The rise of business applications delivered “as a Service” can be great for cost savings and operational efficiency. After all, who really wants to spend hours and hours implementing a new HR or CRM system on hardware that you will have to manage and maintain? Who wants to work over the weekend to perform yet another upgrade to an aging messaging platform which, if it fails, will stop the business dead in its tracks? And who wants to pay upfront for value that will take years to be delivered? SaaS applications let you outsource the provisioning of some of the more mundane, highly operationalized software so that the business—and IT in particular—can get on with more productive tasks.
However, SaaS apps can also add complexity if you are a user who has to remember yet another password. Or what if you are responsible for adding more steps to your onboarding and exit procedures? And it’s probably a little uncomfortable if you’re in charge of security and you notice an increasing number of colleagues retrieving credentials from under their keyboards.
As a business, while you want the benefits of SaaS applications, you need your users to keep working efficiently—and securely. It’s vital to maintain control of user identity and keep it close to you, because the data in these SaaS systems might be routine, but it can also be highly sensitive. The consequences of the theft of that data could range from a mild inconvenience to Very Bad News™ if it leaves you failing compliance audits or in breach of regulations.
Since SaaS applications take data security seriously, the weakest link is likely to be your users and their password security. Helping them follow best practices by reducing the number of identities and passwords they have to remember is a crucial step you can take to keep your data secure.
Fortunately, most SaaS offerings now allow you to federate your corporate identity into their system. Using the Security Assertion Markup Language (SAML) standard, SaaS providers can seamlessly redirect users to an identity service (known as a SAML IdP) where a user authenticates and returns with a valid token (a SAML assertion). This technology allows you to retain complete control of user identity—even when it’s being used in a third-party SaaS application.
The SAML IdP can also allow you to go beyond simple username and password authentication. Since it is in control of returning a valid assertion, it is the ideal place to add in stricter controls such as two-factor authentication or one-time passwords. It’s even better if you can insert some context-aware intelligence wherein stricter controls can be added based on context such as user location, device type, time of day, etc.
Federating identity into SaaS applications helps you maintain better control and encourages good password hygiene. Using an intelligent SAML IdP will give you more flexible access control of your outsourced business applications. With the right solutions in place, SaaS applications can deliver on the promise of greater agility and productivity, while not compromising critical security and identity management processes.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...