1. Quest® Defender Provides Secure, Affordable
Two-Factor Authentication for Oklahoma City
Oklahoma City, Okla., boasts a population of 558,000 residents and owns one of the largest city owned
and operated municipal Wi-Fi mesh network in the world. This network encompasses over 620 square
miles to date and provides access to over 150 different applications that are vital to public safety and
city operations. The city’s information technology department provides support for technology-based
communication and information systems, enabling the delivery of efficient and effective services to city
employees.
To improve the security of its networks and systems, Oklahoma City turned to Quest for a feature-rich,
two-factor authentication solution.
The Challenge
Oklahoma City’s IT department is responsible for protecting all of the city’s data. Most users, however,
used to authenticate to the system using a simple username and password, which created a serious
security risk.
“Passwords are a security issue because users don’t like to change them regularly,” said Steven Eaton,
information security manager for Oklahoma City. “In addition, if longer more complex passwords are
required, users start writing them down because they can’t remember them, defeating their purpose of
enhancing security.”
As a proactive and forward-thinking organization, the city’s IT group decided to implement security
recommendations for user access based on best practices. “We realized we needed to step up to two-
factor authentication to ensure the security of our network,” stated Eaton.
Two-factor authentication typically combines “something you know” (such as a username and password
or pin) with “something you have” (such as a smart card or hardware token) to verify that users logging in
are who they say they are.
The city already had a two-factor authentication solution in place for remote access, but it was expensive.
Moreover, it needed a solution that would integrate with Active Directory (AD), and deployed easily across
the enterprise to more than 5,000 users.
The Quest Solution
The city’s IT group carefully evaluated solutions from five major vendors. Following extensive evaluation
and testing of the technologies available, Quest Defender emerged as the clear winner. Defender
bases all administration and identity management on Active Directory, thus it could use the city’s
existing investment in AD and eliminate the costs involved in setting up and maintaining the additional
infrastructure needed for other two-factor solutions. “We try to leverage existing investments whenever
possible,” stated Eaton. “Since Defender integrates so seamlessly with Active Directory we were able to
accomplish that in addition to being able to use Active Directory as the single source for authentication
credentials and management.” Moreover, Defender works with any OATH-compliant hardware token, and
is easy to roll out.
In addition, the IT group was pleased to find that Defender was compatible with encryption software it
also planned to deploy. “We were able to get all of it to work together seamlessly, which was a big plus for
us,” reported Eaton.
“Our users like Defender better than
passwords. They recognize that it actually
saves them time since they no longer
have to remember longer more complex
passwords or call the help desk for
password resets.”
– Steven Eaton
IS Information Security Manager
Oklahoma City
Overview
Headquarters
Oklahoma City, Oklahoma
Services
City services
Critical Needs
To improve network security by
implementing two-factor authentication
Solution
Quest® Defender
Results
Provides affordable two-factor
•
authentication for all employees
Improves user productivity by
•
eliminating the need to remember
longer more complex passwords
without sacrificing security
Enabled gradual, seamless rollout, with
•
token self-registration and temporary
token assignments
Case Study

2. The Bottom Line
Deployment of Defender has been nearly flawless for the city. . Because of Defender’s ZeroIMPACT
approach, the IT group has been able to perform a gradual, controlled migration to two-factor
authentication, resulting in 30% fewer issues than it had expected with other solutions. “We’ve been able
to roll out Defender department by department, which works well for us,” said Eaton. “We’ve already
deployed nearly 500 tokens, and we’ve had only two trouble calls.”
Defender’s self-registration feature has been one key to the city’s deployment success. Another is
Defender’s scripted auto install. “Defender’s deployment is virtually transparent to the end user,” said
Eaton. “Once everyone in a department has registered their tokens, we group their computers in the
system and ask these users to reboot,” explained Eaton. “The software is automatically installed, and the
users can start benefiting from Defender immediately.”
Defender has already improved productivity among users and the IT group by alleviating issues with
lost or forgotten tokens. “With our old solution, if users lose a token, they were dead in the water until
we could get them new ones,” stated Eaton. “With Defender, we can give the users a temporary token
and quickly get them back to work. Similarly, if vendors lose their tokens and need to VPN in to do some
work, we can grant access temporarily.”
Users who have moved from using passwords to the Defender two-factor authentication system have
also seen productivity improvements. “We had some initial pushback,” reported Eaton, “But now users
actually like it better than passwords. They recognize that it actually saves them time since they no
longer have to remember longer more complex passwords or call the help desk for password resets.”
The city plans to completely replace its former authentication solution with Defender, and appreciates
being able to do so gradually. “As each of the old tokens dies, we will replace it with a new Defender
token,” said Eaton. Oklahoma City has been pleased not only with the quality of the Defender solution,
but also with the responsiveness of Quest Support. “Whenever you deploy a new product, you run into
some problems, because every environment’s unique,” explained Eaton. “But Quest’s support staff bent
over backwards to get all of our problems resolved and worked through all our issues. We’re very happy
with Quest.”
About Oklahoma City
Founded in a single day on April 22, 1889, Oklahoma City has grown to a population of 558,000 residents.
At 621 square miles, this sprawling capital city is one of the largest cities in land area in the United States.
For more information, visit okc.gov.
About Quest Software, Inc.
Quest Software, Inc., a leading enterprise systems management vendor, delivers innovative products
that help organizations get more performance and productivity from their applications, databases,
Windows infrastructure, and virtual environments. Quest also provides customers with client
management through its ScriptLogic subsidiary and server virtualization management through its
Vizioncore subsidiary. Through a deep expertise in IT operations and a continued focus on what works
best, Quest helps more than 100,000 customers worldwide meet higher expectations for enterprise IT.
Quest Software can be found in offices around the globe and at www.quest.com.
Quest Software Incorporated. • To learn more about our solutions, contact your local sales representative
or visit www.quest.com • Headquarters: 5 Polaris Way, Aliso Viejo, CA 92656, USA
© 2009 Quest Software Incorporated. ALL RIGHTS RESERVED. Quest Software and Defender are trademarks and registered
trademarks of Quest Software, Inc. in the U.S.A. and/or other countries. All other trademarks and registered trademarks are
property of their respective owners.
CSW-OKC-Defender-US-MJ-032409
“We try to leverage existing investments
whenever possible. Since Defender
integrates so seamlessly with Active
Directory we were able to do that
in addition to being able to use
Active Directory as a single source
for authentication credentials and
management.”
– Steven Eaton
IS Information Security Manager
Oklahoma City