advertise here



Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

Jason Mafera

Jason Mafera
Senior Product Manager, Imprivata

Ask me about:
Identity and access management and single sign-on.

Biography | Website | Ask a question

Q. Can you suggest the best solution to lock USB pen drives to a networked environment of PCs with a SBS server back end? This ensures that the data transported on them can not be utilised outside of this environment or read. The software would preferably also isolate all the PC ports / connectors apart from these authorised drives.

A.When it comes to controlling USB devices, and in this case protecting data stored on flash devices and controlling where and by who this data can be accessed, this is normally handled by an endpoint security product.  You will want to make sure that the data is encrypted on the devices, access is controlled, and the solution provides centralized management of policy and encryption keys.  There are a fair number of products that can provide this type of functionality, normally described as Endpoint Security products.  While I can’t recommend a specific product, some of the major players in this space are DeviceWall, GFI, Checkpoint (formerly PointSec products), Utimaco, WinMagic, Symantec, and McAfee.  This is by no means an exhaustive list, but a place to start.  I would recommend evaluating a few of the solutions and see which fits best within your environment.

 

Q. If I am considering using a Single Sign-On (SSO) solution for password management for my users, should I be concerned about storing all these credentials in 1 place?

A. The simple answer is that it depends on the end user and the value of the data that they access.
In most cases this credential data is encrypted and not discoverable by an administrator, but this is only as good as the authentication method that releases these stored passwords.
This is something referred to as the “keys to the kingdom” problem, as all the usernames and passwords for applications are stored in one place.
In its simplest form all these credentials are “unlocked” with a single password, many times using the windows logon. This can definitely be an issue, depending on the level of access a user may have to an application (think financial data).
The way to mitigate this is by using a stronger form of authentication (than a password) to “unlock” the SSO credential store. There are many varieties of strong or multi-factor authentication, ranging from biometrics (fingerprint) to smartcards to OTP tokens, and one size does not fit all.
It is important when looking at these types of solutions to ask how flexible they can be and if different groups of internal users can use different forms of authentication. This gives the flexibility to decide if and when certain users may need better protection of their SSO enabled application credentials.


 

 
Search this Site:
Google Custom Search



Click here...