Introducing Novell SecureLoginIntroducing Novell SecureLogin

Jesper OstergaardProtocom Development SystemsTeritory Manager, NordicMobile: +45 20 666 566Email: jesper.ostergaard@protocom.nl

Protocom inside

• Introduction to Novell SecureLogin4 Business challenges—password pandemonium4 SecureLogin: solves password management problems

• Implementing SecureLogin4 Project Management4 Things to watch out for.

• Demonstration

AgendaAgenda

Novell Novell SecureLogin SecureLogin

OverviewOverview

Password Administration ChallengePassword Administration Challenge

Did you know…

• Each time an end-user calls the Help Desk, it costs the organization $25 to $50 (Giga)

• Annually, organizations spend $200-$300 per user on password management (Hurwitz Group)

• (IDC) Annual Help Desk time spent managing passwords for an average 5,000 user organization with…• 4-8 apps: 4,150 hours• over 20 apps: 10,700 hours

Password Management Problems: Password Management Problems: Help Desk & Administration CostsHelp Desk & Administration Costs

User Productivity ChallengeUser Productivity Challenge

Did you know…

• The average user scenario: 44 hours per year performing multiple login tasks to access 4 applications (Hurwitz Group)

• A 5,000 user organization loses 1,479 hours of productive time per month getting help with passwords (IDC)

• Over 70% of users have password problems at least monthly (IDC)

Password Management Problem: Password Management Problem: EndEnd--User ProductivityUser Productivity

What about data security?

Password Management ProblemPassword Management Problem

•The cost of being offline•The cost of lost profits•The cost of lost customer confidence•The cost of litigation

Did you know…

• In 1999, Fortune 1000 companies reported $45 billion in proprietary information loss (Price Waterhouse Coopers)

• 57% of security breaches were made by on-site employees/contractors accessing unauthorized resources (eWeek)

• On-site employees/contractors are the #1 threat to proprietary data security (Price Waterhouse Coopers)

Password Management Problem: Password Management Problem: Cost of Insecure DataCost of Insecure Data

Are we Ready For Digital Law?Are we Ready For Digital Law?

• eSIGN Act

• Sarbanes-Oxley Act (North America) - requires CEOs and CFOs to vouch for accuracy of their company’s books

• HIPAA (North America) - Health Insurance Portability and Accountability Act; Gramm Leach Bliley Act (North America) - enforces privacy of consumer financial information from the Federal Trade Commission

• Data Protection Act of 1998 (European Union)

PasswordPassword’’s As s As ““Proof of IdentityProof of Identity”” (POI)(POI)

• Passwords or PINs used by 99.9% of systems4 Simple to implement4 costly to maintain4 frustrating for users, helpdesk staff and alike.

• Security verse Convenience4 Strong passwords with letters and numbers, frequently

changing ironically lead to lowering of security.4 Easily Guessed4 Prone to sharing.

• Impossible to prove access “beyond reasonable doubt”

What is Novell SecureLogin?What is Novell SecureLogin?

• Industry Leading Password Management Solution4World’s best Single Sign-on4 #1 market share leader (IDC)4 Advanced Authentication with NMAS

• Key Part of Secure Access Suite4 SecureLogin & NMAS PLUS4Web Portal Single Sign-on - iChain4 Password Redirection - NDS/AS

Holistic ApproachHolistic Approach

SecureLogin is a holistic approach to all major Password

Management requirements.

Individual Technical Solutions

Password management and reset costs

User productivitysuffers from resets

Weak passwords and decreased security

Employeesdissatisfied with IT

Passwordsynchronization

SingleSign-On

Self-ServicePassword Reset

PasswordRedirection

AdvancedAuthentication

Web/ PortalSSO

Passwordsynchronization

SingleSign-On

Self-ServicePassword Reset

PasswordRedirection

AdvancedAuthentication

Web/ PortalSSO

SecureLogin Password Management Suite

Holistic ApproachHolistic Approach

Business Problems

One Holistic Approach to Single Identity Management

How it Works:How it Works:Login Experience Login Experience –– Before NSLBefore NSL

ApplicationApplicationServerServer

ClientClientWorkstationWorkstation

3) Provide Credentials

4) Application Starts

1) Launch Application

2) Credential Challenge

Login ID:

Password:

frank

*******

How it Works:How it Works:Login Experience Login Experience –– With NSLWith NSL

ApplicationApplicationServerServer

eDirectoryeDirectory, , AD, LDAP, AD, LDAP, NT DomainNT Domain

ClientClientWorkstationWorkstation

4) NSL Requests

Secret from eDirectory

Login ID:

Password:

