Competitive Advantage and Authentication Management

Commercial history dictates  competition can induce efficiency and encourage innovations that help improve commercial success.

The discovery and introduction of newer technologies, making production processes, products, and services more efficient. The cost savings that can be achieved are sufficient to overcompensate for both the compliance costs directly attributed to new regulations and the implementation costs.

The first company to gain the new technology, is able to exploit innovation by learning curve effects and attains a dominating competitive position compared to companies which constantly lag behind the technological curve.

 In  conclusion, companies that adopt a cost leadership business strategy  will fare better than companies that compete by following the crowd.

Authentication Management within the commercial sector is now one such technology in which serious competitive advantages are being enjoyed.

Two web browsers  Netscape Navigator and Microsoft’s Internet Explorer -- currently dominate the browser marketplace. Both support a wide range of platforms, including Microsoft windows, the Mac OS, and various varieties of UNIX.

Both browsers support SSL for encrypting forms that include passwords. It is worth noting that while both browsers support 128-bit encryption in their US-only products, users must take special action to obtain these versions and the vast majority of users probably are still running the much less secure 40-bit export qualified versions that are available as the default distributions. Both browsers support proxy servers as a configuration option. Both browsers support the incorporation of X.509 certificates.

There are many problems with certificates. They are not simple for the average user to import. Certificate backup and recovery (for example, in the case of a disk crash) is a problem. Certificates may not be moved smoothly as part of an upgrade; they definitely won’t move if a user switches between Netscape and Internet Explorer (Netscape will import IE certificates via explicit action, but neither browser will simply make use of certificates installed in its competitor).

Both browsers include a built-in Telnet. This Telnet does not support SSL for protecting the transmission of user ids and passwords. Both browsers can be configured to use independent Telnet helper applications rather than the build it Telnet. I am aware of work going on in the Mac world to provide a stand-alone Telnet application which incorporates SSL encryption. Reconfiguration of any browser to substitute an external Telnet is non-trivial for the average user.

One issue that is prominent is the Lynx character-based web browser. Lynx is important for two reasons: because there is still a large installed base of trailing-edge character-based terminal technology, and, perhaps more compellingly, because Lynx, in conjunction with other specialized assistive software, is a key part of many institutional strategies for meeting the needs of disabled users and the requirements of the Americans with Disabilities (ADA) law.

Both proxies and credential-based authentication schemes seem to be viable approaches. Proxies have the advantage of compartmentalizing and modularizing authentication issues within an institution. But they also place heavy responsibilities upon the licensee institution to operate proxy servers professionally and responsibly. Proxy servers will become a focal point for policy debates about privacy, accountability and the collection of management information; successful operation of a proxy server implies that the user community is prepared to trust the licensee institution to behave responsibly and to respect privacy. Similarly, resource operators have to trust the licensee institution to competently implement and operate a local authentication system; anomaly monitoring of aggregated traffic from a proxy server by a resource operator is very difficult, and the resource operator will have to largely rely on the institution to carry out a program of anomalous access monitoring.

A cross-organizational authentication system based on a credential approach has the advantage of greater transparency. Resource operators can have a higher level of confidence in the access management mechanisms, and a much greater ability to monitor anomalous access patterns. The downside is much greater complexity; issues of privacy, accountability and the collection of management statistics become a matter for discussion among a larger group of parties. Further, it seems that a credential system means that there has to be cross organizational interdependency in order to avoid systemic compromise of the authentication system, as opposed to a simple relationship of trust -- recognized in a contract -- for the proxy approach.

One point that seems clear is that an institutional public key infrastructure may not extend directly to a cross-institutional one; it may be desirable to issue community members a set of pseudononymous certificates for presentation outside the institution as well as individually identified ones that are used within the institution in order to provide a privacy firewall while still maintaining some level of accountability.

IP source filtering does not seem to be a viable general solution, although it may be very useful for some niche applications, such as supporting public workstations or kiosks. It can be used more widely -- indeed today it usually is the basic access management tool -- but it definitely cannot support remote users flexibly in its basic form. Most real-world access management systems are going to have to employ multiple approaches, and IP source address filtering is likely to be one of them.

Many UK companies are concerned with the costs of deploying access management systems and the supporting authentication infrastructure. There is relatively little good data on this, though some early adopter institutions are seeing rather high costs, particularly for public key (certificate) based approaches. There is an urgent need to develop a better basis for estimating the initial deployment and operating costs of the various approaches.

Imprivata OneSign? addresses these challenges by delivering an end-to-end solution that incorporates single sign-on, access control, and virtual desktop roaming. That means fewer clicks and less hassle with usernames and passwords. Companies can quickly access the systems and information they need, anytime, anywhere.

 Security is also a key feature of Imprivata OneSign. The solution maintains the security of in-house systems and  information so that companies can best serve their customers while maintaining their privacy according to best practices and local privacy laws.

Innovative and responsive, Imprivata OneSign streamlines access, giving companies increased productivity, stronger security, and reduced IT costs. With the help of Imprivata OneSign, companies can spend more time with company growth and less time dealing with technology.

In 1966 the Ford GT40 was the first car in nearly a decade to win against the dominating Ferrari, this was a direct result of  Carroll Shelby's Cobra Daytona team  being moved out of their home made GT projects and into full control of the then Anglo-American GT40 program. Soon followed the 427-equipped Mk2s, and with the new power and new organization the team enjoyed unprecedented levels of success, let Imprivata's industry leading  team  power you to ongoing success.