Patrick just posted to the Ping CTO blog some of our combined thoughts about what a terrible idea it is to synchronize Enterprise passwords to the cloud: Grounding Enterprise Passwords.
The ctotalk blog post is much more detailed so make sure to read it, but let me sum up in somewhat stronger terms: Giving away the shared secret that (for better or worse) is often the key to your internal windows domain and to anything linked into that domain is a really stupid idea. It is the IT equivalent of putting a “Kick Me” sign on your organization’s back. It means that no matter how stringent your own security regime is, you are only as secure as the weakest of the partners you synchronize to. Most partners are loyal and upstanding, employ good people and protect your passwords better than you do, but even then, if/when you get hacked, who are you going to point fingers at?
I believe Enterprises should be educating their employees NEVER to set or use an Enterprise password outside of the Enterprise. I also believe that a cloud service is nuts to actually accept passwords synchronized from their customers. Of course it goes without saying that the better choice is to eliminate external passwords altogether, but if you can’t do that, at least try to keep users from typing the same set of credentials into every web form that comes their way, while protecting your partners from even the implication that they might sell your password list.