For applications that don’t support the SAML standard, there are several options:
- Start shouting at your vendors for SAML support as part of their development road-map – there are open source SAML toolkits out there, so implementing this should not be difficult for the tool provider. Getting this in place should also help them in the long run, as it aids the provider in other sales situations.
- Explore other options – these include checking for WS-Federation, Kerberos or OAuth support. Building authentication support based on these standards instead could be suitable.
- Help find another tool that is SAML-compliant – There are so many available to marketing professionals that it is often easy to find a replacement. As they are SaaS or cloud apps, there should not be much lock-in to those applications either from a technology perspective.
- For apps that don’t support a standard like SAML you can use a password vaulting solution that encrypts the passwords and allows IT to manage them from a central location. There’s no reason why a social media manager should ever know the credentials for the company’s Twitter account. A side benefit is you can give many more employees access to things like Twitter in a very safe way.
Once this situation has been looked at, there is then the question of ongoing management. After all, there is no value in solving the problem once only for things to then drift back to being unmanaged again in the future. The point here is whether marketing retains the management of the tools that its users require, or if this shifts back into IT’s domain again.
At this point, IT should be able to automate much of the management side too. By providing guidance on processes and collaboration as well as taking on the management responsibility around security, IT can help marketing be more productive. Use of SSO and identity management tools can help here, particularly as more applications move over to being hosted in the cloud.
Looking further into the future, the shift of applications and services over to the cloud will not stop. Marketing is a strong outlier as the teams here tend to take up new technologies and applications quickly; other functions within the business will also start their journey over to cloud apps too, if they have not done so already. Being able to keep pace with this move and help users across the business to keep secure should be a long-term goal for security professionals.
As a department, marketing wants to use the best tools open to them in order to carry out innovative campaigns and drive business. For IT, looking at standards and cloud identity management tools together can help marketing achieve its goals.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.