Many companies now depend on applications to keep their day-to-day operations running. With the advent of web-based services and cloud computing, your employees likely start their workday by logging in to one - if not several - applications. And as data security and compliance become increasingly critical issues, the cost of protecting your company’s applications increases exponentially. Expenses for upgrades, security patches, and dedicated staff accumulate. Dealing with (gulp) breach management generates a cost of about $140 per data record. Is there a better way to stay on top of all of this?
Enter Keycloak, a RedHat open-source authentication and authorization server that handles application security. When Keycloak is implemented in your applications, via the numerous adapters available, a user never enters their passwords or other credentials into an application. Instead, they enter their credentials into Keycloak, which then sends tokens to log the user in to other applications they have access to. Why is this important? Because through this intermediation, applications never see a user’s credentials, and security vulnerabilities are drastically reduced. With a single point of authentication, users have fewer passwords to manage, and admins have one place to go when they need to provision/deprovision users of company applications.
For those who are interested in the nuts and bolts: Keycloak is a form of Single Sign-On technology compatible with OpenConnect protocol and Oauth2. It also supports two-factor authentication and social logins out of the box. More technical details on Keycloak are available here.
In terms of cost, Keycloak is open source technology that probably wouldn’t cost you more than development time to implement. Enterprise customers have the option of purchasing support.
Whether you choose to use Keycloak or another tool, your business has everything to gain from securizing user management. Want to discuss your application security needs? Contact the computer scientists at XorFox for a free consultation.