Today news broke that OneLogin, a software-as-a-service (“SaaS”) identity provider, has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data.
This is a nightmare scenario we’ve been talking about for years at Gluu.
In fact, it’s one of the main reasons we have avoided creating a SaaS offering for the Gluu Server.
A SaaS brimming with PII is a huge target.
Even worse, OneLogin’s customers will never have the opportunity to perform their own forensic analysis to determine how their data was affected.
We understand how challenging it can be to manage on-prem software. And to be frank, some services just aren’t worth hosting your self.
But your authentication service is your keys to the kingdom.
When its security is compromised, it is devastating.
This is not to say that on-prem systems are immune from breaches. Clearly they are not.
But attacks against on-prem systems have to be specifically targeted at you or your organization. And when you control the system, you have remediation options that can be acted upon immediately (without approval from a 3rd party).
The threat of digital breaches is more real than ever, and the majority of breaches are due to bad access security.
Let this be the alarm you need to force a serious evaluation of your security practices.
- Host your own central authentication service using the Gluu Server, and use strong authentication everywhere;
- Protect critical web resources with U2F authentication–it’s the only technology that protects against a man-in-the-middle attack. Learn more here.
- Use strong, random and different passwords at all of your most critical services.
If you’d like to discuss your security requirements, we are always available.
Thanks, and stay secure!
Subscribe to Get News and Product Updates
our RSS Feed