Monitoring user inactivity, and locking down a computer when the user forgets to, is the Holy Grail of PC security. It’s here.
The problem with inactivity has always been how to measure it. Keyboard presses, proximity cards, timers that ask you to re-verify your presence – all have major drawbacks (like inadvertently locking out your boss, or her boss) that inhibit their adaptation. The pain is increased each time the user needs to re-authenticate a locked session.
2010's biggest security SNAFUs
In the spring of 2009, I mentioned an upcoming product from Imprivata that could alleviate the “false positive” inactivity monitor. In an interview with David Ting, Imprivata co-founder and CTO, he noted:
“… most laptops, and many desktops, have integrated cameras. Add-on cameras (that attach to your monitor) are relatively inexpensive. So what this new software will do is to take your picture during authentication. Periodically during the session it will ‘peek’ through the camera again and if the person from the authentication picture can't be seen it will start the timer countdown. It will keep checking until the timer runs out, so that if you've stepped away to grab a book, for example, the countdown will be ended when you sit down again.”
I added that “This is revolutionary -- the biggest improvement in inactivity monitoring in, like, forever.”
Last spring, in the roundup of RSA conference announcements, I noted that Imprivata had released the product as OneSign Secure Walk-Away. I made a mental note to revisit the product, but that slipped my mind until Tim Cole (of Kuppinger-Cole) reminded me of it and pointed out that this great tool had just been awarded the 2010 UK IT Industry Award for ‘Security Innovation of the Year’.
The benefits of the product are really immeasurable, and it has been growing in acceptance by leaps and bounds, especially in the healthcare industries. As one customer sited by the awards people noted: “OneSign Secure Walk-Away will eradicate the long-standing security problems associated with unattended workstations. Its greatest benefit is that it eliminates the possibility of one clinician making changes in our healthcare information systems whilst the workstation is logged in under a different clinician, which can compromise patient safety and security. Before Secure Walk-Away, this was always a serious patient safety risk.”
When a user moves away from the desktop the software automatically locks the user’s screen, protecting the data from unauthorized access. Upon return, Secure Walk-Away recognizes the user and unlocks the desktop. Elegant and simple – the ideals all software should strive for. It’s also the most effective security since it requires no action on the user’s part – it all happens “automagically”.
If you have workstations that can be compromised by insiders, visitors, clients, vendors and the like, you should investigate OneSign Secure Walk-Away.