Authentication Solutions - By Regulation

GLBA – Gramm-Leach-Bliley Act

Challenge

The Gramm-Leach-Bliley Act (GLBA) requires that all financial institutions, including banks, securities firms and insurance companies (as well as persons that receive protected information from financial institutions), adopt strict measures for protecting the privacy and security of customer data.  GLBA guidelines stipulate that these organizations must control risks to customer information, protect against threats to the security and integrity of customer records, guard against unauthorized access to these records, and implement authentication processes that only allow access to authorized employees.

Organizations that must comply with GLBA need a password authentication and management solution that provides the following capabilities:

• Enforces password policies for end-users with access to customer information;
• Ensures access to customer records is disabled as soon as employees leave the organization;
• Eliminates  end-users’ need to share authentication information with the Help Desk or IT staff for password reset or system access;
• Automates password reset processes; and
• Ensures complete, accurate audit trails for all changes in access rights.

Solution

PistolStar’s Password Power and PortalGuard respond to the GLBA compliance needs of financial institutions by ensuring robust password authentication, controlled system access, and consistent enforcement of corporate security policies.

Both products provide single sign-on using Microsoft Active Directory and the added security of the Kerberos authentication protocol, allowing end-users to use one password one time to access numerous enterprise applications, directories and servers, such as Lotus Domino and Notes, IBM WebSphere and System i, SAP and Oracle.

Password Power and PortalGuard further simplify authentication management by enabling end-users to perform self-service password reset/recovery, permitting them to change only one password in one location and without requiring the assistance of the Help Desk.  During the synching process, password security policies (e.g., password expiration and password quality) are automatically transferred to the other passwords, ensuring the coordination of disparate password policies.

PortalGuard also provides functionality that enables administrators to meet or exceed the authentication security requirements of GLBA.  Administrators can implement best practices such as requiring a username, password and challenge question response to gain access and multiple challenge questions for self-service password reset and recovery.  Password rules can be established by person, group or hierarchy and enable/disable certain password behaviors.  For example, administrators can configure the number of password strike-outs allowed for each user and receive an alert when a strike count is exceeded.  They also have the ability to:

• Prevent multiple users from logging in with the same credentials;
• Set password expiration intervals and grace periods for expired passwords;
• Track all login activity and certain login behaviors;
• Lock out inactive users and disable accounts of departed employees;
• Restrict the frequency with which a previously-used password can be re-used;
• Validate password strength during login; and
• Control password quality by configuring 12 fully customizable password strength rules. 

To summarize, Password Power and PortalGuard provide the following capabilities for satisfying the authentication and access management needs of regulatory compliance:

• Facilitating and enforcing the use of stronger passwords;
• Ensuring employees only have access to systems and information required for their jobs;
• Guaranteeing accounts are disabled and access is completely revoked when employees leave company;
• Automating password reset processes to eliminate human error;
• Ensuring complete, accurate audit trails and reports on all account changes, login attempts;
• Enforcing password policies that require passwords to be strong and changed regularly;
• Confirming unified password policies via accurate password synchronization; and
• Enabling strong authentication.