We are talking about the authentication products in general. What was previously SiteMinder, AuthMinder, some of the risk based authentication products that they have. I think the mainstream use that we have for the products are probably around web single sign-on. Being able to sign on to applications, the users not having to authenticate again. One of the good features we get out of the product as well is to be able to include different authentication methods. We use username and password but we also use smart card authentication, which is very key to our company.
Improvements to My Organization
Two factor authentication based on hard token effectively. Yeah the main thing I guess is, well two things. One is end user experience, so single sign-on. Before the product was introduced, we had multiple sign-ons to different applications. End users have to enter their username password multiple times. Now of course with single sign-on they enter it once and then during that session, they no longer need to authenticate again. The second thing I think that is important also security. It’s a secure product. We can make use of two factor authentication with the product and so from a security perspective, it gives us strong authentication. Our solution has to be basically 99.9% available, which means we have to have the highest availability out of the product that you can rarely from an IT system
We have deployed it in a very highly resilient and with a very strong PCM component. Ability to fail over within a datacenter and the possibility of failing over between countries and datacenters. It scales well, we have 200,000 users that's not simultaneous or you are all using it at once but certainly it scales events. There are advanced features that would mean that we need to look at scalability so it does authentication, does also authorization. If there is heavy authorization traffic then we really need to also look at how we scale that up. It can’t scale. It’s just a question of putting in more servers, putting in more infrastructure to allow it to scale.
Customer Service and Technical Support
To be honest, I don’t get involved with the operations side too much. I am an IT architect so I look at the overall architecture of the system and then how to introduce new requirements and how they can get fulfilled but my impression certainly is that the support is good. It has to be very good because we have a 99.99% availability, so if it wasn’t good we would’ve moved off it by now. I would say it is a relatively complex setup. We have a relatively complex environment so with all of the availability requirements we have, it is quite complex but having said that, it is no more complex than any other enterprise systems that has to be highly available.
I wouldn’t say it was overly complex but there's complexity in it. One of the reasons we are here today is also to understand what features there are in the future. I think for me as an architect, I look at what the emerging trends are. We have a lot of new requirements; mobility is a big one for us. Bring your own device, being able to authenticate on mobile devices securely, being able to make use of multiple applications right on that mobile device. Being able to integrate with containers for example Citrix, also with the changing old pricing models we have, a lot of outsourcing, a lot of software as a service, we need to be able to improve how we have authentication to the cloud, federation capabilities and that sort of thing. There is a lot that we can do to go forward.
At this point I'd rate it about 8/10. One of the biggest things is availability. Availability, scalability, you really have to make sure you understand the scale of the deployment and what your requirements are around availability. Certainly in our company it has to be the highest scale, highest availability. Don’t underestimate the amount of testing you have to do, the amount of stress testing, load testing, because this is critical infrastructure. This really is the front door to all the applications in the bank and if this goes down, the bank has stopped working. Quite simply you have to make sure that you do all of the testing required to make sure that product is absolutely rock solid.
I think it is very important to do your due diligence. You need to do your research into what is out there and what is best to meet your requirements. That said, I think there is nothing really that can replace doing a proof of concept. You have to do a proof of concept, because no matter what the vendor says, no matter what other people say other blogs or other reviews, your involvement is always going to be unique. There is always going to be something that you need that maybe other people haven’t done before. Be that some authentication method, some authorization method, the number of people you have, your topology of your network.
There is always to be something. Take all of the other information in but you must verify yourself. I think you have to really understand supportability. Quality of the product, so you have to trust the quality of the development methods, the testing that it scales to how you wanted to scale that you’ve got examples of the product being deployed in similar types of organization, similar sizes, and similar industry is important. Yeah I think they are the main things really.