Tech Talk: Log4Shell, Single Sign-On, & AWS Cognito

by Alice Swan Nov 25th, 2021 Tech Talks

As companies expand the amount of software tools they utilize to do business, the risk of data breaches grows. The Log4Shell exploit hammers this point home. Single sign-on solutions help companies regain confidence in the protection of their sensitive data.

On November 23rd, Colin Ardizzone, a software engineer on the Security Control team held a virtual tech-talk on Single Sign-On and AWS Cognito. He discussed the numerous security and administrative benefits of utilizing single sign-on in an organization. He also discussed several different single sign-on protocols, with a deep dive into the SAML protocol.

During this deep dive, he focused on how SAML is configured both as an administrator and user. There was also a demonstration of single sign-on being executed using Security Control and Microsoft Azure as the identity provider. During this demonstration there was a focus on how data was exchanged between the two parties using the SAML protocol. Some of the auditing and security features of Azure were also used to show how single sign-on can be a powerful security auditing tool.

About the EC Tech Talk Series

The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.