introducing novell secureloginatk-paivat.fi › 2003 › ostergaard.pdf · 2014-05-17 · did you...
TRANSCRIPT
Introducing Novell SecureLoginIntroducing Novell SecureLogin
Jesper OstergaardProtocom Development SystemsTeritory Manager, NordicMobile: +45 20 666 566Email: [email protected]
Protocom inside
• Introduction to Novell SecureLogin4 Business challenges—password pandemonium4 SecureLogin: solves password management problems
• Implementing SecureLogin4 Project Management4 Things to watch out for.
• Demonstration
AgendaAgenda
Novell Novell SecureLogin SecureLogin
OverviewOverview
Password Administration ChallengePassword Administration Challenge
Did you know…
• Each time an end-user calls the Help Desk, it costs the organization $25 to $50 (Giga)
• Annually, organizations spend $200-$300 per user on password management (Hurwitz Group)
• (IDC) Annual Help Desk time spent managing passwords for an average 5,000 user organization with…• 4-8 apps: 4,150 hours• over 20 apps: 10,700 hours
Password Management Problems: Password Management Problems: Help Desk & Administration CostsHelp Desk & Administration Costs
User Productivity ChallengeUser Productivity Challenge
Did you know…
• The average user scenario: 44 hours per year performing multiple login tasks to access 4 applications (Hurwitz Group)
• A 5,000 user organization loses 1,479 hours of productive time per month getting help with passwords (IDC)
• Over 70% of users have password problems at least monthly (IDC)
Password Management Problem: Password Management Problem: EndEnd--User ProductivityUser Productivity
What about data security?
Password Management ProblemPassword Management Problem
•The cost of being offline•The cost of lost profits•The cost of lost customer confidence•The cost of litigation
Did you know…
• In 1999, Fortune 1000 companies reported $45 billion in proprietary information loss (Price Waterhouse Coopers)
• 57% of security breaches were made by on-site employees/contractors accessing unauthorized resources (eWeek)
• On-site employees/contractors are the #1 threat to proprietary data security (Price Waterhouse Coopers)
Password Management Problem: Password Management Problem: Cost of Insecure DataCost of Insecure Data
Are we Ready For Digital Law?Are we Ready For Digital Law?
• eSIGN Act
• Sarbanes-Oxley Act (North America) - requires CEOs and CFOs to vouch for accuracy of their company’s books
• HIPAA (North America) - Health Insurance Portability and Accountability Act; Gramm Leach Bliley Act (North America) - enforces privacy of consumer financial information from the Federal Trade Commission
• Data Protection Act of 1998 (European Union)
PasswordPassword’’s As s As ““Proof of IdentityProof of Identity”” (POI)(POI)
• Passwords or PINs used by 99.9% of systems4 Simple to implement4 costly to maintain4 frustrating for users, helpdesk staff and alike.
• Security verse Convenience4 Strong passwords with letters and numbers, frequently
changing ironically lead to lowering of security.4 Easily Guessed4 Prone to sharing.
• Impossible to prove access “beyond reasonable doubt”
What is Novell SecureLogin?What is Novell SecureLogin?
• Industry Leading Password Management Solution4World’s best Single Sign-on4 #1 market share leader (IDC)4 Advanced Authentication with NMAS
• Key Part of Secure Access Suite4 SecureLogin & NMAS PLUS4Web Portal Single Sign-on - iChain4 Password Redirection - NDS/AS
Holistic ApproachHolistic Approach
SecureLogin is a holistic approach to all major Password
Management requirements.
