05:25 PM
Connect Directly

Imprivata OneSign Eliminates Password Hassles At Renasant Bank

Self-contained appliance walks users through the deployment process using a Web-based interface and automatically learns the password behaviors of all applications.

Issuing unique passwords for individual lending applications kept systems secure but eventually created inefficiencies at Renasant Bank ($3.3 billon in total assets). "Late in 2004 a cry for help came from our branch task force," explains James A. Hayes, the bank's first VP and network operations manager. "Time spent learning, resetting and managing passwords was impairing our lenders' ability to meet customer service goals."

Although Hayes budgeted for a single sign-on (SSO) solution in 2005, resources were reallocated to support the bank's growth and acquisitions. "By the second quarter of 2005 the pressure was becoming an albatross," says Hayes. "So we formed an IT team to investigate options. By the following quarter we were evaluating vendors."

As a Microsoft (Redmond, Wash.) shop, Tupelo, Miss.-based Renasant runs Windows Server 2003 on a Dell (Round Rock, Texas) LAN/WAN connected to Wyse (San Jose, Calif.) thin-client terminals. "Since we use Citrix for application delivery, we looked at the Citrix SSO first," Hayes relates. "But we decided you'd need to be a rocket scientist to configure it, or you'd need to pay Citrix (Fort Lauderdale, Fla.) to do it for you. Either option was unacceptable."

The team also evaluated a solution by EMC's RSA (Bedford, Mass.) to complement Renasant's previous RSA deployment. "And we investigated a couple of smaller vendors," adds Hayes. "However, when we explained the scope of our needs, they declined to participate."

Fortunately, Hayes noticed an industry announcement about a New England bank's adoption of Imprivata's (Lexington, Mass.) OneSign Single Sign-On appliance solution. "Then a sales guy came in with the Imprivata box, and a day later people were single signing-on," Hayes recalls. "So we added a few more applications and users as a pilot in early 2006."

When news of the pilot reached the branch task force, Hayes' phone rang. "'When can we start using it?' they asked. Shortly afterwards, we inked a deal with Imprivata," Hayes notes. "In the second quarter of 2006 we began rolling out SSO to 300 users."

According to Imprivata, the self-contained appliance walks users through the deployment process using a Web-based interface and automatically learns the password behaviors of all applications. "The implementation was so smooth that our biggest challenge was deciding where to take Imprivata's installation rep for lunch," Hayes jokes.

The solution began paying for itself immediately, according to Hayes. "Lender password resets fell by 82 percent in 2006 over 2005," he says. "That's about 246 help desk hours annually. And there's virtually no IT overhead -- initially it took 20 to 40 minutes to set up each application, and then it truly became a system we almost forget is in place."

Unexpected Benefits

Renasant even discovered other benefits. "SSO has eased lender fears during acquisition discussions," reports Hayes. "Plus Imprivata provides tools for identifying how many people are using any given application. With the tool, we're objectively paring down applications and site licenses to match. In one case we had 200 site licenses for an application that only one person was using. At this time, we estimate the overall savings to our IT budget [resulting from the Imprivata implementation] could be as high as 5 percent."

With Renasant's SSO users now approaching 1,000, Hayes says Imprivata's solution has even become a litmus test. "If an existing or proposed vendor's offering doesn't integrate with Imprivata, we consider an alternative," he explains.


?228-137??228-137? Institution: Renasant Bank (Tupelo, Miss.).

?228-137??228-137? Assets: $3.3 billon.

?228-137??228-137? Business Challenge: Improve lender productivity by consolidating application passwords into a single sign-on.

?228-137??228-137? Solution: Imprivata's (Lexington, Mass.) OneSign Single Sign-On (SSO) Solution.

Anne Rawland Gabriel is a technology writer and marketing communications consultant based in the Minneapolis/St. Paul metro area. Among other projects, she's a regular contributor to UBM Tech's Bank Systems & Technology, Insurance & Technology and Wall Street & Technology ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.