Today’s session is all about looking at the password management challenges faced by typical mid-market customers. We’ll look at the impact these challenges can have on your organization, and then we’ll introduce you to an IBM Tivoli solution that we think can make a real difference for your organization.
So, let’s take a closer look at our Agenda for today.
As you can see on the Agenda, we’ll start by briefly reviewing some of the password management challenges being faced by mid-market organizations today, and how these challenges can be addressed with single sign-on.
Then we’ll look at an overview of the IBM Tivoli solution, discuss the IT and Business Benefits, followed by an example of a customer success story.
And finally, we’ll talk about how you can get started with a single sign-on solution for your organization, and try to answer any specific questions you may have.
So, let’s get started.
Main point: Introduce password management frustrations users typically experience
As security threats grow more sophisticated, the pressure is increasing for businesses to control access to valuable network resources and sensitive data. More and more of your company’s valuable information assets are being made accessible online. Of course, there is tremendous pressure to protect those assets from unauthorized access. At the same time there is pressure coming from the outside, as government regulations demand tighter security standards and more accountability.
To further complicate matters, your infrastructure is always evolving. You’ve got a variety of different hardware and software acquired at different times and tasked for different purposes. And there haven’t really been any enduring security standards to work with.
It’s not uncommon for users to maintain between five and 30 different login and password combinations. Users often forget or confuse passwords, resulting in system lockout and a loss of productivity. Complex login sequences and application navigation further reduce productivity. Kiosk users face an even more challenging task of having to login and logout frequently as they switch between user sessions, resulting in poor user satisfaction.
As the number of application passwords grow, end user behavior deteriorates. Users with multiple passwords often write passwords in date books or on sticky notes, and they tend to choose less complex passwords. And of course, each application requires different password lengths, with different composition requirements and different update intervals.
Access control is needed to keep unauthorized users out, but it also stands between your authorized users and the resources that they need to access. It is an every day, many times per-day intrusion – and that’s only if it’s managed well.
Let’s look at some of the most common challenges.
Main point: Relate password management challenges to mid-market organizations
The first thing businesses are looking for is a solution for password management. They want to simplify sign-on for users and reduce the dependence on IT for help desk support. Sometimes, companies are looking for Single Sign-On as a first step toward a larger identity management solution. In any event, one of the main challenges is how to reduce costs – while still providing the level of security needed.
IT departments are looking to strengthen security for critical applications. They typically look for two-factor authentication – a secure way to link user authentication and application authentication. The most common way to achieve that is with an advanced sign on system using things like Smart cards or biometrics.
Next is compliance. Regulatory compliance is not inexpensive, and compliance demonstration is not inexpensive. Many organizations are looking for ways to ease the pain associated with auditing and tracking user access, and then producing the required compliance reports.
And finally, improving user productivity. Users need faster access to information, but at the same time this must be balanced with the need for strong access controls.
Let’s look at how an IBM Tivoli solution could address these challenges.
IBM Tivoli Access Manager for Enterprise Single Sign-On can provide immediate relief for password chaos. It can help:
Reduce costs and simplify implementation and administration
Strengthen security
Support your compliance efforts, and
Improve user productivity
Tivoli Access Manager for Enterprise Single Sign-On can improve user productivity through faster access to information. Users authenticate once, and have single sign-on for Windows, Web, Java, Telnet, in-house developed and mainframe applications.
In addition to single sign-on and single sign-off, Tivoli Access Manager for Enterprise Single Sign-On’s workflow automation provides application launch and login, drive mapping, and automatic navigation to preferred screens. Quickly bringing users to where they typically need to start working in each application can further increase productivity.
And with its roaming desktop support, active users can have their desktop follow them to every endpoint they encounter throughout the day.
For those employees that are mobile and need access to the same applications in and out of the office, Tivoli Access Manager for Enterprise Single Sign-On provides secure access to applications through a browser, without requiring additional software installation or application server modifications. A single password grants remote users access to the Web portal where they can have single sign-on access to all of their corporate applications.
And Tivoli Access Manager for Enterprise Single Sign-On also provides support for shared workstations and kiosks. Comprehensive session management and fast user switching capabilities allow multiple users to securely share a workstation. Users can maintain individual desktops on the same workstation, switching from user to user transparently with the ability to instantly pick up right where they left off. And advanced login techniques are also supported. For example, after one user locks the workstation, another user can quickly access his personalized applications at that same workstation by simply tapping his ID badge.
Now let’s take a more in-depth look at the Tivoli Access Manager for Enterprise Single Sign-On solution.
