This article can also be found in the Premium Editorial Download "Information Security magazine: What's the best IT security advice you've ever received?."
Download it now to read this article plus other related content.
Imprivata's OneSign 2.8
Price: Starts at $16,000 for 200 users
Passwords are infosecurity's Achilles Heel. Weak passwords--your pet's name or mother's maiden name-- are easy to remember and easy to guess. Strong
Imprivata's OneSign is SSO for the rest of us, with an innovative technology that makes adding almost any application a snap.
The star of the OneSign package is its powerful yet intuitive Application Profile Generator (APG), which "learns" virtually any application and can recognize when OneSign should enter the credentials. It sets itself apart by doing away with manually scripted login procedures, saving time, money and frustration. In our lab, we easily generated several application profiles without even opening the APG guidebook. We succeeded with every authentication portal tested, including Web and application logons, PUTTY, VNC and several other mechanisms. Each application was recognized, and the performance was flawless.
The client agent is close to transparent to the user.
It constantly searches for matches to its known login screens to make application login processes automatic. Once the application is in the OneSign database, the user simply needs to open the application and go to the login screen. The agent will sense the presence of the login screen and alert the user to a new login detection via a system tray bubble. When the user credentials are entered, the agent captures and uploads them to the OneSign appliance in an encrypted format.
The appliance was very easy to install. The device walks you through several steps for an effortless configuration. Users can be imported from Active Directory, NT Domains, Sun ONE, Novell NDS or any LDAPv3-compatible implementation. OneSign can be instructed to sync with the directory at any time to update the user list, storing attributes in lightweight XML files.
OneSign ships with two appliances standard for failover.
The product's security is very tight. The security policy can be set to require the user to reauthenticate at set intervals, from 1 to 60 minutes, or at random. The desktop is locked when reauthentication is required to protect unattended machines. OneSign supports standard passwords, fingerprint readers, ID tokens, smartcard/USB tokens and proximity cards. Offline operation can also be permitted for users through the policy, ensuring that access will not be interrupted. If offline mode is enabled, passwords are encrypted on the user's computer.
Imprivata is targeting the mid-sized business market with OneSign. The powerful features set makes it very attractive for organizations overwhelmed by password management/security issues. Larger organizations may also be interested in the product, but may be turned off by the lack of a distributed architecture.
This was first published in August 2005