For manufacturers, tighter federal cybersecurity laws represent a turning point in their access management strategy. Modern industries can't afford to put a security burden on technology-dependent end users because they are dependent on dozens of highly technical procedures. Even while it seems straightforward, putting a strategy into action is difficult.
Virtually immediately, the Internet of Things (IoT), the pandemic, and the spread of cloud technology spurred the digital transformation. Manufacturers still significantly rely on on-premises infrastructure but were compelled to implement new technologies to stay up with remote work. As manufacturers increased production to meet global demand, more stringent standards, such as those from the National Institute of Standards and Technology (NIST) and the Cybersecurity Maturity Model Certification (CMMC), presented even more security challenges. All these factors led to a dishevelled infrastructure that has allowed cybercriminals to thrive.
To ensure compliance, maintain bottom lines, and solve fragmentation, manufacturers need an access management strategy that works with all aspects of their environment. An agile single sign-on solution is the best place to start.
Fig1: UBISecure SSO
Integrating Single Sign-on
SSO is not a new concept. The feature has been used for years to expedite processes by many manufacturers. However, the industrial industry's patchwork environment has created a fragmentation difficulty for both end users and IT departments due to the wide variety of technology, some of which dates back decades.
While end users are juggling several passwords across numerous apps, websites, and workstations, IT is also responsible for maintaining security in this complicated environment by keeping track of user access. Password resets and manually on- and off-boarding users for each app are included in this.
It's necessary that SSO integrates with every application and endpoint — both on-premises and in the cloud. Not only would this help solve fragmentation and reduce the burden on IT, but with fewer logins to remember (or none at all), it would also increase productivity and satisfaction for end users. As more policies and regulations require additional authentication, modernizing SSO cannot be a maybe, but is a must.
Enable Compliance with Access Management
Before attacks like the one on Colonial Pipeline, many manufacturing plants had poorly secured workstations to streamline employee access to keep critical processes functioning. However, that ease of access also opened the door to cyber criminals. In response, increased regulations from the Department of Defense (DoD), like NIST and CMMC, completely transformed the security environment to protect federal infrastructure.
This may be less complicated for modern manufacturers with largely cloud environments. But for those smaller or midsize manufacturers that still rely a lot of on-premises technology, improving security can be frustrating for end users. And frankly, many organizations can't afford to overhaul this older technology to accommodate modern solutions that favor cloud. Instead, they need SSO that accommodates them.
Among the several digital identity requirements outlined by NIST, organizations that process any data related to government agencies or the DoD (a large bucket into which many manufacturers fall) must log in every time a system or application is accessed. In essence, this means no more unsecured workstations that workers can walk up to and start working on. NIST also requires increasingly complex passwords for every login and, in many circumstances, enforces multifactor authentication (MFA).
For end users who previously only had to log in a handful of times throughout their shift, this added authentication can become a burden — especially for plant workers wearing full protective gear who previously only had to push a few buttons to enable operations. With factories under more pressure than ever before, their bottom lines cannot afford to deal with hindered productivity.
These increased regulations represent a pivotal moment for the on-premises manufacturer. In short, if your SSO doesn't integrate with every login, it's time for you to rethink your access management strategy with these two words: passwordless experience.
The Passwordless Experience
Fig2: Paswordless SSO
Without the ability to use SSO for every login, there's more risk of credentials being forgotten — or worse, compromised. The fewer credentials an end user has to remember, the less likely that person is to forget a password or write it down. So, isn't the best password the one you don't know?
Think about it. If a user only logs in by tapping an NFC badge to a reader or by using biometrics, that password will remain stored away, only invoked in the background when the user authenticates. In combination with a push notification or physical token for MFA, organizations can provide employees with a completely passwordless experience that benefits both security and productivity. This also enables better holistic digital identity management, traceability, and agility across the entire organization.
While compliance should be attained, security is not the same thing. It's time to stop settling for the bare minimum and work towards effective strategies that promote progress. Make sure it's beneficial for everyone because the technology you have is only as good as your capacity to use it. You are only as strong as your weakest password if you don't use SSO for every login.
Single Sign On works by having a central server, which all the applications trust. When you log in for the first time, a cookie gets created on this central server. Then, whenever you try to access a second application, you get redirected to the central server. If you already have a cookie there, you will get redirected directly to the app with a token without login prompts. Which means you’re already logged in.
For example, Google implements Single Sign On in its services. Google’s central server is https://accounts.google.com. Once you are logged in this server, you will be able to access Gmail, Youtube, and Google Docs without entering your credentials again.
As a representative SSO implementation, one of the world’s largest Telcom companies recently hired Cybersecuritylink to provide SAML software technology, along with advice, guidance and strategic SAML related consulting services.
The client was faced with several challenges, including:
The Telco company had no prior SAML 2.0 Single Sign On (SSO) experience
The client was faced with a highly strategic business partner relationship, and a critical use case project
The client faced extremely aggressive timeframes
As part of the complete solution, Cybersecuritylink has provided ongoing SAML related strategy, design, architecture and implementation consulting services to the Telcom companies. The result has been extremely successful for the client, as they have been able to “…move faster, and in a more informed manner, than their SAML-savvy strategic business partners…”
“Risk management, IT security & data protection are one of the top priorities for our activity. We started working with Cybersecuritylink two years ago when we developed a new product and we wanted to know all the potential vulnerabilities in order to minimize risks upon release. The team performed a complete white box penetration testing audit and delivered all the necessary recommendations to ensure a secure product. We strongly recommend their services and if you look to get a long-term partner, you should have a talk with them.” Stated Adrian Brandon, CIO of Vienna Telecom Group, with whom we partner currently for their enterprise wide SSO implementation.