|
Every so often, a technology comes along that creates a true sea change in the marketplace. For example, virtual private networks (VPN) changed corporate networking forever by delivering a powerful combination of immediate return on investment (ROI), improved security, and greater user convenience. Indeed, by the time VPN technology reached its third generation, it radically altered the economics and capabilities of networking for companies of all sizes. The result? VPNs quickly became the de facto standard for remote connectivity.
More recently, Enterprise Single Sign-On (ESSO) has emerged with a similar potential to transform enterprise security. ESSO addresses one of the fastest-growing security issues facing corporations today?password proliferation and control. Like third-generation VPNs, ESSO solutions deliver an immediate, significant ROI while strengthening security and improving user convenience?and the benefits of ESSO span areas as diverse as user productivity, access control, help desk costs, and regulatory compliance. This white paper takes a closer look at ESSO, the problems it solves, and how it will fundamentally change the way corporations address their security needs.
The Problems ESSO was Created to Solve
Every technology solution is developed to solve a problem. In the case of early VPNs, the problem was the prohibitively high cost of deploying, operating and maintaining a private corporate data network. Only the largest companies could afford them, and without a private network, remote users were at the mercy of slow, costly, and insecure modem connections.
For ESSO, the problem is too many application passwords. Passwords have become a nightmare for many organizations. Once a relatively simple, effective and affordable way to ensure that only authorized users could gain access to important business applications, passwords have become a source of frustration, friction and increasing cost for many enterprises.
What changed?
Corporate computing environments became more complex. The number of business applications in those environments has multiplied, leading to a corresponding increase in the number and type of passwords required to access them. As a result, the average user now has to remember more than seven passwords. To make matters worse, in today's heterogeneous environments, the user must often recall several different types of passwords, each with its own "syntax" of alphanumeric characters and symbols.
As passwords have proliferated, it has become increasingly difficult for users to remember them. And when users forget passwords, what do they do? They get locked out of the applications they need to perform their work, they get frustrated, and they call the IT help desk for assistance. According to Forrester Research, more than 30% of all help desk costs are password-related. With the cost of a single help desk call at $25 to $40, the cost of password problems can quickly add up to hundreds of thousands of dollars per year for even mid-sized companies. And that's not even factoring in the cost of lost productivity when users are locked out of needed applications due to forgotten passwords.
What's worse, the negative impact of password proliferation extends to the very area that passwords are supposed to help: security. Faced with a growing number of passwords to remember, users often resort to writing them down and leaving them in plain view where a nefarious person can find them and use them to gain unauthorized access. Suddenly, every desktop in the organization is another point of vulnerability in the corporate security armor.
In an effort to strengthen desktop security, many organizations have instituted strong password policies. These policies mandate the use?and frequent changing?of passwords that, in the interest of preventing password theft, are intentionally complex and difficult to remember. This also exacerbates the problem, resulting in password policy non-compliance, increased security risk, and spiraling help desk costs.
More recently, another factor has increased the urgency among enterprises to solve the password proliferation problem: the law. The US federal government has enacted several laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Gramm-Leach-Bliley Act of 1999, and the Sarbanes-Oxley Act of 2002, that require organizations to have processes in place to safeguard the privacy of client, patient, and employee information.
|
