While data privacy, as well as network security, has long been important to EBSCO and our library customers, there is an increasing focus on the security issues around accessing licensed electronic resources. In a recent message to customers, we outlined best practices for strengthening security. One item mentioned was for customers to consider alternatives to IP and/or account-wide User ID and Password authentication ― a notion so engrained in library resource delivery that alternatives are rarely considered.
But simply highlighting this point furthers the process of redefining the paradigm. While not currently a popular conversation in the library community, there are some very compelling reasons to advocate for it. As technologies and platforms advance, there is a growing field of alternative access models. The need for this shift is driven equally by the need to provide security around user data, as well as intellectual property and the fact that library users are increasingly remote (defined as outside the physical library space). For this reason, relying on location-based User IDs or IP addresses ― that tie the individual to a location, or even to a single institution ― are becoming more outmoded.
As technologies and platforms advance, there is a growing field of alternative access models.
As technologies and platforms advance, there is a growing field of alternative access models.
Current alternatives to Account Username/Password or IP-based authentication include Personal User identification, Google Sign In, Single-Sign On (SSO) and SAML-based options such as Shibboleth and OpenAthens. The first step for libraries is to understand alternative options and how they fit into the larger library landscape. As a service provider, EBSCO will continue to support multiple authentication models; however, since not every option will work for every institution, customers should look at their current practices, understand the associated security issues and evaluate the full spectrum of options available.
In a recent EBSCOpost blog post on data security, Scott Macdonald, EBSCO’s Vice President of Information Security and Platform Operations, stated, “By promoting and implementing modern, standards-based approaches to authentication and access (such as SAML/SSO) as well as other security best practices (including TLS standards-based encryption and enhanced password quality) and account lifecycle management, we will adopt the appropriate technical mechanisms to truly protect user privacy in the digital age.”
We encourage library customers to consider all options currently available ― including ones they may not have previously considered. EBSCO Connect offers basic implementation requirements for all of EBSCO’s available authentication options.