very different story, and they just can’t cope with the volume of corporate passwords they need to manage for use beyond the IT team’s list of “core” applications. Despite users understanding the importance of password security, these unsecure practices are often the only way for the user to practically manage the problem.
Avoiding Security Measures: Where users face a security measure that introduces significant user friction, such as MFA or a complex password policy, it is far more likely they will try to find a workaround that avoids the measure, and any security benefits it brings. Password policies may simply be ignored, or barely meet the minimum strength requirement by using a password such as “P@ssword1”, or MFA may be disabled if the user is able to do so.
Shadow IT: High user friction can also increase Shadow IT as employees turn to other cloud applications for ease of use. If access to the corporate cloud data service is protected by onerous security measures at every step, organisations may find that their employees turn to storing sensitive data in alternative cloud applications and services without the knowledge of the IT department. If IT are unaware that an application is in use, they cannot enforce security measures on them, and the organisation’s investment in security technologies and processes become ineffective.
Reluctance to Improve Security Posture: A further challenge with increasing user friction is that it can make security and IT teams reluctant to adopt new technologies to protect organisations from the threat of data breaches. The need to compromise on user experience to benefit security can also create a tension between different departments in the organisation as users can be resistant to the adoption of new technologies if they have a real or perceived, negative impact on employee productivity or user experience.
How modern Single Sign-On (SSO) avoids the need for compromises
Unlike most cybersecurity technologies, Single Sign-On negates the need to compromise between security and user experience. In fact, leading, modern SSO solutions, that incorporate enterprise password management functionality, have the advantage of actually reducing user friction by removing the need for end-users to create, manage and enter passwords. SSO solutions which are linked to the corporate directory allow for automatic authentication. Some solutions will even run in the background, with no UI, meaning no change in user behaviour. As a result, users are no longer motivated to store identities in an unsecure way or to circumvent security measures.
Using an SSO solution significantly reduces the time taken to access applications and removes other sources of friction inherent to password-based authentication, such as the need for frequent resets. The additional benefit of being able to integrate new applications easily reduces provisioning administration and eases user onboarding. Leading SSO solutions can also detect and manage shadow IT risks which will help mitigate the potential financial and reputational risks of a data breach.
SSO typically enjoys high rates of user adoption as it benefits both employees, who are able to work quickly and more efficiently, and the organisation, who can centralise user access and protect themselves from cyberattacks.
