How many passwords does the average user have to remember?
That's a simple question, but the answer reveals a complex situation. As applications and services increase in number and nature, and users access those applications and services in an increasing number of ways, the need for simplified access becomes greater in proportion.
Unfortunately, "simplified access" does not accurately describe the situation commonly found in organizations today. The more applications and services are required by the users, the more passwords and user IDs are typically issued to them. And because most users respond by writing down their passwords/user IDs on easy-to-obtain lists, overall security is not enhanced—it's diminished.
Other complications apply as well. Password-rich security architectures make demonstrating compliance with security-conscious government regulations more difficult—meaning an audit can easily become a lengthy and potentially costly process. Overall user productivity declines as well, simply because more effort is required before users can obtain even basic access to the applications and services they need to do their work. Added up, these issues translate into substantially higher costs for the organization over time.
Improve overall security and user convenience while reducing costs and complexity
Fortunately, IBM offers a compelling solution to these many challenges: IBM Tivoli Access Manager for Enterprise Single Sign-On (TAM ESSO).
This offering delivers a single sign-on access experience for a remarkably diverse range of application groups: Windows, Web, Java, mainframe and teletype. Furthermore, it supports a similarly diverse range of access points: desktops/laptops, Citrix application servers, public kiosks/terminals, Microsoft Terminal servers and Web portals. This means that no matter which application users need to access, or how they're trying to access it, they are only required to sign on once.
Despite its comprehensive scope, TAM ESSO is quickly and easily deployed, and requires little or no modification of the existing infrastructure. TAM ESSO is a client/server system; the client software, AccessAgent, is installed and then communicates over the network with the TAM ESSO IMS Server, to validate user identities. Strong authentication can easily be used to ensure that users are who they claim they are, and the single sign-on process is extended to all types of working environments, from personal environments such as laptops to fully public, shared environments such as kiosks. In this way, users obtain fast, easy and yet secure access to the complete range of applications they need.
And just as the user convenience and productivity benefits are impressive, so too are the benefits to the organization as a whole. With a single password, for instance, come reduced costs in the form of fewer password resets carried out by IT. Thanks to powerful authentication/validation, which helps ensure that only the right people obtain access to key services, applications and data, the overall security is improved. And thanks to centralized audit tracking, the organization can more quickly and easily demonstrate compliance in the event of an audit.
New features deliver increased security and innovative possibilities
IBM is continually enhancing its solutions to align more closely with emerging customer needs and interests, and TAM ESSO is no exception. In the latest version, TAM ESSO version 8.1, a range of innovative new features has been added to extend the value of this solution even further.
- An open authentication device interface
TAM ESSO has historically supported easy integration with strong authentication mechanisms of various types, in order to directly address the specific requirements of internal security policies and/or government regulations. In TAM ESSO version 8.1, this integration has been substantially expanded. The solution now supports more devices and more forms of authentication than ever before, thanks to its open authentication device interface, designed to maximize current and future integration with new security implementations both from IBM and third parties.
The open device interface supports integration with any smart card that is PKCS#11 or MS-CAPI compliant, and any serial ID device, such as your building access badge or photo badge. Also included are Bio-Key capabilities to support a broader range of biometric devices.
Organizations may also mix types of strong authentication, as well as mix devices from multiple vendors to support their requirements. This open interface protects the organization’s SSO software investment by enabling them to leverage different strong authentication devices in the future. And the Ready for Tivoli certification program provides a choice of Business Partner supported solutions.
- Wider platform coverage
Another advantage of TAM ESSO is that it allows fast, secure access to applications of many types, wherever users happen to be and whatever they happen to be using.
That advantage just got a boost via the solution's added support for Windows Vista for Kiosks; IBM WebSphere application servers running on Windows; Firefox, the Web browser managed by Mozilla; Windows Server 2008; and clients running 64-bit operating systems, which are increasingly deployed to give users the extra power of a vastly-expanded memory address space.
- Certifications
TAM ESSO version 8.1 is now certified as supporting two additional standards. These are the Federal Information Processing Standard 140-2, an encryption standard, and IP version six, which includes IPsec to achieve end-to-end security in complex network transactions. And TAM ESSO version 8.1 is also currently being evaluated for the Common Criteria Evaluation Assurance Level 4+, an exceptionally difficult standard to meet because it requires the offering to be shown as having rigorous and methodical design, testing and review.
- Enhanced integration
Integrating Tivoli Identity Manager and TAM ESSO enables account sharing among a predefined group of users and provides single sign-on for each user in the group to a designated shared account, even as the account password is updated. These products can be configured to enforce strict check-in and checkout of a pool of shared accounts to ensure accountability for privileged identity management.
- Improved server-side security
TAM ESSO version 8.1 now includes support for 2048-bit RSA key pairs and the Advanced Encryption Standard for the highest levels of encryption.
Experiment with the solution for 30 days at zero cost
Those who are curious to know more about TAM ESSO and the wealth of business benefits it can convey once deployed are invited to try it for free, for a full month.
Those who wish to see how it works in a general sense, without fully committing to an infrastructural test, can download the client-side software only (15 MB), which, once installed, will deliver single sign-on access to sample applications running on an IBM-hosted server. Alternately, if a more comprehensive test is the goal, the full client/server package (3 GB) is also available in order to demonstrate just how effectively TAM ESSO can start generating business value for the organization through fast, secure access to its own applications, for its own users.
Learn more
Recent Articles
- IBM Tivoli zSecure: Leverage IBM System z as a Security Hub
Dec 01
- IBM Tivoli: Keeping Applications Alive and Well
Nov 24
- Manufacture More Business Value with IBM Maximo
Nov 17
- The dynamic infrastructure just got more dynamic
Nov 10
- Pulse 2010: Building a Dynamic Infrastructure through Integrated Service Management
Oct 27
- IOD Offers Information about Information
Oct 20
- Retain Data, Reduce Costs: The IBM Information Archive
Oct 13
- IBM Solution Tracks and Enhances Network Performance
Oct 06
- Empowering Growth in Mid-Sized Companies
Sep 29
- IBM Access Management: Celebrating Ten Years of Leadership
Sep 22
- Browse full Tivoli Beat archive
