Single sign-on increase security by centralizing identity management, authentication and identity lifecycle management, therefore preventing identity sprawl and scenarios such as users leaving the company but still having their cloud privileges active.
It's also enables enforcing password complexity controls and multifactor authentication in a centralized place.
Defense in depth suggest multiple layers of security where SSO is one of those layers. Defense in depth Not relates to whether a specific layer of defense has a single point of failure. Most single sign-on systems are implemented using multiple redundant and HA back ends such as multiple directory services that can authenticate the user or a cloud service such as Azure active directory or OKTA deployed across multiple cloud regions and therefore have very high availability.
Hope that helps,
Mark
------------------------------
Mark Carter
General Manager
AWS
------------------------------
Original Message:
Sent: Aug 31, 2021 03:45:03 PM
From: Jenna Morrison
Subject: SSO & Defense-in-Depth?
Hello,
In the CCSK training and in the security guidance (domain 12) they talk a little about SSO (Single Sign On). In some ways this seems like it would be more secure, using a federated identity manager, however it also seems a bit contradictory to the defense-in-depth concept? Wouldn't using SSO create a single point of failure and thus be less secure?
------------------------------
Jenna Morrison
Training Department Intern
Cloud Security Alliance
------------------------------