PDF

swipe to navigate

Executive Summary

The following table shows the historical and projected trend of password resets handled by this company's help desk:

Password targets Year 2005 Year 2006 Year 2007 Year 2008 Projected Year 2009 Projected
NT/Active Directory          
Win2k          
Novell          
Unix          
AS/400          
OS/390          
Oracle          
PeopleSoft          
Lotus Notes          
Custom apps          
Total resets          
Cost of resets          

Benefits

Hitachi ID Password Manager eliminates password complexity, to reduce support cost, recover user productivity, and improve systems security. Combined with Password Manager's rapid deployment, these benefits yield positive ROI in just a few months:

  • Eliminate password problems for users, from AAA problems/month to BBB problems/month.
  • Reduce password-related IT support call volume, from CCC calls/month to DDD calls/month.
  • Shorten password problem resolution at the IT help desk, from EEE minutes/call to FFF minutes/call.
  • Help the support organization meet SLAs.

Cost savings

Together, these benefits will yield direct support cost savings of:

  • $GGG /month to the support organization.
  • Productivity worth $HHH /month recovered for the user population.
  • Total projected annual savings are $SSS.

Password Manager is scalable, and can support employees, contractors, vendors, partners and customers.

Password Management Challenges

Complexity

Problem: Managing multiple passwords is complex:

  • Users have too many passwords.
  • Different passwords expire on different schedules.
  • Each password is subject to different rules about what constitutes an acceptable password value.
  • Some systems force password expiration, and others don't.

The Password Manager solution: Password Manager eliminates password complexity with a number of core technologies:

  • Password synchronization:

    Password Manager helps users to maintain a single password, changed on a single schedule, on all of their login IDs. Users no longer have to remember many different passwords, each with different rules and on a different schedule.

  • Consistent password policy:

    With Password Manager, a user is presented with a single set of password rules that works on every system. This is easy to understand, so users have an easier time picking an acceptable new password.

  • Early warning of password expiration:

    Password Manager notifies users early and often that their password is about to expire, and they should change it. Even mobile users get ample warning, and can keep their passwords from expiring.

  • One password update screen for every system:

    With Password Manager, users can update any or all of their passwords from one place. This eliminates cryptic password screens hidden away in each system and application.

User password problems

Problem: Despite the above measures, some users will still have password problems. For example, someone who comes back from a holiday may have forgotten a password they set weeks earlier.

The Password Manager solution: Password Manager helps users who continue to have problems to resolve their own problems quickly and simply, without calling the help desk. Access to self-service password reset is available from the login prompt, any web browser, or a telephone. Users may be authenticated by answering a sequence of personal questions, using a hardware token, or with a biometric voice print match.

Assisted service

Problem: Some users will call the help desk despite all of the above measures.

The Password Manager solution: For these users, the best outcome is expedited service -- resolve the problem in one minute, rather than 10 or 20.

Password Manager lets support analysts sign in themselves, look up a caller's profile, authenticate the caller, reset any or all of the caller's passwords, and automatically generate a support ticket, all from a single, streamlined web user interface.

This facility also eliminates the need for support analysts to have administrative access to target systems, and generates extensive audit logs.

Meeting SLA

Problem: Password resets come in huge fluctuations -- they happen most often in the first hour of the day, usually on the first business day of the week. Support organizations have to be staffed for this peak of activity, but the rest of the time activity is less, so the staff hired to handle peak are wasted.

Password resets are due to login problems, which can happen any time, any where, in a large enterprise. Supporting password problems on these terms means that a team of empowered analysts must be available, on-call, 24x7. This is costly, and can exacerbate the turnover of staff who have administrative credentials.

Peak support call volumes due to password resets can overload a help desk, and impede the ability of the support organization to deal with other, more strategic problem types.

The Password Manager solution: Eliminating the peak password reset call volume, and password call volume generally, is key to meeting SLA, as this is the most prevalent call type in most help desks.

Integration

Problem: An effective solution must support all systems on a network, not just some, and must integrate with existing IT infrastructure.

The Password Manager solution: Password Manager comes with built-in integrations for over 60 types of target systems (network operating systems, mainframes, directories, ERP applications, mail systems, other applications, ASPs, etc.), plus other kinds of IT infrastructure:

  • Call tracking systems (automatically create, update, close tickets).
  • E-mail (for registration requests and activity notification).
  • Interactive voice response units (telephone access).
  • Tokens (manage SecurID, SafeWord devices).
  • H.R. databases (retrieve data for Q&A authentication).
  • Directories and meta directories (lookup and manage user profile data).
  • Portals (make Password Manager an integral part of any portal).
  • Network management systems (health monitoring, load balancing, etc.)

Security impact

Problem: Users respond to password complexity in a number of ways, each of which has a security impact:

  • They pick trivial (easy to remember, easy to guess) passwords.
  • They avoid changing passwords.
  • They write down their passwords.

When users forget their passwords, they call the help desk and ask for a password reset, which can also trigger security problems:

  • The user may not be authenticated by the support analyst, or the authentication process may be easy to defeat by an intruder (social engineering).
  • Too many front-line support analysts have the right to reset passwords. This proliferation of powerful credentials, in the hands of high-turnover staff, is dangerous.
  • Password resets may not be logged, so auditing is difficult.

The Password Manager solution: Password Manager eliminates many security problems that arise from ineffective password management:

Before With Password Manager
Written passwords Synchronized passwords are easy to remember: no need for sticky notes!
Unchanging passwords Enforce global password changes.
Easy-to-guess passwords Enforce a global, strong password policy.
Unreliable caller authentication before an assisted password reset Require strong authentication prior to any password reset.
Too many support analysts have administrator credentials Eliminate direct analyst access to target systems.
No password reset audit logs Extensive audit logs, plus auto-generated support tickets.

PDF

Comment via LinkedIn