Thursday, 3 December 2009

Secure Access to SaaS Applications


Static passwords replaced by two-factor authentication for applications in the cloud 

25 November 2009: With the growing demand for web-based SaaS applications, UK-based Signify has extended its two-factor authentication (2FA) hosted services to provide secure access to cloud-based applications such as Salesforce.com and Google Apps. While 2FA is becoming the de-facto standard for remote access to server-based business applications, most SaaS solutions including Salesforce.com and Google Apps still only provide authentication with static passwords that can be easily compromised.

In addition, the new Signify SaaS Login component of the service allows users to identify and authenticate themselves just once for access to all their network or cloud-based applications using a single set of two-factor authentication credentials. This increases the level of protection for corporate applications and data in the cloud by providing fast and convenient token or tokenless authentication.

"With the growing popularity of corporate SaaS applications such as Salesforce.com and Google Apps that present access to potentially sensitive data in the cloud, it is an anomaly that most enterprises still rely on just a user name and password for authentication," said Dave Abraham, CEO at Signify. "SaaS Login is designed to fill in this security blind spot with strong two-factor authentication and comply with industry policies and guidelines that increasingly specify 2FA for remote access. Many organisations do not realise that this includes access to SaaS applications."

Using the SAML (Security Assertion Mark-up Language) authentication protocol, the new SaaS Login component integrates Signfy's 2FA hosted services with SaaS applications. This enables users to log in using their existing two-factor token-based or tokenless credentials. Once logged in securely, Signify then allows easy 'one click' sign-on to each cloud or SaaS application, without requiring further authentication.

No comments: