Mortgage Firm Banks on RSA Sign-On Manager

Case Study: Controlling network access with single sign-on authentication cuts costs and decreases help desk calls for Hudson Advisors.

When problems with user tokens started cropping up, Hudson Advisors LLC, a commercial mortgage servicer and real estate asset manager, decided it was time to look at a whole new user authentication system to control network access.

Hudson Advisors has replaced its outdated two-factor user authentication system with RSA Security Inc.s RSA Sign-On Manager 4.5 using RSA SecurID tokens.

The new system not only did away with the token problems Hudson Advisors was encountering, but has also allowed the company to quickly decrease password reset costs by leveraging the IntelliAccess password reset capability in the new version.

RSA Sign-On Manager 4.5, which was selected by Hudson Advisors after a six-week bake-off among several products, has also helped lower audit compliance costs, according to Mark Lynd, global chief technology officer and vice president of technology for the company.

"Our biggest concern is that we have just over 1,200 users in offices around the world that log in to up to 14 systems in a given day. Ensuring that all users have long passwords that were secure using numerics, alpha and special characters was pretty impossible to maintain," Lynd said.

Hudson Advisors couldnt get by with fewer applications. At the same time, it had to demonstrate risk mitigation to external auditors and customers by requiring strong passwords—which meant placing an onerous burden on Hudson Advisors employees.

"Also, when we had new employees or employees leave, we had a difficult situation," Lynd said. "We turned to SSO [single sign-on] because it was a good fit for our organization. We wanted to streamline on- and off-boarding [of employees], and we got help passing our yearly audits."

Audit compliance turned out to be a big cost-saver for Lynd and his staff when they started using RSA Sign-On Manager 4.5 to demonstrate effective access controls, not just for federal and state regulators, but also for mortgage and financial industry rating agencies such as The McGraw Hill Cos. Inc.s Standard & Poors and Fitch Inc.s Fitch Ratings.

/zimages/6/28571.gifClick here to read about why RSAs SecurID tokens have fallen short of expectations.

"We wanted an SSO solution that would allow us to go to custom applications, of which we have several, [as well as] third-party applications like Oracle [Corp.s] ERP and Hyperion, and Web-based applications," Lynd said. "That was one of the main things we looked for in our bake-off; not all the products out there are able to support all these types of applications at this point."

Lynd related one example of why Hudson Advisors selected RSA Sign-On Manager 4.5. "We have a .Net application that is an investor portal. One of the things we saw with SSO products and Web apps—and that [RSA Sign-On Manager] 4.5 specifically addressed—is that when you end your session, many Web apps take you back to the sign-in screen," he said. "Since the SSO product knows the sign-in screen, it automatically re-authenticates the user, even though they are trying to exit the application."

RSA Sign-On Manager 4.5 can be trained to recognize when a user is exiting a Web application and therefore knows not to authenticate the user to the application.

Next Page: Costs and payoff of implementing RSA Sign-On Manager.