The following table shows the historical and projected trend of password resets handled by this company's help desk:
|Password targets||Year 2005||Year 2006||Year 2007||Year 2008 Projected||Year 2009 Projected|
|Cost of resets|
Hitachi ID Password Manager eliminates password complexity, to reduce support cost, recover user productivity, and improve systems security. Combined with Password Manager's rapid deployment, these benefits yield positive ROI in just a few months:
- Eliminate password problems for users, from AAA problems/month to BBB problems/month.
- Reduce password-related IT support call volume, from CCC calls/month to DDD calls/month.
- Shorten password problem resolution at the IT help desk, from EEE minutes/call to FFF minutes/call.
- Help the support organization meet SLAs.
Together, these benefits will yield direct support cost savings of:
- $GGG /month to the support organization.
- Productivity worth $HHH /month recovered for the user population.
- Total projected annual savings are $SSS.
Password Manager is scalable, and can support employees, contractors, vendors, partners and customers.
Password Management Challenges
Problem: Managing multiple passwords is complex:
- Users have too many passwords.
- Different passwords expire on different schedules.
- Each password is subject to different rules about what constitutes an acceptable password value.
- Some systems force password expiration, and others don't.
The Password Manager solution: Password Manager eliminates password complexity with a number of core technologies:
- Password synchronization:
Password Manager helps users to maintain a single password, changed on a single schedule, on all of their login IDs. Users no longer have to remember many different passwords, each with different rules and on a different schedule.
- Consistent password policy:
With Password Manager, a user is presented with a single set of password rules that works on every system. This is easy to understand, so users have an easier time picking an acceptable new password.
- Early warning of password expiration:
Password Manager notifies users early and often that their password is about to expire, and they should change it. Even mobile users get ample warning, and can keep their passwords from expiring.
- One password update screen for every system:
With Password Manager, users can update any or all of their passwords from one place. This eliminates cryptic password screens hidden away in each system and application.
User password problems
Problem: Despite the above measures, some users will still have password problems. For example, someone who comes back from a holiday may have forgotten a password they set weeks earlier.
The Password Manager solution: Password Manager helps users who continue to have problems to resolve their own problems quickly and simply, without calling the help desk. Access to self-service password reset is available from the login prompt, any web browser, or a telephone. Users may be authenticated by answering a sequence of personal questions, using a hardware token, or with a biometric voice print match.
Problem: Some users will call the help desk despite all of the above measures.
The Password Manager solution: For these users, the best outcome is expedited service -- resolve the problem in one minute, rather than 10 or 20.
Password Manager lets support analysts sign in themselves, look up a caller's profile, authenticate the caller, reset any or all of the caller's passwords, and automatically generate a support ticket, all from a single, streamlined web user interface.
This facility also eliminates the need for support analysts to have administrative access to target systems, and generates extensive audit logs.
Problem: Password resets come in huge fluctuations -- they happen most often in the first hour of the day, usually on the first business day of the week. Support organizations have to be staffed for this peak of activity, but the rest of the time activity is less, so the staff hired to handle peak are wasted.
Password resets are due to login problems, which can happen any time, any where, in a large enterprise. Supporting password problems on these terms means that a team of empowered analysts must be available, on-call, 24x7. This is costly, and can exacerbate the turnover of staff who have administrative credentials.
Peak support call volumes due to password resets can overload a help desk, and impede the ability of the support organization to deal with other, more strategic problem types.
The Password Manager solution: Eliminating the peak password reset call volume, and password call volume generally, is key to meeting SLA, as this is the most prevalent call type in most help desks.
Problem: An effective solution must support all systems on a network, not just some, and must integrate with existing IT infrastructure.
The Password Manager solution: Password Manager comes with built-in integrations for over 60 types of target systems (network operating systems, mainframes, directories, ERP applications, mail systems, other applications, ASPs, etc.), plus other kinds of IT infrastructure:
- Call tracking systems (automatically create, update, close tickets).
- E-mail (for registration requests and activity notification).
- Interactive voice response units (telephone access).
- Tokens (manage SecurID, SafeWord devices).
- H.R. databases (retrieve data for Q&A authentication).
- Directories and meta directories (lookup and manage user profile data).
- Portals (make Password Manager an integral part of any portal).
- Network management systems (health monitoring, load balancing, etc.)
Problem: Users respond to password complexity in a number of ways, each of which has a security impact:
- They pick trivial (easy to remember, easy to guess) passwords.
- They avoid changing passwords.
- They write down their passwords.
When users forget their passwords, they call the help desk and ask for a password reset, which can also trigger security problems:
- The user may not be authenticated by the support analyst, or the authentication process may be easy to defeat by an intruder (social engineering).
- Too many front-line support analysts have the right to reset passwords. This proliferation of powerful credentials, in the hands of high-turnover staff, is dangerous.
- Password resets may not be logged, so auditing is difficult.
The Password Manager solution: Password Manager eliminates many security problems that arise from ineffective password management:
|Before||With Password Manager|
|Written passwords||Synchronized passwords are easy to remember: no need for sticky notes!|
|Unchanging passwords||Enforce global password changes.|
|Easy-to-guess passwords||Enforce a global, strong password policy.|
|Unreliable caller authentication before an assisted password reset||Require strong authentication prior to any password reset.|
|Too many support analysts have administrator credentials||Eliminate direct analyst access to target systems.|
|No password reset audit logs||Extensive audit logs, plus auto-generated support tickets.|