Imprivata's Geoff Hogan writes about single sign-on technology in the November issue of Security Technology Executive.
There have been times over the past few years where stories of data breaches, unauthorized access and the theft of intellectual property were appearing on what seemed like a daily basis. Some of these incidents even garnered front-page status in national newspapers. What organizations have learned is that they need to have more stringent control over their enterprise — specifically its assets, company data and employee access to both.
Businesses today need to have policies and solutions in place that enable employees to securely access what they need when they need it. In doing so, they can ensure the protection of their business from the myriad of looming threats — including those from within their own organization.
The Password Management Challenge
The challenge is that password management has without question become one of the most problematic security issues that companies face today, and as the number of business applications grow, so do the number of passwords. Now add to that the fact that the complexity of these passwords is also increasing and what businesses are left with are challenges:
• Many users are leaving passwords open to the public in the form of sticky notes, which leaves their access rights available to expose sensitive information; and
• Employees seeking password resets are flooding their help desk with costly requests.
With employees being asked to recall more and more complex passwords, remembering each has become increasingly difficult. In the end, employees lacking the correct password get locked out of the very applications they need to perform their job. The first impact is an initial drop in productivity, soon followed by a growing sense of aggravation on the part of the employee. It is at this juncture that the employee calls the IT help desk for assistance in getting their password reset.
A single call for help may not seem like a mounting issue until you take into account the following: According to Forrester Research, more than 30 percent of all help desk costs are password-related — a fact which shows that this single call is just one of many others.
The reality is that the cost of password problems can snowball, and it quickly turns into an issue that can cost businesses hundreds of thousands of dollars every year. This help desk statistic still does not include the cost of lost productivity that results from employees being locked out of applications or the potential security issues the business may face when employees decide to jot their passwords down on sticky notes, which can fall into the hands of anyone with bad intensions.
The answer to the password management issue is single sign-on (SSO). The right SSO solution delivers businesses of all of sizes and industries — including healthcare, financial services, government and others — a smart and affordable way to strengthen IT security while improving employee productivity. SSO simplifies the password management problem by requiring each employee to remember only one primary credential to gain access to their authorized desktop, network and applications. This credential can be a user name and password. It can also be a strong authentication method such as finger biometrics, which eliminate the need to recall a password altogether. What this means is that each person’s network identity will have all the relevant application credentials linked to it and authentication will be managed automatically by the SSO system. What this translates to for the employees is that they are spending less time logging in and out of their applications and more time on pressing matters that are vital to the businesses’ success.
In the healthcare industry, SSO solutions eliminate the need to constantly type in logon passwords, and, in turn, give staff more time to focus on addressing patient needs. SSO has enabled Fairfield Medical Center in central Ohio to immediately reduce help desk costs by dropping the number of inbound calls by more than 50 percent — a number which continues grow.
In the financial services space, Renasant Bank, with 68 locations across Tennessee, Mississippi and Alabama, was able reduce password resets by 82 percent in the year following its SSO implementation. This drop has enabled employees to focus on their jobs and not their passwords.
SSO solutions can also help to reduce IT burden by letting administrators implement a clear, straightforward password policy across all SSO-enabled applications. The policy can be based on an employee’s primary role, function and/or location. With SSO, administrators can also set password complexity constraints (minimum/maximum length, reset intervals, auto resets, etc.), manage authentication challenges and accommodate application-generated password reset requests. This automation significantly reduces the IT burden.
Some SSO solutions enable end-users to monitor and track all desktop, network and application access activity in a centralized log file. This gives businesses the ability to demonstrate who has been authorized to access which system, who actually accessed which system, and who is sharing passwords. Ultimately, this enables user accountability and the ability to easily report for regulatory compliance.
Choosing the Right SSO Solution
While an SSO solution can address these and a variety of other needs, some can be costly, difficult and even time-consuming to deploy. Additionally they may involve lengthy set up by means of scripting to SSO-enable a variety of applications. This may make installation and updates complicated and expensive. So which SSO solution would be right for your organization? There are several criteria that you should take into account when examining SSO technology options.
First, look at your business issues and identify those solutions that address the issues you face. Focus on the solutions that have the potential to create a more efficient and secure organization. Specifically look at a solution that delivers all the functionality that your IT staff and employees need to make a difference for your business.
Second, identify solutions that are easy to implement and can enable SSO without modifying your existing infrastructure — whether directories or applications. Businesses of all types benefit from quicker implementation, lower help-desk costs, increased productivity and compliance — all without interruption of current business activities.
Third, pick a solution that fully supports the management of multiple strong authentication methods. This enables companies to implement levels of security that are appropriate for specific employees, groups of employees, computers/workstations and the overall organization.
Fourth, look for a solution that employees can quickly adopt without extensive training. The benefits of SSO are only realized when employees embrace the technology and kick the password habit entirely. Those solutions that require extensive training or change employee workflow dramatically will inevitably discourage the user from tapping it.
For those businesses that have implemented the right SSO solutions, employees have embraced the new technology and its proven ability to eliminate the password management struggles that they face on a daily basis. They have also embraced the fact that SSO allows them to work more productively. As for the IT team, they are able to eliminate password-related calls to the help desk, ensure greater security and ultimately enable users to access their applications without complicating their lives with greater security measures.
Geoff Hogan is senior vice president, Business Development & Product Management/Marketing at Imprivata Inc. He has 20 years of business development, marketing, sales and general management experience in the storage, data management, and software infrastructure market segments with both large organizations and start-ups.