Remember the hit movie Risky Business? Joel Goodson’s parents (I do like the play on words in his name) left town for a weekend and he threw one heckuva party replete with pimps, hookers, drowned Porsches, and even a very pleased college recruiter. Many an adolescent male’s fantasy played out on the big screen. Great movie – I would say Top 10 Classic for me. But in thinking about the movie now, didn’t Joel really spend most of the movie figuring out ways to escape the very situations he created.
Not surprisingly, all the way back to Greek mythology and lore of old, our past is riddled with similar examples of bad behavior. The Odyssey is another great classic. (Side note: Sharon Parrish, my 11th grade English teacher, will die if she finds out I used the word “classic” for The Odyssey and Risky Business in the same breath.) In the Odyssey, Odysseus had his men plug their own ears with beeswax, lash him to the ship’s mast, and sail close enough so the song of the Sirens would tempt him. Many a ship and its crew were lost on the rocks, tempted by the fateful, luring song of the Sirens. Odysseus knew better but still risked his fate and the fate of his crew to heed the song. Luckily all survived that encounter.
A similar situation is brewing in the real estate industry as it increasingly responds to its own “Siren”-like call to add Single Sign-On (SSO) capabilities internally and externally. SSO, in its simplistic definition, allows users to easily traverse from one system to the next whether it is a MLS system, a membership management system, between MLS systems or even outside of the industry realm without continuing to prove identity.
“We need to make it more convenient for our users to….” is the common sentiment, along with other seemingly innocuous terms like promoting data share, creating reciprocal access, curing market overlap disorder, etc.
Blanket Statement #1 – We wholeheartedly agree with this industry direction. Clareity Security has always been on the forefront of SSO in the real estate industry, including bringing the industry together to adopt SAML as its SSO standard over five years ago. Been there, done that, and continue to promote SSO. Interoperability, ease of interaction, and improved efficiency are all absolutely crucial to the continued success of the business even during these trying times. In our estimation, SSO adoption can’t happen fast enough.
Blanket Statement #2 – the industry can ill afford to simply ignore the looming rocks while enjoying the benefits of SSO. A big nasty, boulder-sized rock just waiting to crush the hull of the industry is the lack of focus on access control. Unfortunately, a very large percentage of MLS users actively share their IDs with illegitimate users without considering, or simply thumbing their noses at, the sizeable risk in doing so. MLS operators know the sharing problem exists and a small but growing number have taken appropriate steps towards correcting the behavior through the use of stronger access control.
Clareity Security has proven over and over the prevalent MLS authentication method of simple user IDs and fixed passwords helps foster the very large shared access problem. With 25%-35% of MLS user IDs being shared by at least two people, the introduction of SSO without strong access control significantly multiplies the risk as multiple MLS systems funnel this sharing problem to each other.
Implementing Single Sign-On (SSO) without paying attention to access control issues is, in our estimation, similar to leaving the front door of your house unlocked, leaving for a long weekend, and inviting the neighborhood over for a party. No one should be surprised, upset, or shocked by the results. Should Joel Goodson’s parents have been upset to find damage to their home and/or neighborhood reputation? They shouldn’t have been too surprised as they fundamentally created their own situation. We have the same type of question for the MLS industry – will it take an opportunity now to think through access control as part of the SSO initiatives or will it find itself looking back with surprise at the outcome?
Share this post: