Leading Electric Company Improves Security and Compliance with Single Sign-On

Description

  • Single Sign-On Solution

Business Benefits

  • Provides single sign-on to all applications
  • Enables users to access the system using their badge, rather than entering their username and password
  • Secures each workstation
  • Provides audit trail for users signing into each workstation
  • Enables second factor authentication

Software

  • IBM Tivoli Access Manager for Enterprise Single Sign-On

CLIENT BACKGROUND

This regional transmission organization helps protect the health of New England's economy and the well-being of its people by ensuring the constant availability of electricity for its 6.5 million households and businesses. The organization meets this obligation in three ways: by ensuring the day-to-day reliable operation of New England's bulk power generation and transmission system, by overseeing and ensuring the fair administration of the region's wholesale electricity markets, and by managing comprehensive, regional planning processes.

BUSINESS PROBLEM

The electric company wanted to increase security for their 24/7 control room that monitors the health of the power grid in the New England region. With multiple shifts that provide coverage for the control room, the company wanted a way to require workers to authenticate into the workstation that they were working on creating  an invaluable audit trail.  They also wanted to keep machines secure during periods of inactivity. The company wanted to add the ability for employees to quickly log into terminals without burdening the end-users with additional passwords for applications.  In the case of an emergency situation, the control room operators would need to access the workstation quickly – and have the applications immediately available. The organization used RFID badges for access into the building and sensitive areas.  In order to bolster security they sought a way to utilize the RFID badges for second factor authentication into their network as well.

SOLUTION

Prolifics was engaged to create a more robust security model and audit log for the electric company.  After looking at the customer needs – it was determined that Tivoli Access Manager for Enterprise Single Sign-On (TAM ESSO) was the appropriate solution for their needs.  Out of the box, TAM ESSO provides the ability to secure a workstation, provide an audit trail for those users who sign-on, and also provides the ability for users to sign-on using second factor authentication.

The first priority of the TAM ESSO implementation was securing the Control Room operator machines. Once deployed, it allowed Control Room operators to register with their current Active Directory username and password, thereby eliminating the need for them to have another username and password to remember.  Due to the fact that the RFID badge system also used the same credentials, the Control Room operators were able to use their building badge to also access TAM ESSO, instead of having to use a username and password.  Along with rapid access to the data, this also gave an extra layer of security to the solution.  The system was then configured to lock the workstation when a user tapped their building badge on the badge reader – preventing other users from accessing the secured machine.  The fast user switching technology that TAM ESSO provides was also deployed, giving the ability to rapidly switch between users, along with providing an access trail detailing which applications the current user was accessing.

Additionally, applications were profiled to provide the ability to single sign-on when the application was opened.  When the user signed off, the software provided for single sign-off for those applications that were deemed private for the user, so other users would not have access to their data.

This system is currently in production at the company, providing the required single sign-on and authentication to secure the Control Room and meet compliance regulations.