Minding your P’s and P’s

It seems that there is a constant barrage of regulations and standards that businesses must comply with. Every quarter there is a new audit; SOX, GLBA, HIPAA, PCI, and the list goes on. Businesses try to accommodate these requirements by adopting structured governance model which presents their own requirements, seldom aligning perfectly with the others. Fortunately, there is a common thread woven into all these business detractions. If managed properly, that thread can be a lifeline to save much of the time and effort required to meet regulatory requirements. So what is this thread? It’s your policies and procedures.

Policies and procedures are the foundations of your businesses activities. They are the rules that you play by. They also can make up much of the evidence required by auditors to show that you understand and intend to comply with whatever regulation or standard being applied at that moment. Policies are high level management directives. They are designed to indicate to the company’s workers that management has made a commitment to something which they expect the staff to uphold. Policies are typically general in nature. Specifics are usually in the domain of the procedure. Read more

Web SSO vs. Enterprise SSO – What do I need?

So your organization has decided it needs to get a handle on managing the passwords for end users. A single sign on product is a great way to achieve that. Now the question becomes which product do I need? While the names may be similar, there is a big difference between Enterprise and Web SSO.

Enterprise SSO is designed (as the name implies) to provide single sign on to practically all the applications an end user would need. This includes web apps, Windows executables (thick clients), Java apps and mainframe/terminal emulator (greenscreen) apps. It works in a non-intrusive way by capturing the user ID and password for the application when the user logs in. The next time the application is launched, Enterprise ESSO will detect it and automatically enter the credentials on the user’s behalf and log them in. It can also be programmed to handle password changes (i.e. first time temporary passwords, 90 day password expiration). There is an executable installed on the end user’s desktop and profiles are created to recognize the login/password change screens for an application so the agent can respond to them. Since no changes are made to the applications, this provides a relatively quick and encompassing way to provide SSO to most apps a user would have. Read more