Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Single-Sign-On Redux

    Written by

    Dennis Fisher
    Published March 12, 2001
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      A pair of security vendors is giving the concept of single sign-on another go, hoping combined architectures and technologies will allay the fears of administrators and CIOs and broaden the possibilities for e-commerce.

      Cylink Corp. and Securant Technologies Inc. this week will unveil a partnership that will marry the companies NetAuthority and ClearTrust SecureControl solutions, respectively, producing what officials at both companies said will be a truly secure single-sign-on platform.

      The partners arent the first to attempt such a feat, as heavy hitters such as Entrust Technologies Inc. and RSA Security Inc. have already tried single sign-on. But Cylink and Securant officials said they believe theyve solved many ease-of-use and administrative headaches that have plagued PKI (public-key infrastructure) solutions.

      Under the Cylink-Securant partnership, Cylinks NetAuthority PKI product will issue X.509 digital certificates to users, while Securants ClearTrust SecureControl policy management software enables single sign-on and can also be used to limit access to a predetermined set of applications.

      The goal is to give a companys customers, partners and employees a secure avenue of access to the corporate network.

      Administrators said such a combination could provide a needed increase in the amount of security governing the millions of online transactions taking place every week among partners, customers and suppliers.

      “Its getting tough to know all of your customers and partners, so this kind of security really is a major thing,” said Scott Woodison, enterprise security strategist at CheckFree Corp., of Norcross, Ga., a Cylink customer and a provider of financial e-commerce services and software. “The big problem with PKI is the infrastructure part of it, and if that can be made easier, youre on your way.”

      However, critics of single sign-on and PKI say the combination of these two notoriously problematic technologies is bound to cause more problems than it solves.

      Indeed, Cylink and Securant officials acknowledge there are many issues to overcome. “Theres always a trade-off between security and convenience,” said Eric Olden, chief technology officer at Securant, of San Francisco. “The marketing people want it easy and pretty, and the security people want it to be secure. In general, the user-centric approach [to security] doesnt really work.”

      Later this month, Securant will roll out a related technology that will automate much of the permission and access-control processes inherent in single-sign-on applications. The software will search all of a corporate networks information repositories—much like knowledge management products do—and extract data on each user to help set or update permissions and access levels.

      Cylink is also working on a new technology that will enable its software to issue subordinate certificates. With this feature, a user who logs in to the network once and then tries to access other applications that require a different permission level will be asked for another certificate. By contrast, Entrusts TruePass product uses a single password and digital certificate for associated applications and uses persistent encryption to hide the password throughout a users session.

      While the addition of subordinate certificates would bolster the platforms security, it would also somewhat defeat the purpose of a single-sign-on solution, which doesnt bother Cylink executives.

      “Im not a believer in single sign-on in the strictest sense. Its bothersome,” said Bill Crowell, CEO of Cylink, of Santa Clara, Calif. “You need strong authentication and the ability to manage permissions application by application.”

      In the end, however, security is still the No. 1 priority for customers. “Security is the key to the whole e-commerce process,” CheckFrees Woodison said. “It has to be there for anything else to work.”

      Dennis Fisher
      Dennis Fisher

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×