Can password policies survive the BYO movement?
If you can’t beat them, join them. The classic proverb pretty much sums up how organizations have managed the growing number of personal devices in the workplace. Thanks to Bring Your Own Device (BYOD), what could have been a tug of war, now means IT acceptance and end-user satisfaction. And while that particular movement has been successful, we have yet to see the verdict on its successor, Bring Your Own Application (BYOA).
It’s a matter of perspective: BYOA for some, and Shadow IT for others. A natural outcome of SaaS adoption, despite what you call it. These aren’t your average business applications – clunky, restrictive, topped off with a learning curve. They are dynamic, and inclusive, catering to entire departments (development, collaboration, analytics, business intelligence), and individual users (web conferencing, social media, storage/backup).
BYOA holds some unique challenges, despite its similarities with BYOD. The most obvious being the compliance question that comes with the territory: where exactly is the data going, how is it getting there, and what will happen if it is lost or compromised. Historically, we have turned to IT, and practices such as encryption, to keep data secure. But as the burden shifts to SaaS providers, we once again risk exposing the weakest link – users.
With 63% of confirmed data breaches involving weak, default, or stolen passwords, and without an effective authentication policy, organizations are increasingly vulnerable. Simply put, they no longer have the means of stopping users from defaulting to Password123 or 1234567 during authentication. Without a strategy to consolidate the varying user identities, and tie them back to the corporate directory, existing password policies might as well be null.
By taking on authentication, with the added bonus of cloud, Identity as a Services (IDaaS) promises a simplified user experience, and centralized identities via Active Directory integration. It seems that there is hope for existing password policies, as long as they’re willing to be duplicated to the cloud, along with their complementary user data. In our latest whitepaper, we explore the outcome of this approach, also known as, Directory Sprawl. By looking at its challenges such as user data replication, and synchronization, we bring a new perspective for organizations rethinking their authentication approach.