Access Management

Simplifying Administration

Most users need a unique password for every enterprise application, causing an exponential growth rate in passwords. Unfortunately, most applications provide no easy way or no way at all to centrally control user passwords. As a result, users create passwords that are often easy-to-guess derivatives of names, Social Security numbers, and birthdays. These " obvious " passwords make it easy for unauthorized users to gain access to enterprise applications and data. Moreover, authorized users frequently lose or forget their passwords, creating a significant password management burden on IT support. Concerns about ineffective password systems and lax password security have led to many regulations calling for improved password security, for example, in the U.S., the Sarbanes-Oxley Act (SOX) and the Health Insurance Portability and Accountability Act (HIPAA), and in the U.K., the Data Protection Act. By implementing enterprise single sign-on (ESSO), network administrators can set, assign, securely store, and change passwords from a single point of control. Benefits to the enterprise include

Implementing single sign-on (SSO) - either on a standalone basis or integrated into an IdM system - solves these password-related problems and reduces IT support costs, improves enterprise security, and simplifies password management. An SSO system enables users to access all their applications through a single authentication event. Depending on the solution selected, the SSO could also enable the network administrator to assign and control passwords from a single console, eliminating the need to personally set passwords at each user's workstation. There are several variations on SSO available.

Web Single Sign-On A Web based access management solution can include an SSO capability for Web-based applications. With Web-based SSO, the user supplies a credential. The Web server then validates the password with a central credential server. If a match is found, then the user is granted access to the Web-based application or system. With users accessing more and more applications over the internet from application service providers and other sources, Web-based SSO is critical. However, Web-based SSO does not cover password sign-on for non Web based applications such as mainframe and client/server applications. A separate ESSO is often needed for such applications. Password Synchronization Some IdM solutions offer password synchronization, where all applications that the IdM supports share the same password. In password synchronization, a change to a password on a connected system is automatically replicated to all other integrated or supported systems. For end users, synchronization does provide some simplification for their password issues. Even though they still have to type in their user credentials for each application, they can for some applications use the same password. However, relatively few enterprise applications have the interfaces needed to support synchronization. Another weakness of synchronization is that the password to which the applications are synchronized must be set at the weakest capability among all the supported applications. Therefore, all supported applications are susceptible to a security breach based on exploiting this weak password. Hackers can choose to attack the system with the weakest security controls, knowing that the password they obtain can be used on all other synchronized systems, regardless of their security controls. Thus, the security controls of all synchronized applications are reduced to that of the weakest system. In addition, applications that lack the necessary interfaces or are hosted on other networks cannot be supported. Users are still required to log on to all unsupported applications.

Company Brochure

Click Here to Download

Contact Info

44335 Premier Plaza, Suite 220 Ashburn,
VA 20147

Phone: 201-430-7667