City of Miami Beach reduces helpdesk calls and complies with FBI CJIS requirements with Imprivata OneSign
Industry:Local government (including police, fire and code enforcement)
Niche and legacy government applications; law enforcement applications accessing federal crime database
- Heterogeneous environment with niche applications
- Difficulty enforcing password policies
- High volume of helpdesk calls for password resets
- Reduced helpdesk calls
- Compliance with FBI CJIS requirements for authentication
- Enhanced security of constituent data
Government agencies face a paradox: serving the public requires unimpeded access to disparate software applications, while maintaining information security requires ever more complex login routines, with growing regulatory oversight. And with shrinking state and local tax revenues, government agencies have fewer resources for providing high levels of public services.
Such was the dilemma for the City of Miami Beach, a municipality with a year-round population of about 90,000 that regularly triples to 300,000 or more.
The business challenge
“Managing multiple passwords with different complexity rules was getting out of hand for certain departments,” says Nelson Martinez Jr., Systems Support Manager for the City of Miami Beach. “People were writing down passwords in PDAs or notebooks and whipping out pieces of paper to remember passwords.” Not surprisingly, reset requests were jamming helpdesk lines as well.
Beyond password consolidation and single sign-on, the challenge was finding a solution compatible with the specialized niche applications that are ubiquitous in local government environments. Architecturally, such applications are often atypical or outdated, creating multiple implementation headaches.
With password hurdles mounting, Martinez began looking for single sign-on (SSO) options. “About that time I received a flyer in the mail from Imprivata for a purpose-built appliance called Imprivata OneSign®,” he recalls. “I’d never heard of it, but an appliance-based product caught my eye.”
The Imprivata OneSign solution
Martinez researched multiple available SSO offerings, including Imprivata OneSign. Says Martinez, “We wanted something that would kill multiple birds with one stone —from reducing reset requests to assisting with multiple profiles for niche apps and legacy systems,” Martinez emphasizes. “We also wanted self-service features that helped users of all types from all divisions within the city government gain confidence and have a better experience. During the hands-on testing, it was clear that Imprivata OneSign fit the bill.”
In addition, Miami Beach was impressed with Imprivata OneSign’s built-in capability to integrate biometric devices. “We decided to deploy fingerprint readers in IT initially, and then offered them to departments throughout the city,” says Martinez.
The initial Imprivata OneSign implementation included niche applications, legacy systems, and fingerprint readers. “Although the Imprivata OneSign appliance was configured within hours, we were completely up and running in under two weeks,” Martinez says. “Then we rolled out Imprivata OneSign to users in a phased approach. We posted an FAQ on our intranet and conducted hands-on training to achieve buy-in. We finished the entire rollout in less than four months and it’s worked great ever since.”
Before Imprivata OneSign
- Multiple passwords with different complexity rules were becoming unmanageable and affecting productivity for certain departments
- Excessive helpdesk calls for password resets and after-hours calls
- Difficulty demonstrating access security for constituent data
After Imprivata OneSign
- SSO improves user productivity with one login across many applications– 1,800 users SSO-enabled
- Self-service password management eliminates reset calls to the helpdesk, reducing administrative overhead
- Fingerprint biometrics, audit and reporting aid security and compliance
Imprivata OneSign quickly met the city’s initial needs of reducing password reset requests. According to Martinez, “Now supporting 1,800 users, Imprivata OneSign has slowed password reset requests to a trickle. We need fewer helpdesk resources to support our staff. And we rarely get any reset calls in the middle of the night anymore.”
But the benefits have extended far beyond the time savings of reducing password resets. In the years since initial deployment, the City of Miami Beach has reaped additional benefits from centralized application access control with strong authentication capabilities.
CJIS compliance: The FBI requires law enforcement agencies connecting to the Criminal Justice Information Services (CJIS) systems to use unique IDs and strong passwords by 2010, and advanced authentication by 2014. With Imprivata OneSign, City of Miami Beach has been able to enforce complex passwords and implement fingerprint biometrics, meeting the second requirement ahead of the 2014 deadline.
Audit readiness: Using Imprivata OneSign’s extensive audit and reporting capabilities, the City of Miami Beach can immediately demonstrate to auditors that they track all application access and enforce authentication and access policies. According to Martinez, “Once auditors see what the OneSign solution does, they don’t have to ask many additional questions—our experience has been very positive.”
Disaster resilience: “We’re moving toward an emphasis on business continuity where everything at our co-location is hot, spinning, and available,” says Martinez, who represents the City of Miami Beach on a state-wide task force that is adapting corporate enterprise standards for government use. “Our distant hot site will allow the city to keep working even if our data center goes, and OneSign will definitely play a role.”
At an organization charged with serving the public and delivering taxpayer value, Imprivata OneSign has proven an excellent fit, Martinez emphasizes. “Imprivata OneSign has improved productivity throughout city departments because people aren’t sitting around waiting for a simple password reset, and has helped us manage audits and new compliance requirements,” he says. “They really see the value and flexibility the solution provides to their business unit, especially those that are 24 hour operations.”