Securing systems with single sign-on


19 Nov 2003

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Often information anxiety can be defined as having too much information delivered by IT and not knowing what to do with it, such as too much email hitting the inbox every day or demands hammering home by instant message (IM) every third minute, leaving the average worker feeling bewildered and struggling to figure out which task to act on first. The curse of information overload: so much to do, so little time.

But another aspect of information anxiety is the spectre of security and the growing dependence on passwords and ensuring that only the right people have access to the right files and databases. The typical workplace has at least four different business systems that require user authentication. As the business environment grows more complex it doesn’t take long for the number of passwords and login processes to reach double digits. How do users remember all their different usernames and passwords? They don’t. They jot them down on sticky notes, tape them to the bottom of their keyboard, record them in a notebook, store them in their handhelds, or write them in any one of a number of places that can be easily discovered by a determined intruder who enters the users’ offices. Without an effective password management strategy in place, you put your enterprise’s valuable digital assets in jeopardy.

This new realm of information anxiety has given rise to an area of technology known as identity management that has providers such as Novell, Computer Associates, Microsoft, Oracle, Unisys and IBM all striving to come up with an effective way of enabling companies to manage identities and access privileges in what they are keen to push as enterprise utopias.

The technology allows new employees to be set up with network resources in minutes, rather than days, while requiring them to have only one password for access to servers, printers and other proprietary equipment. Because of significant savings in time and money, industry sources say that identity management systems can pay for themselves in a year. The current generation of identity management systems brings together four major components: directories that hold the personal data used to grant access; a management system to add, modify and delete the data; a security system that regulates access; and an auditing system that’s designed to ensure compliance with privacy regulations.

According to the research firm Gartner, global sales of identity management systems will grow to US$4.6bn in 2007, doubling the US$2.4bn in revenue generated in 2002. In the corporate world, General Motors uses the technology to help track the employee credentials of some 17,000 suppliers that log into its B2B system to bid for contracts.

Key to avoiding duplication or mixing up on the network is the whole issue of single sign-on, which goes beyond strict rules of managing a password. The technology is being pushed in different ways: by Microsoft through its .Net Passport service, which lets consumers store personal information with the software giant and reap the advantages of single-sign on at Passport affiliated sites; and by Novell with its SecureLogin component of its Nsure secure identity management family.

SecureLogin acts as an identity overseer for all the systems that users access. It knows all about each user’s multiple identities-usernames, passwords, and password policies in all of the different systems, securely managing and encrypting that authentication information in the directory. With this knowledge, Novell SecureLogin can automatically unlock access to any system that an authenticated directory user is authorised to use in a manner consistent with corporate security policies.

In September, Novell signed a deal with Eircom to deploy a single sign-on solution as part of a SecureLogin and eDirectory rollout to its 800 call centre staff deployed across multiple locations who need to log into up to 20 applications in any one day. Paul Thornton, distributed technical services manager at Eircom, says: “Traditionally, each application needed to be individually logged in to using different user names and passwords, and typically took users 20 minutes to log in to all their required applications. This also meant that this system had security implications with employees having to remember multiple passwords, consequently, a high proportion of help desk calls were from users requiring assistance in retrieving passwords. The installation of secure sign-on has improved end-user productivity and significantly reduced IT costs by cutting out the need for multiple entries of different passwords and user names.”

Kevin McAteer, business development manager of Novell in Ireland explains: “The technology essentially builds up a memory of applications you are accessing as you access and cuts across 32-bit application websites within the business as well as selected locations on the internet, without compromising internal security. Basically, names and passwords are held in a secure part of the directory. In Eircom’s case, the time management of passwords and allowing workers to access multiple applications was reduced by 70pc. In a typical customer transaction, the time taken to log into different applications was reduced from 20 minutes down to two minutes.”

McAteer believes that the use of identity management and their inherent secure sign on applications were particularly relevant in customer facing organisations. “The Novell strategy is more in line with what people in financial services are doing in terms of multi-tasking and cutting down on the time taken in handling customer transactions and boosting workflow. There is a strong case for identity management going forward, especially in terms of flexible working deployments, whereby the technology can enable workers to access critical applications anywhere and at any time, without compromising security. In fact, we believe it will be one of the enabling technologies for flexible working going forward,” McAteer concludes.

By John Kennedy