Interview with the head of department of IT of Gazprom sera company Ivan Chernoknizhnikov

TAdviser: Ivan, tell, please, how in Gazprom sera there was a requirement of solving of tasks of the strengthened authentication of users? What became a decisive factor and was an incitement to search of the solution and project implementation?

Ivan Chernoknizhnikov: The need for the strengthened authentication in Gazprom sera, perhaps, as in many modern companies, arose because of shortcomings of password authentication about which to speak, I think, excessively. In recent years these shortcomings were repeatedly discussed and today are obvious to the vast majority of the companies. I will note only that problems with passwords to a large extent are defined by a human factor therefore simple organizational measures in this case are ineffective.

For data security provision it is necessary to use more protected authentication methods where influence of a human factor is minimized. As such method we selected biometric authentication on a fingerprint. The main factors for benefit of the choice of this technology of steel for us inseparability of an authenticator (finger) from the user and simplicity of the procedure of authentication.

We implemented the project on implementation of new technology of authentication on the basis of solutions Indeed Enterprise Authentication and Indeed Enterprise Single Sign-On. Indeed Enterprise Authentication provides a possibility of use of technologies of strict authentication of users at access to resources, and Indeed Enterprise Single Sign-On implements technology of a uniform input in enterprise scales.

TAdviser: What key requirements to a system did you impose?

Ivan Chernoknizhnikov: Selecting a system for implementation of our project, we studied solutions of several producers in the test mode. We were faced by a problem of creation of a single system of authentication at access to information resources of the company on the basis of a fingerprint. Therefore first of all we, naturally, selected the system supporting this technology of authentication. However taking into account permanent development of an information system of our company, we also considered a possibility of support of other technologies if it will be required further.

Paid attention to simplicity and convenience of using of a system as users have the different level of knowledge in information technology field.

In addition to quality of work and functionality of the software, existence of full technical support was important criterion for us that would allow to resolve quickly the issues arising during implementation and operation of a system. As a result we came to a conclusion that the solutions Indeed ID meet almost all our requirements and are the most optimal variant for our company.

TAdviser: What changed in work of employees after system implementation? How now does authentication of employees happen?

Ivan Chernoknizhnikov: In terms of gaining access to applications and information systems, in work of employees there were practically no changes. On each workplace the fingerprint readers Futronic were installed and instead of usual password entry it is necessary just to put a finger to the reader now.

In terms of execution of regulations and requirements of information security, life of users became much simpler. Now they do not need to think out difficult passwords, regularly to change them and to remember. The input on the PC is strictly limited now and is performed only by that user to whom access to resources is provided. Respectively, and the user gets access only to 'the' resources. Thus, employees are not afraid of a compromise of the credentials now.

TAdviser: How did employees apprehend new technology? How fast there took place adaptation to 'innovation'?

Ivan Chernoknizhnikov: The question of innovations in the field of information security support is always perceived by employees rather sharply as increase in the security level usually is associated with reduction of convenience of work.

Meanwhile, the result of implementation in many respects depends on the loyal relation of users. We managed to achieve such relation. First, we explained to employees what all this is necessary for. Secondly, the important role was played by usability of a system to which we paid attention at the initial choice of a system. Users quickly got used to new technology of authentication.

TAdviser: Whether a lot of time occupied system implementation? Whether some cardinal completions of a system were required?

Ivan Chernoknizhnikov: In total, implementation process - from pilot system implementation before its complete input in commercial operation - took about 6 months. System implementation consisted of installation and initial setup of a server part and the subsequent centralized distribution of client parts for jobs of users. We quickly resolved the issues arising in the project progress concerning functioning of a system jointly with specialists of Indeed ID within technical support.

Cardinal completions of a system from the developer were not required, and here in the report generation mechanism we had a need of individual completions. We executed this adaptation independently.

TAdviser: What changed after implementation of strict authentication? How did the project in general affect information security?

Ivan Chernoknizhnikov: Naturally, there are processes which do not disappear from administration anywhere, but it is possible to tell about confidence that the level of information security became higher, and protection against unauthorized access is more reliable. The problems and risks connected with password access left. Implementation of authentication on a fingerprint excluded deniability from the performed operations that simplified process of investigation of incidents in case of such need.

A number of requirements of information security and regulations of access to information systems are executed automatically now.

TAdviser: 'Pluses' of the selected solution are obvious. Whether it was succeeded to reveal some 'minuses'?

Ivan Chernoknizhnikov: For the solution of our tasks it appeared the mechanism of audit and journalizing of events which is insufficiently implemented in a system. Therefore for us the main shortcoming is a lack of record of events of the Indeed ID system in the online-mode in Microsoft SQL base.

TAdviser: What recommendations can you make to the companies which are in selection process of a system for strict authentication or only begin to implement such solution?

Ivan Chernoknizhnikov: In any project sense of purpose and real requirements of the company is important. Selecting technologies and means of authentication and also the relevant decisions, it is necessary to analyze importance of the processed information, relevant threats of information security and risks of possible damage (financial, reputation character). These data in total with powers of users and administrators of the company will allow to define necessary requirements to reliability of authentication that in turn, will allow to implement the system optimum suitable under specific objectives and operating conditions of the company.