Verity Credit Union Live Webinar - Q&A

Security compliance often requires complex passwords – causing user frustration and helpdesk calls. Jon Wu, System Engineer at Verity Credit Union, joined me for a webinar on how SSO helped Verity increase user productivity and customer satisfaction. Below is the transcribed Q&A from the webinar. View the full webinar here:

Question 1:
Did auditing play a role in your decision to buy single sign-on, and has it helped with reporting on user access?

  • Answer: Yes it did. When we first mentioned that we would be getting a password program, users were nervous. They thought, “is this password program going to remember all of my passwords and keep it secure?” When we presented to Imprivata, they said no problem, it’s all taken care of. From end to end the passwords are encrypted. Imprivata takes care of both situations, and we don’t have to worry about it being exposed in any way.

Question 2:
What kind of ID badges do you support?

  • Answer: I assume that’s referring to OneSign’s support for proximity card readers. These are the kind of building access cards or for accessing parking lots where you wave the badge. OneSign supports any proximity card that’s out there on the market out of the box. If your ID badges or employees badges aren’t the proximity technology type, in other words, if they’re only mag stripe, we do sell little stickers about the size and thickness of a quarter that you can adhere to or stick onto your current ID badge to make it a proximity badge. It makes it easy for you to kind of tap to get into the desktop just by tapping the card and entering a second factor like a pin or password and tapping the card to lock the desktop as well if they want.

Question 3:
How much time do you spend on maintenance of the system?

  • Answer: We’ve only done the maintenance that is required by Imprivata. I think it’s only once a year. You upgrade your agent, and that’s pretty much it. Very low maintenance, we very rarely think about it. It’s one of those appliances that you just put it on the rack and let it sit and go.

Question 4:
Do you have to contact your core application vendor to set this up or were you able to do it without any assistance from them? By core they’re asking is it Symatar Harland etc?

  • Answer: Our core is with OSI. I’d have to say that they have probably one of the most complex profiling I ever did, but if you can see on the screen, you can use Imprivata APT profiling capturing the specific fields that you want. It’s all done through Imprivata, even the password expiration. It’s very easy; it just takes some time depending on your core. With OSI, there were a bunch of screens that we had to capture.

Question 5:
How much involvement did your business management have in the buying decision? Were they invested in the project from the start?

  • Answer: Yes because currently we’re at 48 profiles with single sign-on. That meant that our credit union was using 48 applications all at the same time with different passwords and no password management. So, the business really needed it, and they couldn’t survive with an excel spreadsheet of passwords. So, it was backed by our stakeholders and executives, and it was very easy to justify it for this project.

Question 6:
Is there any research comparing different SSO products?

  • Answer: Yes, the Gartner MarketScope that came out in September or October 2010. That is available at no cost on the Imprivata website. I believe that it is featured on the homepage, and you can download it at no cost. You can also do a search on Google to find it there as well.