Individual Technical Solutions
Password management and reset costs
User productivitysuffers from resets
Weak passwords and decreased security
Employeesdissatisfied with IT
Passwordsynchronization
SingleSign-On
Self-ServicePassword Reset
PasswordRedirection
AdvancedAuthentication
Web/ PortalSSO
Passwordsynchronization
SingleSign-On
Self-ServicePassword Reset
PasswordRedirection
AdvancedAuthentication
Web/ PortalSSO
SecureLogin Password Management Suite
Holistic ApproachHolistic Approach
Business Problems
One Holistic Approach to Single Identity Management
How it Works:How it Works:Login Experience Login Experience –– Before NSLBefore NSL
ApplicationApplicationServerServer
ClientClientWorkstationWorkstation
3) Provide Credentials
4) Application Starts
1) Launch Application
2) Credential Challenge
Login ID:
Password:
frank
*******
How it Works:How it Works:Login Experience Login Experience –– With NSLWith NSL
ApplicationApplicationServerServer
eDirectoryeDirectory, , AD, LDAP, AD, LDAP, NT DomainNT Domain
ClientClientWorkstationWorkstation
4) NSL Requests
Secret from eDirectory
Login ID:
Password:
2) Launch Application
3) Credential Challenge
1) Authenticate to eDirectory
5) NSL Receives Secret from eDirectory,
Supplies it to the Application
NSL 3.0 FeaturesNSL 3.0 FeaturesClientClient--side Featuresside Features
Comprehensive single sign-on:•Windows applications•Groupware & Client/server applications•Internet/intranet Web sites•Java applets/applications•Terminal Emulators•Citrix/Terminal Server•UNIX/ Telnet applications•Even DOS applications•No application changes required
Application integration options:• Wizards for simple application
Integration tasks• Advanced application integration tool
for complex tasks• Password policy enforcement
Deployment Options:• Client32, LDAP or ADSI• Client-only or Client-Server
configuration with SecretStoreTM
• Local cache for remote/disconnected
Other User Features:• NMAS SE built in• Screenlock for Win9x• Simple configuration tool for users
NSL 3.0 Features, ContinuedNSL 3.0 Features, ContinuedServerServer--side Features & Administrationside Features & Administration
Server-side options, when implemented on eDirectory:
• SecretStore v3 Server• NMAS v2 Server
Administration tools:• ConsoleOne Administration for
eDirectory configurations• Script Editor administration for LDAP
configurations• Microsoft Management Console
administration for MS Active Directory
Administrative Capabilities:• Single point of management for deploying organization-wide application integration, password policies• Administrator sets overriding values for user options• SNMP monitoring of login events and performance• Non Repudiation• Separation of administrative and SSO responsibility
eDirectoryIn-house App’s
Unix
Internet/intranet Web
MVS
Terminal Server/CitrixMainframe
AS/400
RoutersDOS & 16bit
Java
Win32 App’s
One Login
Single Sign-on
• Auto-detection, Wizard and Central Configuration• Manual Logins, Password Change, Invalid Password, Error
Messages can all be automated.• More emulators, web and win applications than any other
solution.• No Application Changes or other costly infrastructure.
SecureLogin SecureLogin –– Easy to ImplementEasy to Implement
SecureLogin SecureLogin –– Fast ROIFast ROI
LANOne Login
• Uses existing Infrastructure• eDirectory, LDAP, NDS, SecretStore, AD, NT Domain• No new hardware• Leverages existing Disaster Recovery, Tape Backup,
Administration, Management and Auditing systems.• Customers already familiar with look and feel.• No need to change backend systems.• Can be implemented selectively
In-house App’s
Unix
Internet/intranet Web
MVS
Terminal Server/CitrixMainframe
AS/400
RoutersDOS & 16bit
Java
Win32 App’s
SecureLogin SecureLogin -- Is FlexibleIs Flexible
LANOne Login
Works at Office, Home, or fully offline.
One Login
In-house App’s
Unix
Internet/intranet Web
MVS
Terminal Server/CitrixMainframe
AS/400
RoutersDOS & 16bit
Java
Win32 Apps
PollPoll
How important is Access and Security to your organization?4 Very important4 Moderate importance4 Little to no importance4 Unsure
PollPoll
What degree of interest do you see among in Biometrics, Smartcards, Tokens and/or Proximity cards?4 High degree of interest4 Moderate interest4 Little to no interest4 Unsure
Value of Novell Value of Novell SecureLoginSecureLogin
Value PropositionsValue PropositionsJustifying SecureLoginJustifying SecureLogin
1. Vastly reduce help desk costs due to password management resets.
2. Improve network security, absolutely and consistently, enforcing password security policy 100% of the time.
3. Significantly enhance end-user productivity and satisfaction.
Do I need SecureLogin?Do I need SecureLogin?
• The problem for management4 Increasing help desk support costs4 Help desk overload -4 Concerns about protecting information4 Increasing User Authentication and Security Requirements both
internally and through legislation.
• The problem for end users:4 Too many IDs and Passwords4 Too much employee downtime because of password problems4 Fast access to information
Leading QuestionsLeading Questions
•How many passwords does your typical end-user have to remember? (Most have 8-12)•How strong and secure are these passwords? (Most are weak and easy to guess, or written down in obvious places)•How much time and money does your IT staff spend on password resets? (Use the interactive ROI tool to determine this based on their own input—the results will be alarming)•Have you implemented password policies? If so, how well do your users adhere to them? (SecureLogin enforces this for you with no effort by the end-user)
Regional HospitalRegional Hospital
• Main hospital with remote doctors offices across varying speed links
• 15 NetWare fileservers• 3 UNIX machines running HIS• Windows 95 and W2K corporate desktop• Client/server HIS• Reflection for Unix v5 primary emulator• Citrix based applications for remote offices
High level requirementsHigh level requirements
• Wanted to increase level of user authentication for legislative requirements.