2) Launch Application

3) Credential Challenge

1) Authenticate to eDirectory

5) NSL Receives Secret from eDirectory,

Supplies it to the Application

NSL 3.0 FeaturesNSL 3.0 FeaturesClientClient--side Featuresside Features

Comprehensive single sign-on:•Windows applications•Groupware & Client/server applications•Internet/intranet Web sites•Java applets/applications•Terminal Emulators•Citrix/Terminal Server•UNIX/ Telnet applications•Even DOS applications•No application changes required

Application integration options:• Wizards for simple application

Integration tasks• Advanced application integration tool

for complex tasks• Password policy enforcement

Deployment Options:• Client32, LDAP or ADSI• Client-only or Client-Server

configuration with SecretStoreTM

• Local cache for remote/disconnected

Other User Features:• NMAS SE built in• Screenlock for Win9x• Simple configuration tool for users

NSL 3.0 Features, ContinuedNSL 3.0 Features, ContinuedServerServer--side Features & Administrationside Features & Administration

Server-side options, when implemented on eDirectory:

• SecretStore v3 Server• NMAS v2 Server

Administration tools:• ConsoleOne Administration for

eDirectory configurations• Script Editor administration for LDAP

configurations• Microsoft Management Console

administration for MS Active Directory

Administrative Capabilities:• Single point of management for deploying organization-wide application integration, password policies• Administrator sets overriding values for user options• SNMP monitoring of login events and performance• Non Repudiation• Separation of administrative and SSO responsibility

eDirectoryIn-house App’s

Unix

Internet/intranet Web

MVS

Terminal Server/CitrixMainframe

AS/400

RoutersDOS & 16bit

Java

Win32 App’s

One Login

Single Sign-on

• Auto-detection, Wizard and Central Configuration• Manual Logins, Password Change, Invalid Password, Error

Messages can all be automated.• More emulators, web and win applications than any other

solution.• No Application Changes or other costly infrastructure.

SecureLogin SecureLogin –– Easy to ImplementEasy to Implement

SecureLogin SecureLogin –– Fast ROIFast ROI

LANOne Login

• Uses existing Infrastructure• eDirectory, LDAP, NDS, SecretStore, AD, NT Domain• No new hardware• Leverages existing Disaster Recovery, Tape Backup,

Administration, Management and Auditing systems.• Customers already familiar with look and feel.• No need to change backend systems.• Can be implemented selectively

In-house App’s

Unix

Internet/intranet Web

MVS

Terminal Server/CitrixMainframe

AS/400

RoutersDOS & 16bit

Java

Win32 App’s

SecureLogin SecureLogin -- Is FlexibleIs Flexible

LANOne Login

Works at Office, Home, or fully offline.

One Login

In-house App’s

Unix

Internet/intranet Web

MVS

Terminal Server/CitrixMainframe

AS/400

RoutersDOS & 16bit

Java

Win32 Apps

PollPoll

How important is Access and Security to your organization?4 Very important4 Moderate importance4 Little to no importance4 Unsure

PollPoll

What degree of interest do you see among in Biometrics, Smartcards, Tokens and/or Proximity cards?4 High degree of interest4 Moderate interest4 Little to no interest4 Unsure

Value of Novell Value of Novell SecureLoginSecureLogin

Value PropositionsValue PropositionsJustifying SecureLoginJustifying SecureLogin

1. Vastly reduce help desk costs due to password management resets.

2. Improve network security, absolutely and consistently, enforcing password security policy 100% of the time.

3. Significantly enhance end-user productivity and satisfaction.

Do I need SecureLogin?Do I need SecureLogin?

• The problem for management4 Increasing help desk support costs4 Help desk overload -4 Concerns about protecting information4 Increasing User Authentication and Security Requirements both

internally and through legislation.

• The problem for end users:4 Too many IDs and Passwords4 Too much employee downtime because of password problems4 Fast access to information

Leading QuestionsLeading Questions

•How many passwords does your typical end-user have to remember? (Most have 8-12)•How strong and secure are these passwords? (Most are weak and easy to guess, or written down in obvious places)•How much time and money does your IT staff spend on password resets? (Use the interactive ROI tool to determine this based on their own input—the results will be alarming)•Have you implemented password policies? If so, how well do your users adhere to them? (SecureLogin enforces this for you with no effort by the end-user)

Regional HospitalRegional Hospital

• Main hospital with remote doctors offices across varying speed links

• 15 NetWare fileservers• 3 UNIX machines running HIS• Windows 95 and W2K corporate desktop• Client/server HIS• Reflection for Unix v5 primary emulator• Citrix based applications for remote offices

High level requirementsHigh level requirements

• Wanted to increase level of user authentication for legislative requirements.

