Functionality isn't everything
THERE ARE A LOT of access and password management products on the market, most of them performing similar functions. But that doesn't mean they're all the same from an agency's point of view.
'You can't make a decision based just on functionality,' said Nelson Martinez, director of support services at Miami Beach's Information Technology Department. Access, identity and password management are critical functions and store a lot of sensitive information. 'You have to consider the security profile.'
Martinez eventually settled on the OneSign platform from Imprivata, a client/server system that has a dedicated hardware/software appliance for a server.
One of the goals of password and access management, after all, is to improve security. In his search for security along with function, Martinez wanted a product that would provide a heterogeneous environment. Most of the products he looked at were software packages running on Microsoft servers. He was leery of them because he did not want to put password management on a server with known vulnerabilities being targeted by hackers.
'One of the reasons I decided to go with Imprivata was the fact it was an appliance solution running a lightweight, non- Microsoft operating system,' Martinez said.
OneSign runs a hardened Linux operating system. The only functionality Martinez said he has sacrificed by going to OneSign is the ability to establish more detailed password profiles. 'In that sense, Windows is lacking,' he said. He added that he would like to see Imprivata include middleware in its product that would allow the use of more flexible password requirements with Microsoft Active Directory.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.