Building a Business Case for Hitachi ID Password Manager Purchase and Deployment

  • 355 views
Uploaded on

This document presents a sample business case for justifying purchase and deployment of Hitachi ID Password Manager. …

This document presents a sample business case for justifying purchase and deployment of Hitachi ID Password Manager.

Hitachi ID Password Manager addresses password management challenges, such as forgotten passwords and users who write down their passwords, with password synchronization, self-service password reset and assisted password reset.

Password management for thousands of users, across multiple systems, is a costly problem for most enterprises. Problems that arise from ineffective password management include:

- Support cost and meeting support SLA.
- Lost user productivity.
- Network security vulnerabilities.

http://hitachi-id.com/

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
355
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Building a Business Case for Hitachi ID Password Manager Purchase and Deployment © 2014 Hitachi ID Systems, Inc. All rights reserved.
  • 2. This document presents a sample business case for justifying purchase and deployment of Hitachi ID Password Manager. Hitachi ID Password Manager addresses password management challenges, such as forgotten passwords and users who write down their passwords, with password synchronization, self-service password reset and assisted password reset. Contents 1 Introduction 1 2 Executive Summary 2 2.1 Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.2 Cost savings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 3 Password Management Challenges 3 3.1 Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.2 User password problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.3 Assisted service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.4 Meeting SLA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.5 Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.6 Security impact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4 User populations with special problems 7 4.1 Mobile users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 4.2 Passwords for vendors and partners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 4.3 Language support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 4.4 Infrequently used systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 5 Cost impact 9 5.1 Support costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.1.1 Direct cost savings with Hitachi ID Password Manager . . . . . . . . . . . . . . . . 9 5.2 Improved user productivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.3 Support statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 6 Additional technology applications 11 6.1 System migrations, mergers and acquisitions . . . . . . . . . . . . . . . . . . . . . . . . . . 11 i
  • 3. Building a Business Case for Password Manager Purchase and Deployment 6.2 Managing authentication in e-business applications . . . . . . . . . . . . . . . . . . . . . . . 11 © 2014 Hitachi ID Systems, Inc. All rights reserved.
  • 4. Building a Business Case for Hitachi ID Password Manager Purchase and Deployment 1 Introduction This document presents a sample business case for justifying purchase and deployment of Hitachi ID Password Manager. Hitachi ID Password Manager addresses password management challenges, such as forgotten passwords and users who write down their passwords, with password synchronization, self-service password reset and assisted password reset. Password management for thousands of users, across multiple systems, is a costly problem for most enter- prises. Problems that arise from ineffective password management include: • Support cost and meeting support SLA. • Lost user productivity. • Network security vulnerabilities. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 1
  • 5. Building a Business Case for Password Manager Purchase and Deployment 2 Executive Summary The following table shows the historical and projected trend of password resets handled by this company’s help desk: Password targets Year 2005 Year 2006 Year 2007 Year 2008 Projected Year 2009 Projected NT/Active Directory Win2k Novell Unix AS/400 OS/390 Oracle PeopleSoft Lotus Notes Custom apps Total resets Cost of resets 2.1 Benefits Hitachi ID Password Manager eliminates password complexity, to reduce support cost, recover user produc- tivity, and improve systems security. Combined with Password Manager’s rapid deployment, these benefits yield positive ROI in just a few months: • Eliminate password problems for users, from AAA problems/month to BBB problems/month. • Reduce password-related IT support call volume, from CCC calls/month to DDD calls/month. • Shorten password problem resolution at the IT help desk, from EEE minutes/call to FFF minutes/call. • Help the support organization meet SLAs. 2.2 Cost savings Together, these benefits will yield direct support cost savings of: • $GGG/month to the support organization. • Productivity worth $HHH/month recovered for the user population. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 2
  • 6. Building a Business Case for Password Manager Purchase and Deployment • Total projected annual savings are $SSS. Hitachi ID Password Manager is scalable, and can support employees, contractors, vendors, partners and customers. 3 Password Management Challenges 3.1 Complexity Problem: Managing multiple passwords is complex: • Users have too many passwords. • Different passwords expire on different schedules. • Each password is subject to different rules about what constitutes an acceptable password value. • Some systems force password expiration, and others don’t. The Hitachi ID Password Manager solution: Password Manager eliminates password complexity with a number of core technologies: • Password synchronization: Password Manager helps users to maintain a single password, changed on a single schedule, on all of their login IDs. Users no longer have to remember many different passwords, each with different rules and on a different schedule. • Consistent password policy: With Password Manager, a user is presented with a single set of password rules that works on ev- ery system. This is easy to understand, so users have an easier time picking an acceptable new password. • Early warning of password expiration: Password Manager notifies users early and often that their password is about to expire, and they should change it. Even mobile users get ample warning, and can keep their passwords from expiring. • One password update screen for every system: With Password Manager, users can update any or all of their passwords from one place. This elimi- nates cryptic password screens hidden away in each system and application. 3.2 User password problems Problem: Despite the above measures, some users will still have password problems. For example, someone who comes back from a holiday may have forgotten a password they set weeks earlier. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 3
