Rethinking the Datacenter Sponsored by HP Today's datacenters need to increase utilization, get control over power and cooling costs, and align with business objectives. Download this eBook to learn about the challenges facing the data center in a world where digital information is growing at a torrid pace and costs are being held in check. Learn more. »     Putting the Green into IT Sponsored by HP Electricity use in data centers is skyrocketing, sending energy bills through the roof, creating environmental concerns and generating negative publicity. "Going Green" means looking to technologies like virtualization, energy-efficient chips and racks, and implementing policies that extend beyond the data center. Learn more. »     Managing the Modern Network Sponsored by HP In a global economy where information crosses the globe in an instant, and where Web-based applications power business, it's more important than ever to ensure your network is safe from threats and optimized to deliver the data your business needs. »     Evaluating Software as a Service for Your Business Sponsored by Webroot Is Software as a Service just hype, or is something really going on here? See if your company can benefit as SaaS tries to change the face of the enterprise. »     Is Your Disaster Recovery Plan Good Enough? Sponsored by HP Preparing for a disaster is more often than not part of the storage planning process, and it is one of the most difficult tasks, since it includes local hardware and software, networking equipment, and a test plan. Learn how to get disaster recovery right. »

XML/RSS feeds EarthWeb IT Management news and headlines CIO Update headlines See more EarthWeb Network RSS feeds FREE Tech Newsletters Instant Messaging Planet HTML CIO Update CodeGuru Update Enterprise Networking Planet Practically Networked HTML Enterprise Storage Forum HTML Optically Networked HTML Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Developer.com Update Gamelan Java Update Goodies to Go Javascript Weekly HTML JARS Java Update OpenSource Update SysOpt Tech Notes Grid Computing Planet HTML E-Security Planet HTML Virtual Dr. Text

Special Reports • ITIL v3: Bridging the Gap Between IT and Business • Outsourcing’s Seven-Year Itch • The Productivity of Technology is in Jeopardy • Offshore Considerations for Infrastructure Management • Disaster Waiting to Happen • Friday’s Top 5 • Top 10 Money Savers for 2008 • Understanding the 10 Fundamentals of Any Business • 8 Great Training Tips from the Canadian Army • Enterprise Architecture and SOA: Two Tribes More Special Reports

IT Focus Tech Focus: Security Cybersecurity: Laws Only Go So Far Mozilla Firefox vs. Internet Explorer: Which is Safer? Is Your Blog Leaking Trade Secrets? The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip? Stopping Spammers at The Point of Sale

Today on EarthWebNews.com • RIM Ups Ante With Mobile Software Push • All Talk, Little Action on 'Net Neutrality Front? • Compliance Issues Still Bedevil IT • Is CNET The Right Fit For CBS? • Enterprise Spending On Virtualization To Rise More EarthWebNews.com

Tips for Operating System Deployments. Listen to an audio cast about operating system deployment.

Not Your Father's SSO

By Allen Bernard

December 2, 2004: Enterprise single sign-on software has come a long way from the early days of tail fins and bias-ply tires.

For years enterprise single sign-on (eSSO) solutions were bulky, hard-to-use and administratively heavy applications that failed as often as not to simplify users' lives and secure the corporate network.

Today, however, a new crop of vendors has hit the scene with updated versions of eSSO solutions that actually work. A poster child for such solutions is the U.S. Postal Service's (USPS) install of Passlogix's v-GO SSO, which it finished rolling out in October of this year.

With 7,000 applications and 165,000 employees accessing 157,000 PCs in 20,000 facilities around the country, USPS was experiencing a major helpdesk headache and spending millions every year on password resets. By implementing v-GO, this is no longer a problem, Bob Otto, USPS's CTO, said in a case study.

"Passlogix delivered on its promise to help solve the USPS' most critical end-user problem -- forgotten passwords," said Otto. "The ability to leverage our current infrastructure and deploy v-GO SSO without modifying applications or completing any integration was especially important to us."

Older eSSO solutions required a great deal of scripting and writing of custom APIs to change the sign-on interface of every application the eSSO touched. Today's vendors use a mixture of client-side tools for capture login scripts and server-based authentication services to eliminate this custom coding, said Phil Schacter vice president and service director for the Burton Group.

"Heavyweight, complex stuff tends not to not work when you try to roll it out in larger enterprises," he said. "It's problematic, it's hard to administer and, overall, it wasn't worth anything."

In the case of Passlogix, users simply authenticate to v-GO and v-GO fills in administrator-generated passwords (usually far more complex than anything anyone could remember) every time the user opens an application. In this way, the user need only remember one password and v-GO, like other solutions, does the rest.

"You are making all the other passwords pretty much impossible to get and impossible to break [even] if you get the password file ... because you can just make them really difficult (to crack)," said Forrester Analyst Jonathan Penn. "This is something that we've been really trying to educate people, our clients on, for over a year now -- that they need to take a new look at this."

For companies looking to move to two-factor authentication, new eSSO solutions make this objective far easier to achieve, said Penn, since you only have to authenticate to one application, the eSSO solution, versus porting all your existing apps to accept a token or smartcard.

While more secure than a desk covered in password inscribed Post-It notes, there is still a risk with eSSO schemes in that a hacker need only secure one current user name and password to get into the network, said Gartner's John Enck, vice president of Research, Information Security.

But, countered Penn, unless the hacker has access to a network-connected machine, this is no more an issue than current password security problems. And, once a hack is detected, system administrators simply need to delete one password at eSSO and the rest of the applications remain secure.

Modern eSSO solutions also simplify adding and removing employees from the network, a major security issue at many large corporations and a chore most IT departments struggle to keep up with.

Still, while Enck agrees solutions have come a long way from the early attempts at eSSO, he is not 100% convinced the eSSO nut has been cracked. His advice is cautionary. Enterprise IT environments are very complex with multiple competing protocols and platforms that do not lend themselves to easy integration at any level, he said.

"I may be looking at this a little broader than just SSO," he said. "I tend to look at the systematic problem. It's not just 'Is the technology pretty cool and effective today?' Yeah, I'll agree with that. But that doesn't necessarily mean it addresses the full deployment issue in terms of getting the technology rolled out there; especially in these large, global deployments."

Enck does concede, however, that in less complex IT environs, say companies with fewer than 5,000 employees, solutions like those offered by Imprivata, Protocom, Passlogix, Novell and others do a very good job.

Tools:

Add www.cioupddate.com to your favorites Add www.cioupddate.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed

• Return to Technology Trends Index
• Return to www.cioupdate.com Homepage