Information Technology Reference
In-Depth Information
applications.. This. can. increase. eficiency. and. even. security.
if.the.system.is.well.designed.and.maintained..However,.the.
adverse.of.that.should.be.a.caveat.to.anyone.considering.a.
single. sign-on. system.. If. not. well. designed. and. maintained,.
this.type.of.identity.management.creates.security.issues.that.
must.be.thought.about.carefully.
For.instance,.if.you.have.a.single.sign-on.system.in.place,.
your. attack. surface. becomes. less. complex. and. now. only.
depends.on.one.failure.to.compromise.all.of.the.data.that.a.
user.has.access.to.
That.being.said,.single.sign-on.is.often.most.appropriate.
when. access. is. being. granted. to. similarly. classiied. sets. of.
data..To.allow.single.sign-on.with.access.to.nonsensitive.data.
as.well.as.highly.conidential.data.would.not.be.a.good.risk.
management.decision.
Allowing.access.to.your.basic.work.iles,.e-mail,.Internet.
connection,.and.desktop.applications.through.a.single.sign-
on. would. make. sense,. but. access. to. a. personnel. database.
with.conidential.information.might.still.require.another.level.
of.authentication.
In.the.absence.of.this.type.of.overall.system,.identity.man-
agement.is.simply.the.connecting,.via.authentication.creden-
tials,.of.users.or.entities.to.the.data.or.application.to.which.
they.have.rights..It.will.also.manage.different.levels.of.rights.
such. as. read-only. access. (so. you. can. view. but. not. change.
data),.write.access.(you.can.write.new.data),.or.change,.delete,.
move,.and.so.forth,.rights.that.allow.you.to.manipulate.data.
depending.on.your.authenticated.permissions.
Another.method.of.controlling.access.to.data.is.to.logically.
compartmentalize. the. data. within. a. network. or. other. stor-
age.medium..At.the.micro.level,.you.can.create.proiles.on.
one.area.of.a.computer.or.network.drive.or.you.can.create.
partitions.on.a.hard.drive.and.assign.different.rights.or.access.
privileges.to.those.proiles.or.partitions.
You.can.see.an.example.of.this.on.most.any.Windows-
based.computer.by.looking.at.the.Documents.and.Settings.
folder..Within.that.folder.will.be.different.names.of.the.users.