• Diverse environment with different requirements between different disciplines within the hospital in addition to external users.

• Had a shared PC environment and medical staff typically did not logout and shared their ID’s.

• Needed to increase security for mobile medical staff.• Wanted to use productivity and helpdesk savings resulting

from single sign-on to fund initial project and ongoing support.

Case Study Case Study --Client with 2000 UsersClient with 2000 Users

Costs• Software $140,000• Project Management & Consulting $150,000• Ongoing consulting and training $30,000• Ongoing maintenance $21,000

Return on Investment (yearly)• Helpdesk Savings ($90pu) $180,000• User Productivity ($110pu) $220,000

-----------Annual Saving $400,000Ongoing Services $(51,000)

1st Year Savings $89,0002nd Year Savings $349,000

Return On InvestmentReturn On Investment

• The typical user spends as much as 44 hours per yearperforming multiple login tasks to access 4 applications - A 1996 study by the Network Applications Consortium

• Most users can’t remember more than 3 passwords, yet are expected to remember 6 or more - Hurwitz Group, 2000

• More than 30% of help desk costs are password related - Giga, Renee Woo, March 2001

• Password management costs between US$200 and US$300 per user each year – IDC

Typical ProjectTypical Project

• Project management4 Prepare business case with ROI4 Analyze business and user requirements and document system

constraints• User Groups including Unions• Which applications• Current application limitations• How users access the system - wards, surgery, back office etc.• What the business expects from the system (what the project

performance will be measured against)4 System architecture and Design documentation based on

requirements

Making single sign-on work is about 10% technology and 90% project management

Typical ProjectTypical Project

• Consulting• Determine requirements for each application

– login rules, change password, invalid password processing etc.• Review disaster recovery plan• Tape backup strategy• Develop software release process• Establish test environment• Develop performance guidelines and milestones• Develop return on investment milestones• Implementation plan

– Test cutdown plan with pilot» 2 users at each business unit» one application per business unit» big bang ?

Typical ProjectTypical Project

• Consulting /cont

• Software distribution process changes– system maintenance– most businesses evolve, so does the infrastructure and the need to

periodically review the system measuring the ROI• Security Review of applications and infrastructure

– generic accounts - RCONSOLE, routers, physical security systems etc.• Test and Pilot system

• Training– end-users– helpdesk– system designers– in-house application developers– security and auditing staff– Software distribution

• Post implementation– on-going helpdesk training

How long should it take ?How long should it take ?

It will be different for each organization but work on at least 1-24 months (depending upon the complexity,

number of systems, size of organization and management acceptance).

Implementation Time GuidesImplementation Time Guides

• 1-1000 users4 1 - 4 months

• 1000-2000 users4 6 months

• 2000+ users4 6-24 months

Generic Time lineGeneric Time line

Project Definition

Requirements

Design/Eval/Plan

Training/Implementation

Support

Changes

Things to avoidThings to avoid

• Not every application is suitable/cost effective for single sign-on

• Not every part of the organization will be able to use Advanced Authentication in every scenario – “emergency break the glass”

• Duplication of systems and data• Big Bang is simply not a good option - roll out apps in sets• Over extending your infrastructure - the system must be

reliable• Don’t be Locked in - all organizations environments change,

you need flexibility

Things to DOThings to DO

• Make sure you have high level organizational support• You have a backout strategy as the #1 design goal• Funding for ongoing support of new product updates and

new corporate applications• Partner with one or more SSO specialist companies - it

will save you time and frustration• Essential to have the helpdesk and applications areas

fully trained and using the product every day

Implementation/Ongoing ChallengesImplementation/Ongoing Challenges

• Training large group of users• Determining requirements and expectations for

each application upfront• Application consistency• Disaster Recovery Strategy - ‘break glass

scenario’• Constantly changing environment• Staff and helpdesk changes• Coping with user momentum for SSO to other

applications

SummarySummary

• Vastly reduce help desk costs due to password management resets

• Improve network security and meet legislative authentication requirements, absolutely and consistently

• Significantly enhance end-user productivity and satisfaction

• Improve Competitiveness and technological advantage

Where can I get more information?Where can I get more information?

• www.novell.com/products/securelogin4 Return on investment calculator4 Product brochures and information4 demonstration software

• Local Novell Account Manager4 Secure Access suite kit4 Presales assistance with SecureLogin specialist4 Product training4 Mutual lead generation activities

• Brainshare and Brainshare on Tour• sales@novellsecurelogin.com

DemonstrationDemonstration