Main points: Introduce IBM Tivoli Access Manager for Enterprise Single Sign-On
Tivoli Access Manager for Enterprise Single Sign-On is a robust, full featured access management solution that’s available now. The technology is business proven and at work in many organizations around the world. It provides single sign-on for your applications without a lengthy or complex implementation effort. Whether you’re deploying strong authentication, implementing an organization-wide identity management initiative, or simply focusing on the password management challenges for a specific group of users, Tivoli Access Manager for Enterprise Single Sign-On will support your technical requirements and computing environment.
It allows the user to connect from a variety of client devices, including desktops, Web servers, remote desktops, terminal workstations and pervasive devices. The user wallet, which contains all the credentials for the user, is managed and distributed by the central IMS server. This wallet can be used in a direct connection to the IMS server, or in disconnected mode. The agent that sits on the client workstation retrieves the user wallet and uses it to automatically log the user in to each application requested. Tivoli Access Manager for Enterprise Single Sign-On uses profiles on the client to identify how to interact with each particular application. There is support for hundreds of application profiles right out of the box.
Organizations typically try to strengthen security for access control in two ways:
Improving the quality, or strength of the passwords being used, and
Implementing strong, or second-factor authentication for critical applications.
Tivoli Access Manager for Enterprise Single Sign-On can help greatly improve password behavior and quality. Because users only need to remember and manage a single, high-quality password, organizations can realize a significant reduction in risky password behavior.
And Tivoli Access Manager for Enterprise Single Sign-On automatically manages password updates and provides easy self-service options for password change and reset. To better protect sensitive data, organizations typically need stronger authentication to secure critical applications. However, integrating advanced authentication methods for these applications can be difficult. What differentiates Tivoli Access Manager for Enterprise Single Sign-On is that it seamlessly integrates with numerous strong authentication devices without a lengthy or complex implementation. Devices supported include building access badges, USB smart cards, active RFID, biometrics and iTag.
iTag is a patent-pending smart label technology that contains RFID tags which can be affixed to personal objects, such as a photo badge, cell phone, PDA, or driver’s license. This converts the personal object into a proximity device which can be used for strong authentication. By attaching iTag to objects users commonly carry, the adoption rate is greatly enhanced, minimal training is required, and users are less likely to forget or lose their iTag device.
Tivoli Access Manager for Enterprise Single Sign-On can help strengthen security by improving the quality and strength of the passwords being used, and cutting-edge encryption technology provides enhanced protection.
Tivoli Access Manager for Enterprise Single Sign-On integrates with the widest choice of two-factor authentication devices and is unique in providing strong authentication utilizing iTag. Leveraging this cost-effective and widely prevalent smart label technology provides the most flexible and universal two-factor authentication solution in the market.
Now let’s discuss some of the IT benefits available with Tivoli Access Manager for Enterprise Single Sign-On.
Main points: Highlight business benefits
Help desk costs can be substantial as organizations respond to employee password problems. Tivoli Access Manager for Enterprise Single Sign-On detects and responds to all password-related events to automate every password management task for the end user, including logon, password selection, password change, and password reset. These self-service and automation capabilities, along with users only needing to remember a single password, can significantly reduce help desk calls and costs.
Provisioning costs can be reduced by leveraging your existing infrastructure and personal devices for second factor authentication. This eliminates the cost of acquiring, provisioning and replacing authentication tokens. By leveraging devices you already have for strong authentication, such as cell phones or building access badges with iTag, Tivoli Access Manager for Enterprise Single Sign-On helps organizations significantly reduce the cost of ownership.
Tivoli Access Manager for Enterprise Single Sign-On also integrates with best-of-breed user provisioning technologies such as IBM Tivoli Identity Manager to provide end-to-end, comprehensive identity lifecycle management. Once provisioned, users can leverage single sign-on to access all their applications on shared and personal workstations with one password. There is no longer a need to manually distribute application credentials, which is expensive and insecure.
It seems like there’s no end to the number of information security regulations, such as Basel II, HIPAA, SOX and GLBA. In general, compliance requirements are intended to prevent public access to private data, and require tracking and reporting on all access.
To help support your compliance efforts, Tivoli Access Manager for Enterprise Single Sign-On audits and logs end-user activities associated with logon across all end-points. It provides centralized collation of tamper-proof user-centric audit logs and better tracking of user access.
To facilitate compliance, Tivoli Access Manager for Enterprise Single Sign-On offers extensive audit capabilities, and integrates with leading compliance products such as IBM Tivoli Compliance Insight Manager to provide consolidated reports that show which applications were accessed by whose accounts. The reports are complete with timestamps and IP addresses across multiple endpoints and applications. Customizable tracking enables organizations to track custom activities that may otherwise not be possible through standard application logs. With the centralized collation and customizable tracking capabilities of Tivoli Access Manager for Enterprise Single Sign-On, organizations can easily track access and address regulatory mandates with minimal IT burden.
