One of the most common concerns we hear from prospective customers is that their users frequently bypass IT controls to access applications directly. This has a snowball effect that begins with the compliance headache IT experiences and continues on to the security risks associated with exposing their company’s network and proprietary data.
We call this “Side-Door Access,” and it’s one of the many things that Symplified is great at eliminating.
Side-door access is when users bypass single sign-on solutions (SSO) and access cloud-based applications directly instead of using a corporate portal. The intention of Web access management and SSO solutions is for all users to authenticate from a centralized portal. From there, users can access sanctioned corporate applications through a Web link or an application icon that is controlled by corporate security policy.
However, when vendor solutions don’t perform as expected, or present a less than pleasant user experience, people have a tendency to skip the portal and access applications directly from the Web.
Most SSO vendors, in fact, are unable to prevent side-door access.
The impact of side-door access can be greater than you, your users or other SSO vendors realized:
- Applications accessed directly via the Web create increased exposure for security breaches because it’s easier to compromise credentials and client connections can be less secure
- Application usage reporting and visibility are inaccurate when the portal is avoided, which can lead to billing disputes with SaaS vendors
- Auditing and compliance reporting is often erroneous, which can jeopardize the outcome of audit results
- Newly-terminated employees can create a window of potential data leakage if they can still access applications directly
- IT loses credibility when their users can bypass a solution that was budgeted and implemented as the corporate standard
We’ve just recently released two new free tools to help you better understand side-door access, its risks to the enterprise, and what you can do to prevent it.
- A technical white paper: “The Threat of Side-Door Access: The Way Employees Access Applications May Put Your Company at Risk”
- A recorded webinar by one of our Sales Engineers: “Preventing the Threat of Side-Door Access”
And if you have any questions for our experts about side-door access or ways to prevent it, please let us know. We’d love to help.
- The Symplified Team