Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk Management

02:45 PM
Melanie Rodier
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Case Study: Loomis Sayles Implements Multifactor Authentication

Loomis Sayles deploys Imprivata technology to enable authentication via password, fingerprint and token.

One of the major challenges financial firms face is securing their IT environments and meeting compliance demands while containing costs. To boost its network security, Loomis Sayles ($120 billion in assets under management) turned to multifactor authentication.

After deploying Citrix for single sign-on authentication, the Boston-based firm, which is a part of Natixis Global Asset Management, an asset management group based in Paris, decided to add the Imprivata OneSign Authentication Management solution, which enables authentication by password, fingerprint and token.

"Passwords can easily be shared, or complex ones forgotten," explains David Mickelson, chief technical architect at Loomis Sayles. "A stronger way of authentication is by fingerprint or by token."

According to Mickelson, Imprivata's solution authenticates local and remote users as they log on to the corporate network. It also supports user accountability by recording all user and application events in log files, providing a monitoring trail accessible to administrators.

Lexington, Mass.-based Imprivata says its OneSign Authentication Management solution reports in real time an aggregated view of when, how and from where an employee gained access to the network. This can help companies "rapidly respond to audit inquiries that may otherwise require manual viewing and collation of independent system logs," the company claims.

"When people are in the office they can then swipe their fingers on a USB device, which will authenticate them automatically," Mickelson relates. "You don't have to remember your password [to access the network] anymore -- just swipe your finger."

He adds that employees also have the option of using a security token for authentication, noting that they cannot access their Windows desktops without completing one of the authentication steps. Once employees have gained access to the network, the Citrix Password Manager prompts them for a password to gain access to mission-critical applications.

Biometric Challenges

Despite their ease of use and the enhanced security and fast access they provide, Mickelson concedes that biometrics sometimes present significant challenges. "There are very strict policies with fingerprint recognition. People sometimes have to swipe their fingers a number of times," he reveals, explaining that the quality of the USB readers can affect scan accuracy.

Mickelson says Loomis Sayles has explored other types of biometrics to overcome the shortcomings of fingerprint recognition, including iris recognition. But the cost of these high-tech devices continues to make them impractical for most private companies, he contends.

In addition, fingerprint readers are not practical for remote employees, Mickelson continues. "If you're at home, even with a fingerprint reader there is no standard mechanism out there to have your finger swipe converted to a digitized representation that can be passed over a wire and retranslated, so it doesn't work," he adds.

As such, the firm allows both employees who are unable to log on to the network after swiping their fingers several times and remote employees to use a password-generating token instead of fingerprint recognition. Rather than carry physical tokens that can be lost or stolen, however, Loomis Sayles relies on a software token from VASCO; the secure software, which is compatible with the Imprivata solution, is loaded onto employees' corporate BlackBerry devices, which they always carry with them, Mickelson says.

Meanwhile, though Mickelson reports that Loomis Sayles is happy with the Imprivata solution, he acknowledges that managing and keeping the three different authentication solutions in sync can sometimes present a problem. "There are some integration challenges," he says.

For example, "When you log on with a VASCO token using a remote access Web-based solution, you jump to the VASCO server, which then communicates with Imprivata," he says. "The ultimate goal would be to have one integration platform."

Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio

Register for Wall Street & Technology Newsletters
Video
All Videos
Trading Floors
Slideshows
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.
More Trading Floors