Directories a Challenge

By Cameron Sturdevant  |  Posted 2003-03-03 Print this article Print

Directories a Challenge

Novell Inc.s Nsure requires that the companys eDirectory be installed on, at least, the central console. IBMs Tivoli identity and access management platform can work with a wide variety of directory services, and Computer Associates International Inc.s eTrust family can also use various directories. But the fact remains that integrating any of these identity management frameworks is no small task.

One reason is that most enterprises, especially those formed from merged companies, often rely on different directories. Any IT manager who has lived through a directory implementation project knows that integrating an identity management system is not going to be easy. Just making sure that the directories contain consistent information about users is a huge chore.

IT managers should evaluate the time it takes to do adds, moves and changes to the directory to set a base line for the potential return on investment of identity management tools.

Another factor to consider in calculating ROI is the cost to reset a forgotten password. A common figure bandied about is $45 per lost password. Organizations can determine this figure by basing it on the wages of the locked-out user and the help desk staffer, plus lost productivity, plus the cost of a help desk transaction. Get a report from the help desk on the number of password reset calls handled per year to figure the total cost per year.

However, the cost of an identity management system does not relate solely to the cost of password recovery. All the systems eWEEK Labs evaluated for this report also help manage the removal of an authorized user, a process that is often time-consuming and prone to error. The user provisioning tools we analyzed should significantly reduce the amount of handwork and, consequently, the error rate of this process.

We began our identity management evaluation by looking at products that were the quickest to implement—the point solutions that handle only password management.

Passlogixs $69-per-seat v-GO SSO is a single-sign-on product that is preconfigured to work with most common applications. v-GO SSO monitors user log-on activity, then takes over the process. At the same time, the product can be configured to change the users password into one that conforms to the organizations guidelines (for example, a password that changes every month or that meets a minimum length and a mix of alphanumeric characters).

Users dont know what their new passwords are; they know only the passwords they use to access v-GO SSO. This means that when an authorized user leaves the company, a designated human resources person can simply revoke the persons v-GO SSO authorization to prevent further access to the organizations data.

One of the drawbacks to v-GO SSO is that it works only with Windows machines, precluding its (effective) use at mixed-operating-system shops.

The Neusine system, from Castle Systems Inc., is intended for use by organizations that need to meet Health Insurance Portability and Accountability Act requirements for auditing access to patient records and insurance information. Sutter Health is a user of the Neusine system.

Neusine puts a new twist on an old technique. Using Neusines Java-based interface, users are authenticated when they move elements in a picture around the screen. The product first ensures that the objects are moved in the correct order and to the correct locations. The twist is that Neusine tracks users hesitations and habits as they move the objects on the screen. In principle, the method is similar to keyboard-cadence products.

Neusine is also different from other identity management applications weve seen in that it is delivered as a service. Each completed authentication is charged a negotiated rate, usually some fraction of a cent for large-volume customers. Because any identity management system has ongoing maintenance costs, the pay-as-you-go scheme might turn out to be cost-effective for many high-volume users. A seat subscription for the Neusine system will cost about $10 to $12 per user per year.

Although Neusine is targeted at the health care industry, there are no technical reasons why it couldnt be used in other industries—providing a needed shake-up in the way people think of passwords.

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel