<img src="https://secure.leadforensics.com/32105.png" style="display:none;">

The Hidden Risk of Legacy App Authentication

Hidden-Risk-Blog.jpg

The migration towards cloud applications and away from in-house legacy desktop applications is a trend fundamentally driven by the lower total cost of ownership web solutions offer. New cloud alternatives are replacing on-premise solutions, but it is not happening overnight. The prospect of replacing all on-premise applications with cloud solutions in one fell swoop would bring most organisations to a standstill, so while the ultimate goal for many companies is to migrate to the cloud, the reality is that there will be a mix of cloud and legacy applications in use for the foresable future.

In 2016, a week doesn't go by without a data security breach hitting the headlines. The statistics back this up, with 90% of large organisations in the UK now admitting to having been hacked*. Most organisations will have a host applications that span an age - keeping them all secure is the challenge. 

The increasing number of logins in use across organisations has driven the need for Single Sign-On (SSO) as a result of the benefits it provides: the mitigation of insider threats; improved user experience and authentication processes; while also reducing downtime due to forgotten passwords. SSO puts organisations firmly in control of user access. 65% of data breaches are caused by users’ weak passwords and weak password practices** - something SSO eliminates by removing the need for users to remember a multitude of passwords or rely on insecure practices.

While an SSO solution can leverage the benefits of connectors such as SAML, SAML integration is often limited to more modern applications, especially those in the cloud, leaving a gap for providing SSO for legacy desktop applications.

Web-only SSO is a Sticking Plaster

As we’ve seen in the huge impact of recent breaches, relying on employees managing passwords puts organisational data at risk. Aside from these tangible concerns, a breach of information puts at risk the long term reputation of an organisation and can indeed affect the C-Level management. The average cost of a data breach is £2.3 million, but the cost to TalkTalk for their recent breach was closer to £40m. Additionally, their reputation took a significant hit, losing 95,000 customers as a direct result of the data breach.

Statistics show that 2 out of 3 attacks are credential based and that 65% of all hacks are the result of employee’s weak-password practices. User-created passwords are inherently weak and are the number one cause of data breaches.

By introducing an SSO platform that is limited to protecting only cloud based applications, organisations are leaving a gap in their data security. While the deployed SSO may remove the need for users to manage some of their passwords, for cloud apps, users will still have to manage application passwords for those apps that operate outside of the SSO. When users are left to manage their own passwords, typical behavior will see them revert to insecure practices such as writing passwords down, storing them in Dropbox or spreadsheets, using easy-to-remember weak passwords. This creates a data security risk leaving the legacy applications as those most vulnerable to being hacked.

The Application Landscape

Deploying a Single Sign-On that doesn't integrate with every application is one of the most-common reasons for SSO projects to fail, but it also presents a signficant data security risk. Understanding the extent of web, mobile and legacy applications in use within the organisation is therefore critical to ensure any SSO solution that's implemented should address them all. This is especially important when departments autonomously purchase and implement 3rd party apps that are out of sight of IT.

Unlike other SSO solutions, My1Login provides seamless Single Sign-On for both web and legacy desktop applications. While still supporting identity standards such as SAML, SCIM, OAuth 2.0 and OpenID Connect, My1Login also integrates with target applications that don’t have connectors. This ability to integrate with applications without the need for connectors or APIs enables My1Login to be rapidly deployed, even in the most complex of enterprise environments. Crucially, it can also automatically detect and integration applications, ensuring IT have visibility of all apps in use throughout the business.

The inablity of an SSO solution to work with all applications in use across your organisation is one of the main five reasons SSO projects fail. If you'd like to find out the other major causes of SSO projects failing, check out our White Paper on the 5 Reasons SSO Projects Fail.

New Call-to-action

* Source: HM Government Information Security Breaches Survey 2015 
* *Source: Verizon Data Breach Report

 

Back to Blog

Related Articles

The 3 Steps to Passwordless

More than 80% of all enterprise data breaches are made possible by weak or stolen passwords. The majority of employees who have already been scammed through...

What can you do when an app does not support Passwordless?

The annual costs of cybercrime are estimated to continue to grow at 15% each year until 2025. With high-profile attacks on organisations frequently in the news,...

Identity and Access Management: What Matters Most When it Comes to ROI?

This blog examines the profound impact that User Experience and Application Compatibility can have on the business case and return on investment (ROI) delivered...