Security Magazine

Converged Identity And Access Management Platforms

December 5, 2007

Security Magazine has just leanred that Imprivata, the converged identity and access management appliance company, has improved its OneSign platform. Version 4.0 extends OneSign’s identity-centric access and authentication services across system and geographic boundaries with complete distributed management, delegated administration and business continuity capabilities. OneSign’s integrated authentication management, single sign-on and physical/logical convergence functionalities can now be implemented in a fully-distributed enterprise environment.

 

For the first time, a single centralized employee IT access policy can determine every aspect of access across all users, all rights, all locations and all conditions. OneSign delivers these capabilities with the industry’s most easy-to-use and deploy solution without requiring changes to existing IT and physical access infrastructures.

 

“Our success in helping mid-sized companies manage any number of identity-related initiatives has attracted strong interest from larger organizations suffering from the inability to effectively manage user authentication and access across networks, applications and physical locations,” said Omar Hussain, president and CEO of Imprivata. “The OneSign platform’s flexible foundation and our on-going push to extend its capabilities have led to the development of this new version that enables organizations of any size to effectively apply identity management best practices.”

 

“Convergence is more than just the use of the ‘Swiss Army Knife’ smart card for physical access and ‘traditional’ IT authentication,” noted Mark Diodati, Identity and Privacy Strategies Senior Analyst at Burton Group. “Organizations, particularly those that are large and geographically-disbursed, want to make important security decisions based upon the user’s physical location at the time of access, and correlate user activity for intrusion prevention and forensic purposes.”

 

The distributed functionality introduced with version 4.0 extends OneSign’s platform capabilities to manage multiple locations with a single implementation, enabling enterprise-wide user identity roaming and seamless fail-over for business continuity. Now a OneSign implementation can provide secure two-factor user network authentication, single sign-on (SSO) to any application and physical/logical identity convergence for increased security – all with consolidated reporting – regardless of number of users, locations or access management needs. 

 

“Imprivata’s OneSign is a complete identity and access management security platform that can enable an organization to implement an authentication strategy, single sign-on and now a physical access control system - integrating previously segregated domains,” said Christopher Paidhrin, chief information security officer, Southwest Washington Medical Center. “As a customer from the early days of OneSign, we can appreciate the way in which Imprivata has now extended its model to handle a more distributed environment. The introduction of OneSign 4.0 extends these powerful capabilities to distributed organizations, increasing security and improving the workforce experience, regardless of access points in the organization.”

 

OneSign 4.0 enables a user-centric view of activities for policy enforcement and compliance purposes. OneSign’s built-in database performs real-time replication of data across locations for accurate status monitoring for every user employing enterprise resources, including physical and IT assets. 

 

With OneSign version 4.0, Imprivata is also introducing an open API for OneSign Physical/Logical extending its convergence support more broadly into the physical security community. The open API will enable access control vendors to easily incorporate OneSign Physical/Logical’s identity-convergence capability into any installation and allow any supported system to become a part of the converged security platform.

 

“Imprivata’s identity convergence capability is what makes its OneSign platform truly all-encompassing,” said Marty Guay, COO, Securitas Security Systems USA, Inc. “Security today is about turning data into information, and Imprivata, by allowing easy consolidation of all relevant identity and security data, makes it far easier for security personnel to connect the dots around a security event.”

 

Other new features included in this release of Imprivata’s OneSign include:

 

o        Delegated Administration – enabling hierarchical administrative support across an enterprise’s physical and IT boundaries, as required;

 

o        Support for Multiple Accounts Per User for Any Application – allowing administrators or other users to access specific applications with multiple identities consistent with the role and level of access appropriate to the task;

 

o        Support for Vista on 64-Bit Systems – continuing to ensure that OneSign supports the widest range of Windows desktop environments; and

 

o        Multiple Token Support – allowing the administration of tokens from multiple vendors at the same time, without need to change current infrastructure.

 

Imprivata’s OneSign platform is an identity and access management solution conveniently packaged in an affordable and secure purpose-built appliance. It offers an effective way to achieve compliance while solving password management problems, reducing IT help desk costs and improving user productivity and security. The solution’s access management capabilities enable organizations to record and control who accesses what, when, and from where, helping to comply with corporate governance and government regulations. The OneSign platform includes OneSign Authentication Management (AM), which increases network security by replacing network access passwords with strong authentication options; OneSign Single Sign-On (SSO), which quickly and effectively solves password management, security and user access issues; and OneSign Physical/Logical, which integrates building and network access systems to enable location-based authentication and converged identity-based access policy.