Now let’s look at an example of quantifying the potential benefits.
Main points: Highlight IT benefits
First, I’ll highlight some of the key, technical benefits of the solution.
We’ve already talked about the fact that Tivoli Access Manager for Enterprise Single Sign-On can handle logon and password change for almost all of you systems and applications. And we’ve touched on the fact that it can provide application and system integration with advanced security systems like smart cards and biometric scanners.
Implementation can be simplified because Tivoli Access Manager for Enterprise Single Sign-On is easy to deploy and does not require changes to the infrastructure. It also supports various directories without schema modifications or extensions. Tivoli Access Manager for Enterprise Single Sign-On can take advantage of the directories and databases that you are already using today for administrative data. Not only does this rapidly accelerate deployment, it can save you the cost and effort of switching data to a vendor specific database.
The integrated profile wizard and visual profiling technology lets you quickly generate single sign-on access for all of your Windows, Web-based, Java, or mainframe applications. It's as easy as selecting the task to automate, and dragging and dropping the targets, and no scripting is required. Tivoli Access Manager for Enterprise Single Sign-On is scalable, with an open architecture and open interfaces to enable you to leverage your existing data and disaster recovery infrastructure.
Administration can be simplified with centralized administration and configuration utilizing a complete set of intuitive tools. Administrators can efficiently manage user access and system policies through a single Web-based interface. Policies can be easily organized into templates and applied to different user groups.
Tivoli Access Manager for Enterprise Single Sign-On also offers expanded support for flexible user types. We’re talking about smoothly managed access for users at dedicated workstations in the office, on the road, or at multi-user machines or public kiosks. So you’re not restricted to Internet or intranet. Your users are covered no matter how they access the system.
As you can expect, these capabilities and technical advantages can translate to real advantages for your organization. Now let’s look at the business benefits.
<number>
This is an example of a real customer implementation. This customer has simply asked that we not publicize the name of their organization.
<number>
NOTE: This slide has been approved by Gartner for use AS IS within this customer presentation only. No changes, modifications, deletions or additions may be made to this slide. This slide may be used in this customer presentation until September 15, 2010, after which time this slide may no longer be used.
The complete Gartner MarketScope report is available at
http://imagesrv.gartner.com/media-products/pdf/reprints/ibm/external/volume4/article21.pdf
<number>
NOTE: This slide has been approved by Forrester for use AS IS within this customer presentation only. No changes, modifications, deletions or additions may be made to this slide. This slide may be used in this customer presentation until November 2, 2010, after which time this slide may no longer be used.
In summary, we’ve looked at how Tivoli Access Manager for Enterprise Single Sign-On can help your organization:
Reduce costs and simplify implementation and administration
Strengthen security
Support your compliance efforts, and
Improve user productivity
To get started, I would suggest that you assess your current password management posture. Find out which areas of password management are creating the most challenges for your organization, and where Tivoli Access Manager for Enterprise Single Sign-On could provide the most benefits.
Then, arrange for a demonstration. It’s amazing to actually “see” the difference that a single sign-on solution can make.
And finally, please feel free to view additional information from our Web site.
IBM not only offers the best-in-class identity and access management solutions, but also unsurpassed breadth and integration across its security suite. IBM Tivoli Unified Single Sign-On is one such integrated solution. It extends the capabilities of Tivoli Access Manager for Enterprise Single Sign-On to address your end-to-end requirements for single sign-on inside, outside, and between organizations.
Only IBM enables you to focus on driving business innovation by reducing the complexity of securing the organization through a flexible and adaptable approach across the entire realm of IT security risk. IBM can address the big picture, including: identity and access management, threat protection, managed services, mainframe security, application security, information and data security, and service management. So when you’re ready to expand into other areas of security management, IBM is ready to support your long-term security goals.
Main point: Answer questions.
Talking points
(ANSWER QUESTIONS)
Transition:
If there are no more questions at this time, then I think I’ll wrap up.
Main point: Thank everyone for attending
Well, that’s it for the formal presentation. I hope that you’ll agree that IBM Tivoli Access Manager for Enterprise Single Sign-On has a lot to offer – and if you dig deeper into the solution you’ll find that it has even more capabilities than I’ve had time to talk about today.
Please take a moment to let us know what you think about the information you’ve seen. We welcome the opportunity to talk with you individually and to answer any remaining questions that you might have.
Thank you again for attending.