Single Sign-On Steps Up Security, Productivity
Imprivata's OneSign is a plug-and-play, Linux-based appliance that gives users access to multiple applications such as e-mail, databases and shared directories with a single password. The device supports Windows NT, Active Directory and iPlanet networks, but NetWare networks will have to look elsewhere.
The appliance maintains the individual passwords used for the separate applications, so the user need only remember one main highly secure password. Reducing the number of passwords and automating administration cuts help-desk costs, supports stronger password policies and increases user productivity to deliver a significant ROI.
For example, Company A claims that a user calling the help desk for password management issues costs around $40 per call; this includes the reduced productivity of the worker and someone to man the call. Multiply that by the number of employees, say 500. Then multiply that by the number of calls per person per year, which we'll set at two. The company therefore spends a minimum of $40,000 a year on password management.
|
\ Imprivata's OneSign is a plug-and-play appliance that gives users access to multiple apps with a single password. |
|---|
Besides the password management features, single sign-on devices can tighten security through the use of strong passwords, which avoid user's initials, birthdays, months, etc., and include numbers as well as letters. A strong policy also requires users to change passwords frequently, use long passwords and have a separate password for each resource. Imprivata OneSign intercepts applications' requests for password updates and automatically creates a randomly selected strong password.
In the lab, OneSign setup went off without a hitch. One thing to pin down before setup begins is the authentication technology,i.e., is the environment Active Directory-, iPlanet- or NT domain-based? Once the box has its own IP address and the box's security environment is set, setup becomes surprisingly straightforward with the help of wizards. Being a Linux-based box, administrators might want to preset their DNS to whatever name they give the box.
An eventual problem Imprivata might encounter is supporting a large number of back-end applications, each with its own way of updating passwords. "Instead of a large database of profiles and back-end adapters that would be difficult to maintain and control, we designed OneSign to allow the administrator to SSO-enable any possible target application using the application profile generator," said Gregg LaRoche, director of product management at Imprivata.
