Most of the reactions to last week's newsletter, " First, educate the user, " were consistent in saying that while education has been tried, there's little incentive for the user to learn.
The subject was getting users to log out when they leave their desk/office/cubicle. It's a security issue (anyone else could walk up and use their session) as well as a data integrity issue (it's impossible to back up open files without some preplanning, as we saw last time). Fortunately, there's at least one company that's done something about it.
ActivCard is a leader in smart cards, an area they've been active in for 15 years. We think of smart cards as the tokens (such as an ATM card, for example) that we use for authentication purposes. So-called " hardened " computer systems (those designed for high security) frequently have a smart card reader attached. Users need to insert their card and perhaps enter a passcode or identification number in order to be authorized.
There's also another kind of smart card used in many enterprises. Known as a proximity card, it's the one you wave at a reader next to a locked door in order to have the door automatically open for you (provided, of course, that you are authorized to enter the doorway).
ActivCard has joined together these two concepts. After using the proximity card to enter the premises, the user inserts it into a reader next to their PC and enters the activation code (passcode, PIN, what have you). The key design difference is that the card must stay in the reader. Periodically, the authentication mechanism checks for its presence. If it's missing, the session is terminated.
If the user wishes to leave the area around their desk, the proximity card is needed to open doors - so it must be removed from the reader.
This still won't do an orderly shutdown of applications, but the user knows the shutdown will occur. A tiny bit of education will quickly be bolstered through experience, creating an ideal learning experience. Most users only have to lose data once before they learn they need to shut down their sessions before removing the card.
There's still the small problem of the user who walks away from his or her desk (perhaps to confer with someone else in the area) without having to go through a secure door. The password-protected screen-saver we mentioned last week should be sufficient to protect those desktops. And with the smart card systems, even that will have to be cleared before the user can remove the card and go home, out to lunch or even to a meeting on another floor.
Retooling your doors, adding readers to your desktops and redesigning your authorization systems isn't an inexpensive proposition. But weigh that against the cost of a security breach and it might seem like a bargain.
A tip-o-the-hat to Tim Harris for pointing out this elegant solution.
RELATED LINKS
Dave Kearns is a writer and consultant in Silicon Valley. His most recent book is "Peter Norton's Complete Guide to Networks" published by SAMS. Dave's company, Virtual Quill, provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more at Virtual Quill or by e-mail at info@vquill.com
