Quest defender provides_secure__affordable_two-factor_authentication_for_oklahoma_city_1


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Quest defender provides_secure__affordable_two-factor_authentication_for_oklahoma_city_1

  1. 1. Quest® Defender Provides Secure, AffordableTwo-Factor Authentication for Oklahoma CityOklahoma City, Okla., boasts a population of 558,000 residents and owns one of the largest city ownedand operated municipal Wi-Fi mesh network in the world. This network encompasses over 620 squaremiles to date and provides access to over 150 different applications that are vital to public safety andcity operations. The city’s information technology department provides support for technology-basedcommunication and information systems, enabling the delivery of efficient and effective services to cityemployees.To improve the security of its networks and systems, Oklahoma City turned to Quest for a feature-rich,two-factor authentication solution.The ChallengeOklahoma City’s IT department is responsible for protecting all of the city’s data. Most users, however,used to authenticate to the system using a simple username and password, which created a serioussecurity risk.“Passwords are a security issue because users don’t like to change them regularly,” said Steven Eaton,information security manager for Oklahoma City. “In addition, if longer more complex passwords arerequired, users start writing them down because they can’t remember them, defeating their purpose ofenhancing security.”As a proactive and forward-thinking organization, the city’s IT group decided to implement securityrecommendations for user access based on best practices. “We realized we needed to step up to two-factor authentication to ensure the security of our network,” stated Eaton.Two-factor authentication typically combines “something you know” (such as a username and passwordor pin) with “something you have” (such as a smart card or hardware token) to verify that users logging inare who they say they are.The city already had a two-factor authentication solution in place for remote access, but it was expensive.Moreover, it needed a solution that would integrate with Active Directory (AD), and deployed easily acrossthe enterprise to more than 5,000 users.The Quest SolutionThe city’s IT group carefully evaluated solutions from five major vendors. Following extensive evaluationand testing of the technologies available, Quest Defender emerged as the clear winner. Defenderbases all administration and identity management on Active Directory, thus it could use the city’sexisting investment in AD and eliminate the costs involved in setting up and maintaining the additionalinfrastructure needed for other two-factor solutions. “We try to leverage existing investments wheneverpossible,” stated Eaton. “Since Defender integrates so seamlessly with Active Directory we were able toaccomplish that in addition to being able to use Active Directory as the single source for authenticationcredentials and management.” Moreover, Defender works with any OATH-compliant hardware token, andis easy to roll out.In addition, the IT group was pleased to find that Defender was compatible with encryption software italso planned to deploy. “We were able to get all of it to work together seamlessly, which was a big plus forus,” reported Eaton.“Our users like Defender better thanpasswords. They recognize that it actuallysaves them time since they no longerhave to remember longer more complexpasswords or call the help desk forpassword resets.”– Steven Eaton IS Information Security Manager Oklahoma CityOverviewHeadquartersOklahoma City, OklahomaServicesCity servicesCritical NeedsTo improve network security byimplementing two-factor authenticationSolutionQuest® DefenderResultsProvides affordable two-factor• authentication for all employeesImproves user productivity by• eliminating the need to rememberlonger more complex passwordswithout sacrificing securityEnabled gradual, seamless rollout, with• token self-registration and temporarytoken assignmentsCase Study
  2. 2. The Bottom LineDeployment of Defender has been nearly flawless for the city. . Because of Defender’s ZeroIMPACTapproach, the IT group has been able to perform a gradual, controlled migration to two-factorauthentication, resulting in 30% fewer issues than it had expected with other solutions. “We’ve been ableto roll out Defender department by department, which works well for us,” said Eaton. “We’ve alreadydeployed nearly 500 tokens, and we’ve had only two trouble calls.”Defender’s self-registration feature has been one key to the city’s deployment success. Another isDefender’s scripted auto install. “Defender’s deployment is virtually transparent to the end user,” saidEaton. “Once everyone in a department has registered their tokens, we group their computers in thesystem and ask these users to reboot,” explained Eaton. “The software is automatically installed, and theusers can start benefiting from Defender immediately.”Defender has already improved productivity among users and the IT group by alleviating issues withlost or forgotten tokens. “With our old solution, if users lose a token, they were dead in the water untilwe could get them new ones,” stated Eaton. “With Defender, we can give the users a temporary tokenand quickly get them back to work. Similarly, if vendors lose their tokens and need to VPN in to do somework, we can grant access temporarily.”Users who have moved from using passwords to the Defender two-factor authentication system havealso seen productivity improvements. “We had some initial pushback,” reported Eaton, “But now usersactually like it better than passwords. They recognize that it actually saves them time since they nolonger have to remember longer more complex passwords or call the help desk for password resets.”The city plans to completely replace its former authentication solution with Defender, and appreciatesbeing able to do so gradually. “As each of the old tokens dies, we will replace it with a new Defendertoken,” said Eaton. Oklahoma City has been pleased not only with the quality of the Defender solution,but also with the responsiveness of Quest Support. “Whenever you deploy a new product, you run intosome problems, because every environment’s unique,” explained Eaton. “But Quest’s support staff bentover backwards to get all of our problems resolved and worked through all our issues. We’re very happywith Quest.”About Oklahoma CityFounded in a single day on April 22, 1889, Oklahoma City has grown to a population of 558,000 residents.At 621 square miles, this sprawling capital city is one of the largest cities in land area in the United States.For more information, visit Quest Software, Inc.Quest Software, Inc., a leading enterprise systems management vendor, delivers innovative productsthat help organizations get more performance and productivity from their applications, databases,Windows infrastructure, and virtual environments. Quest also provides customers with clientmanagement through its ScriptLogic subsidiary and server virtualization management through itsVizioncore subsidiary. Through a deep expertise in IT operations and a continued focus on what worksbest, Quest helps more than 100,000 customers worldwide meet higher expectations for enterprise IT.Quest Software can be found in offices around the globe and at Software Incorporated. • To learn more about our solutions, contact your local sales representativeor visit • Headquarters: 5 Polaris Way, Aliso Viejo, CA 92656, USA© 2009 Quest Software Incorporated. ALL RIGHTS RESERVED. Quest Software and Defender are trademarks and registeredtrademarks of Quest Software, Inc. in the U.S.A. and/or other countries. All other trademarks and registered trademarks areproperty of their respective owners.CSW-OKC-Defender-US-MJ-032409“We try to leverage existing investmentswhenever possible. Since Defenderintegrates so seamlessly with ActiveDirectory we were able to do thatin addition to being able to useActive Directory as a single sourcefor authentication credentials andmanagement.”– Steven Eaton IS Information Security Manager Oklahoma City