CISSP · Question #496
Which of the following is the GREATEST security risk associated with the user of identity as a service (IDaaS) when an organization its own software?
The correct answer is B. Increased likelihood of confidentiality breach. When an organization uses IDaaS while developing its own software, the greatest security risk is a confidentiality breach because sensitive identity and authentication data is handled by a third-party provider outside the organization's direct control.
Question
Options
- AIncompatibility with Federated Identity Management (FIM)
- BIncreased likelihood of confidentiality breach
- CDenial of access due to reduced availability
- DSecurity Assertion Markup Language (SAM) integration
How the community answered
(25 responses)- A24% (6)
- B56% (14)
- C16% (4)
- D4% (1)
Why each option
When an organization uses IDaaS while developing its own software, the greatest security risk is a confidentiality breach because sensitive identity and authentication data is handled by a third-party provider outside the organization's direct control.
IDaaS solutions are specifically designed to support Federated Identity Management standards, making incompatibility with FIM unlikely and not the greatest security risk.
IDaaS involves delegating identity management - including credentials, tokens, and user attributes - to an external third-party provider. When an organization also develops its own software, integration points between internal code and the IDaaS platform create additional attack surfaces where sensitive identity data could be exposed or intercepted. This third-party dependency increases the likelihood that a breach at the provider level or a misconfiguration in the integration could compromise confidential user data.
While availability is a valid concern with any cloud-based service, denial of access is a service disruption issue rather than a security risk, and it is generally mitigated by SLA agreements and redundancy built into IDaaS platforms.
SAML integration is a standard, well-supported protocol used by IDaaS providers to enable secure single sign-on, so its use represents a feature rather than a security risk in this context.
Concept tested: IDaaS security risks and third-party identity management
Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/identity-management-best-practices
Topics
Community Discussion
No community discussion yet for this question.