Single sign-on plus self-service password reset result in greater benefits

Identity Management This newsletter is sponsored by Quest Software 12 Tenets of Identity Management Learn best practices and insight from Quest Software's resident identity management expert, Jackson Shaw. In Tenets of Identity Management, he shares 12 principles that are valuable to all organizations, especially those with large, complex environments. Read the white paper now. Network World's Identity Management Newsletter, 05/16/07 Single sign-on plus self-service password reset result in greater benefits By Dave Kearns At last week’s Converge07 conference for Courion customers and friends I had the pleasure of sitting on a panel (well, I WAS the panel) for Courion VP of Services Nelson Ronkin’s presentation about integrating enterprise single/simplified sign-on (ESSO) with self-service password reset (SSPR). While both are identity management technologies that many organizations will want to implement, it may not be readily apparent why they would be candidates for integration. First, let’s look at the benefits of each technology as a standalone service. ESSO can help you: * Strengthen application security. * Simplify user access. * Improve regulatory compliance through stringent access control. * Reduce help desk costs through easier access and fewer passwords for users to remember. The Security Standard - The Only Executive Summit Focused on the Business, Management and Strategic Aspects of Security September 10-11, 2007 | The Fairmont Hotel Chicago How do your security initiatives support company business goals? The answer to this question can make all the difference in gaining the corporate-wide support and resources you need to drive your security strategies. Uncover best practices and organizational strategies for achieving success by attending The Security Standard Conference. Click here for more details. Click here for more details SSPR offers these benefits: * Increased data security - compliance with corporate password policies. * Facilitates more secure policies. * Eliminates security loopholes in manual password reset procedures. * Provides audit trails for all password reset transactions. * Eliminates the need to grant "superuser" privileges to more staff to service password reset requests. * Reduce cost - eliminates the leading source of all help desk calls. * Protect user privacy- minimizes the need to share sensitive authentication information with support staff over the phone. * Improves user productivity and service levels, cutting Mean Time To Repair (MTTR) for password resets and minimizing the number of passwords to remember. Those are certainly all good reasons to implement these two technologies, but does combining them create additional benefits? Here’s one scenario. You’ve got ESSO established but you know that good security practice requires that passwords be changed periodically. You could have your users forced to change all of their application-level passwords according to some schedule and then have the ESSO system learn the new passwords at the next access. But how much easier (and less frustrating for your users) would it be to have the SSPR facility do the periodic password change for each authentication point and load the changes to the ESSO service? You’ve increased your security while at the same time make it more user friendly – a combination I’d never have thought could happen. By using an SSPR service, such as Courion’s PasswordCourier, you can also more easily enforce strict rules about the use of strong passwords (minimum length, mixed case, alphanumeric+symbols, no dictionary words, etc.) without having to spend processor time analyzing the passwords that human users might choose. That’s increased security combined with lower cost - in terms of CPU usage, another pairing I wouldn’t expect to see. The old saying is that the whole can be greater than the sum of its parts and that seems to be true here. Combining ESSO with SSPR gives you all the benefits of each plus benefits that only the combination can provide. Think about it for your organization. Upcoming Events: I’ll be speaking in Seoul, Korea this July at the Identity Access & Security Management 2007 conference to be held at the Ritz-Carlton, Seoul, July 9-10. See here for the details. Downloads: Sentillion has archived a recent Webinar, “User Provisioning in Healthcare: The 360° Perspective” featuring Michael Gutsche, executive Director, Information Security and Client Systems for the Sisters of Mercy Health System; Gartner Group’s Barry Runyon and Sentillion’s own Terry Zysk (she’s the “vice president, provisioning” and don’t you wish you had one of those on staff!). Head over to the Web site where you will have to register, but it should be worth it to you.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Top 10 things Microsoft loves/hates about open source 2. Top 15 controversial Microsoft quotes 3. A quarter of under-30s now go cell-only 4. Force10 says it has Cisco Catalyst killer 5. Microsoft and open source patents controversy 6. Google: Ghost in the machine is malware 7. Your IT summer blockbuster guide 8. Deciphering Google's language translation 9. Using 'offensive technologies' to secure networks 10. Analysts squash IBM layoff rumors MOST-READ REVIEW: Midtier management tools register high marks

Contact the author: Dave Kearns is a writer and consultant in Silicon Valley. He's written a number of books including the (sadly) now out of print "Peter Norton's Complete Guide to Networks." His musings can be found at Virtual Quill. Kearns is the author of two Network World Newsletters: Windows Networking Strategies, and Identity Management. Comments about these newsletters should be sent to him at these respective addresses: windows@vquill.com, identity@vquill.com . Kearns provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail. This newsletter is sponsored by Quest Software 12 Tenets of Identity Management Learn best practices and insight from Quest Software's resident identity management expert, Jackson Shaw. In Tenets of Identity Management, he shares 12 principles that are valuable to all organizations, especially those with large, complex environments. Read the white paper now. ARCHIVE Archive of the Identity Management Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007