Standards like SAML (Security Assertion Markup Language) exist to make this process easier. Based on XML, SAML provides an easy way to control authentication into application sessions that are running in a browser environment. Checking the marketing team’s current applications for SAML support is a good first step for IT to take in regaining control.
Common marketing apps like Salesforce, SugarCRM, Dropbox, Marketo, WordPress, HootSuite, KnowledgeTree, UserVoice and Lithium already support SAML as standard. Putting formal rules in place around user log-in to accounts on those sites is fairly easy. Others like Twitter, Facebook and LinkedIn use forms of OAuth for controlling sign-on to applications. Access to these services can be automatically linked to the user’s identity within Active Directory; all access can then be put through a secure channel based on single sign-on (SSO).
For applications that don’t support the SAML standard, there are several options:
- Start shouting at your vendors for SAML support as part of their development road-map – there are open source SAML toolkits out there, so implementing this should not be difficult for the tool provider. Getting this in place should also help them in the long run, as it aids the provider in other sales situations.
- Explore other options – these include checking for WS-Federation, Kerberos or OAuth support. Building authentication support based on these standards instead could be suitable.
- Help find another tool that is SAML-compliant – There are so many available to marketing professionals that it is often easy to find a replacement. As they are SaaS or cloud apps, there should not be much lock-in to those applications either from a technology perspective.
- For apps that don’t support a standard like SAML you can use a password vaulting solution that encrypts the passwords and allows IT to manage them from a central location. There’s no reason why a social media manager should ever know the credentials for the company’s Twitter account. A side benefit is you can give many more employees access to things like Twitter in a very safe way.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.