The term "security" has always been vital in the airline industry. And as we continue to move more and more employee information online, the term takes on additional layers of meaning.

With "single sign-on" access to online benefits enrollment and payroll information — both currently for domestic employees, but eventually to be rolled out systemwide — coming in October, questions about online security are more widespread among employee groups.

But explaining online security processes — which often leads to technical professionals tossing around terms like infrastructure, firewall and Secure Sockets Layer — can sometimes seem more complex than actually implementing those processes.

"When we're explaining airport security to customers," says IT security manager Scott Pettigrew, "it's a matter of physically designating checkpoints. You stop here, we wave a wand there, you answer questions over there."

"With online security, we can't do that," says Pettigrew.

For instance, how many of you stopped briefly in that second paragraph above to wonder, "what is single sign-on?" Okay, let's start there.

Explaining Single Sign-On
At its most basic level, single sign-on (SSO) means allowing employees to log in to Jetnet one time — using one password — in order to access all their personal information.

"More technically speaking," says senior security architect Michael Frederick, "it's combining into one single process the actions of user identification, authentication and authorization. Identification answers the question 'Who am I?' while authentication answers the related question, 'Are you who you say you are?' Meanwhile, authorization answers the question 'Do I have access privileges to the information I'm requesting?'"

So essentially, SSO means providing one single network identity for each employee, which is important for several reasons. First, SSO reduces the chances for human error, which in turn increases corporate productivity. The less time everyone spends juggling — or, let's face it, trying to remember — multiple passwords, the better off we all are.

But more importantly, says Jetnet project manager Sarah Wagner, providing SSO is a direct response to what employees want. "We've received thousands of questions and comments since we re-launched Jetnet's new look in April," says Wagner. "By far — and it's not even close — the most common complaint has been 'there are too many passwords.' SSO addresses that."

But providing the simplicity of SSO also presents additional responsibility for each individual employee.

For instance, many employees may currently use an obvious password — a spouse's or pet's name, for example — or write the password on a post-it note stuck somewhere in the work area. "This breaks down the reason passwords are there in the first place and makes all our information systems less secure," says Frederick.

Or in some instances, employees may be tempted to share their password with a trusted co-worker. "Of course, that's never happened here, since it violates corporate policy," says Wagner with just the barest hint of an ironic grin.

Would You Leave Your House Unlocked?
Using obvious passwords, writing them down, sharing them — these are all practices which will have to stop in order for SSO to remain a truly secure process.

Returning to the airport security comparison, Pettigrew says, "As responsible employees, we all know what we can't bring on a plane these days. This is similar — a list of what not to 'bring online' with you. We expect our employees to be as respectful of online security as we all are of airport security."

"The same concept applies," continues Pettigrew, "if you leave your house without locking it or walk away from an ATM while your card is still in it. As a responsible person who knows better, you choose to lock your doors and to take your ATM card with you. Passwords 'lock your online doors.' No technology can protect us from ourselves."

Personal responsibility is especially important when employees access information on public or shared computers such as Jetsets. For that reason, an extra layer of security has been added — an automatic timeout after 15 minutes of inactivity.

"We know this can be frustrating to employees who use Jetnet constantly throughout the day rather than occasionally," says Wagner. "But, frankly, that's a fairly small percentage of our employees, and in the interest of overall security, this is the best solution."

"Just like we all have to be patient as we stand in longer airport security lines these days," says Pettigrew, "We have to be patient and understand that online, overall system security is more important than the convenience of an individual."

So how can you tell if you're using a secure site? Just check the bottom of the browser — that's the Web program, such as Microsoft Internet Explorer or Netscape — you are using; depending on which browser you have, you will see a lock or a key.

If the lock is locked or the key is solid, then the site is secured through Secure Sockets Layer (SSL) technology, which encrypts or scrambles the information so it cannot be read by anyone other than you.

Oops ... we threw some of that technical jargon at you after all ...

Security Awareness Program Underway
Over the next several months, Jetnet will be presenting additional stories about the information security awareness program currently underway. A special section of Jetnet will be provided to gather this information in one area.

If you have any concerns about SSO or about the overall awareness program, please contact IT Security.

• Jetnet Privacy Policy: Review the standard terms of responsibility each employee agrees to by signing on to and using Jetnet.
• ITS Acceptable Use Policy: Review additional information regarding appropriate use of corporate information assets and systems.

NOTE: The "Explaining SSL" content linked to above is no longer available.