Optimizing strong authentication: A two-step deployment strategy
Optimizing strong authentication: A two-step deployment strategy

For years, IT managers have recognized that passwords are an imperfect solution for protecting an enterprise's information assets. That realization has spurred a growing interest in two-factor authentication, essentially placing a second lock on the network door -- in the form of a smart card, token, biometric or proximity badge. Yet many organizations have either resisted or failed to take full advantage of these security aids.
 
One of the major barriers has been an inability to demonstrate a satisfactory return on investment. Strong authentication for computer-based access is typically used to replace or reinforce passwords during network or VPN logon, but users still have six, eight or even more passwords to access all their applications and accounts. Trying to integrate all applications to accept two-factor authentication would bust even the biggest IT budgets.
 
Another obstacle has been user resistance to adopting an extra authentication step without removing the aggravation of creating, remembering and managing multiple passwords. Add the lengthy due diligence process associated with evaluating multiple authenticator types and brands, and a strong authentication project can be stalled indefinitely.
 
One solution that breaks the logjam as well as maximizing the benefits of two-factor authentication is to couple strong authentication with enterprise single sign-on (ESSO), a technology that automates password entry for applications and online systems.
 
The strategy: Deploy ESSO first and strong authentication second. ESSO improves the business case for strong authentication deployment. Typically, it supports smart cards and other authenticators without extra integration efforts (any application or other system integrated with ESSO generally does not need to be reintegrated with a strong authentication platform).

In addition, ESSO can strengthen the security benefits of two-factor authentication since it extends the extra security beyond the network door to individual applications and accounts. Administrators can set access rights based on how users log on, enabling access to certain applications only if the user has gained network entry using strong authentication. 

In addition to eliminating user frustration with password overload, ESSO can increase employee productivity. Users can avoid application lockouts; IT can enforce strong password standards, and set up centralized password storage. In some cases, too, ESSO aids in compliance with government mandates related to data protection. 
 
With ESSO, organizations achieve both strong user and strong application authentication with little incremental integration costs. This is a compelling argument for any enterprise that is considering strong authentication implementation.