With firewalls and VPNs becoming ubiquitous in the midmarket, there's a great opportunity for solution providers to offer single sign-on appliances, according to the CRN Test Center. The device supports the use of strong password policies, while lowering password-administration costs. The result is higher security, but with a continuous demonstrable ROI.
Imprivata's OneSign is a plug-and-play, Linux-based appliance that gives users access to multiple applications such as e-mail, databases and shared directories with a single password. The device supports Windows NT, Active Directory and iPlanet networks, but NetWare networks will have to look elsewhere.
The appliance maintains the individual passwords used for the separate applications, so the user need only remember one main highly secure password. Reducing the number of passwords and automating administration cuts help-desk costs, supports stronger password policies and increases user productivity to deliver a significant ROI.
For example, Company A claims that a user calling the help desk for password management issues costs around $40 per call; this includes the reduced productivity of the worker and someone to man the call. Multiply that by the number of employees, say 500. Then multiply that by the number of calls per person per year, which we'll set at two. The company therefore spends a minimum of $40,000 a year on password management.
 Imprivata's OneSign is a plug-and-play appliance that gives users access to multiple apps with a single password. |
In the lab, OneSign setup went off without a hitch. One thing to pin down before setup begins is the authentication technology,i.e., is the environment Active Directory-, iPlanet- or NT domain-based? Once the box has its own IP address and the box's security environment is set, setup becomes surprisingly straightforward with the help of wizards. Being a Linux-based box, administrators might want to preset their DNS to whatever name they give the box.
An eventual problem Imprivata might encounter is supporting a large number of back-end applications, each with its own way of updating passwords. "Instead of a large database of profiles and back-end adapters that would be difficult to maintain and control, we designed OneSign to allow the administrator to SSO-enable any possible target application using the application profile generator," said Gregg LaRoche, director of product management at Imprivata.