• Diverse environment with different requirements between different disciplines within the hospital in addition to external users.
• Had a shared PC environment and medical staff typically did not logout and shared their ID’s.
• Needed to increase security for mobile medical staff.• Wanted to use productivity and helpdesk savings resulting
from single sign-on to fund initial project and ongoing support.
Case Study Case Study --Client with 2000 UsersClient with 2000 Users
Costs• Software $140,000• Project Management & Consulting $150,000• Ongoing consulting and training $30,000• Ongoing maintenance $21,000
Return on Investment (yearly)• Helpdesk Savings ($90pu) $180,000• User Productivity ($110pu) $220,000
-----------Annual Saving $400,000Ongoing Services $(51,000)
1st Year Savings $89,0002nd Year Savings $349,000
Return On InvestmentReturn On Investment
• The typical user spends as much as 44 hours per yearperforming multiple login tasks to access 4 applications - A 1996 study by the Network Applications Consortium
• Most users can’t remember more than 3 passwords, yet are expected to remember 6 or more - Hurwitz Group, 2000
• More than 30% of help desk costs are password related - Giga, Renee Woo, March 2001
• Password management costs between US$200 and US$300 per user each year – IDC
Typical ProjectTypical Project
• Project management4 Prepare business case with ROI4 Analyze business and user requirements and document system
constraints• User Groups including Unions• Which applications• Current application limitations• How users access the system - wards, surgery, back office etc.• What the business expects from the system (what the project
performance will be measured against)4 System architecture and Design documentation based on
requirements
Making single sign-on work is about 10% technology and 90% project management
Typical ProjectTypical Project
• Consulting• Determine requirements for each application
– login rules, change password, invalid password processing etc.• Review disaster recovery plan• Tape backup strategy• Develop software release process• Establish test environment• Develop performance guidelines and milestones• Develop return on investment milestones• Implementation plan
– Test cutdown plan with pilot» 2 users at each business unit» one application per business unit» big bang ?
Typical ProjectTypical Project
• Consulting /cont
• Software distribution process changes– system maintenance– most businesses evolve, so does the infrastructure and the need to
periodically review the system measuring the ROI• Security Review of applications and infrastructure
– generic accounts - RCONSOLE, routers, physical security systems etc.• Test and Pilot system
• Training– end-users– helpdesk– system designers– in-house application developers– security and auditing staff– Software distribution
• Post implementation– on-going helpdesk training
How long should it take ?How long should it take ?
It will be different for each organization but work on at least 1-24 months (depending upon the complexity,
number of systems, size of organization and management acceptance).
Implementation Time GuidesImplementation Time Guides
• 1-1000 users4 1 - 4 months
• 1000-2000 users4 6 months
• 2000+ users4 6-24 months
Generic Time lineGeneric Time line
Project Definition
Requirements
Design/Eval/Plan
Training/Implementation
Support
Changes
Things to avoidThings to avoid
• Not every application is suitable/cost effective for single sign-on
• Not every part of the organization will be able to use Advanced Authentication in every scenario – “emergency break the glass”
• Duplication of systems and data• Big Bang is simply not a good option - roll out apps in sets• Over extending your infrastructure - the system must be
reliable• Don’t be Locked in - all organizations environments change,
you need flexibility
Things to DOThings to DO
• Make sure you have high level organizational support• You have a backout strategy as the #1 design goal• Funding for ongoing support of new product updates and
new corporate applications• Partner with one or more SSO specialist companies - it
will save you time and frustration• Essential to have the helpdesk and applications areas
fully trained and using the product every day
Implementation/Ongoing ChallengesImplementation/Ongoing Challenges
• Training large group of users• Determining requirements and expectations for
each application upfront• Application consistency• Disaster Recovery Strategy - ‘break glass
scenario’• Constantly changing environment• Staff and helpdesk changes• Coping with user momentum for SSO to other
applications
SummarySummary
• Vastly reduce help desk costs due to password management resets
• Improve network security and meet legislative authentication requirements, absolutely and consistently
• Significantly enhance end-user productivity and satisfaction
• Improve Competitiveness and technological advantage
Where can I get more information?Where can I get more information?
• www.novell.com/products/securelogin4 Return on investment calculator4 Product brochures and information4 demonstration software
• Local Novell Account Manager4 Secure Access suite kit4 Presales assistance with SecureLogin specialist4 Product training4 Mutual lead generation activities
• Brainshare and Brainshare on Tour• [email protected]
DemonstrationDemonstration