  • 7. Building a Business Case for Password Manager Purchase and Deployment The Hitachi ID Password Manager solution: Password Manager helps users who continue to have problems to resolve their own problems quickly and simply, without calling the help desk. Access to self- service password reset is available from the login prompt, any web browser, or a telephone. Users may be authenticated by answering a sequence of personal questions, using a hardware token, or with a biometric voice print match. 3.3 Assisted service Problem: Some users will call the help desk despite all of the above measures. The Hitachi ID Password Manager solution: For these users, the best outcome is expedited service – resolve the problem in one minute, rather than 10 or 20. Password Manager lets support analysts sign in themselves, look up a caller’s profile, authenticate the caller, reset any or all of the caller’s passwords, and automatically generate a support ticket, all from a single, streamlined web user interface. This facility also eliminates the need for support analysts to have administrative access to target systems, and generates extensive audit logs. 3.4 Meeting SLA Problem: Password resets come in huge fluctuations – they happen most often in the first hour of the day, usually on the first business day of the week. Support organizations have to be staffed for this peak of activity, but the rest of the time activity is less, so the staff hired to handle peak are wasted. Password resets are due to login problems, which can happen any time, any where, in a large enter- prise. Supporting password problems on these terms means that a team of empowered analysts must be available, on-call, 24x7. This is costly, and can exacerbate the turnover of staff who have administrative credentials. Peak support call volumes due to password resets can overload a help desk, and impede the ability of the support organization to deal with other, more strategic problem types. The Hitachi ID Password Manager solution: Eliminating the peak password reset call volume, and password call volume generally, is key to meeting SLA, as this is the most prevalent call type in most help desks. 3.5 Integration Problem: An effective solution must support all systems on a network, not just some, and must integrate with existing IT infrastructure. The Hitachi ID Password Manager solution: Password Manager comes with built-in integrations for over 60 types of target systems (network operating systems, mainframes, directories, ERP applications, mail systems, other applications, ASPs, etc.), plus other kinds of IT infrastructure: © 2014 Hitachi ID Systems, Inc.. All rights reserved. 4
  • 8. Building a Business Case for Password Manager Purchase and Deployment • Call tracking systems (automatically create, update, close tickets). • E-mail (for registration requests and activity notification). • Interactive voice response units (telephone access). • Tokens (manage SecurID, SafeWord devices). • H.R. databases (retrieve data for Q&A authentication). • Directories and meta directories (lookup and manage user profile data). • Portals (make Password Manager an integral part of any portal). • Network management systems (health monitoring, load balancing, etc.) 3.6 Security impact Problem: Users respond to password complexity in a number of ways, each of which has a security impact: • They pick trivial (easy to remember, easy to guess) passwords. • They avoid changing passwords. • They write down their passwords. When users forget their passwords, they call the help desk and ask for a password reset, which can also trigger security problems: • The user may not be authenticated by the support analyst, or the authentication process may be easy to defeat by an intruder (social engineering). • Too many front-line support analysts have the right to reset passwords. This proliferation of powerful credentials, in the hands of high-turnover staff, is dangerous. • Password resets may not be logged, so auditing is difficult. The Hitachi ID Password Manager solution: Password Manager eliminates many security problems that arise from ineffective password management: © 2014 Hitachi ID Systems, Inc.. All rights reserved. 5
  • 9. Building a Business Case for Password Manager Purchase and Deployment Before With Password Manager Written passwords Synchronized passwords are easy to remember: no need for sticky notes! Unchanging passwords Enforce global password changes. Easy-to-guess passwords Enforce a global, strong password policy. Unreliable caller authentication before an assisted password reset Require strong authentication prior to any password reset. Too many support analysts have administrator credentials Eliminate direct analyst access to target systems. No password reset audit logs Extensive audit logs, plus auto-generated support tickets. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 6
  • 10. Building a Business Case for Password Manager Purchase and Deployment 4 User populations with special problems Hitachi ID Password Manager effectively addresses the following special problems: 4.1 Mobile users Problem: Mobile users are especially difficult to support: • They may not sign into the network operating system regularly, so may not get early warning of password expiration. As a result, these users are frequently locked out, and require service. • They may require password resets on their own local PC, or on dial-up servers. This is technically challenging, as password management systems are centralized on the network. The Hitachi ID Password Manager solution: Password Manager provides mechanisms to allow remote users to reset their own passwords, including telephone access via Interactive Voice Response technology, and remote user access. 4.2 Passwords for vendors and partners Problem: Vendors and partners work off-site, and have similar problems to mobile users. As well, vendors and partners may access corporate systems infrequently, and forget their own passwords regularly. Some users who work for vendors and partners may make a password reset call every time they try to sign into the corporate systems. The Hitachi ID Password Manager solution: Password Manager makes it easy for vendors and partners to securely manage their own passwords. 4.3 Language support Problem: Global organizations must provide user support in multiple languages. Routine password man- agement and password resets must both be available in multiple languages – on the same server, for the same set of users and target systems, at the same time. The Hitachi ID Password Manager solution: Password Manager’s fully customizable interface is already available in multiple languages (English, Spanish, French, Dutch, and Japanese), and new languages are added on request. 4.4 Infrequently used systems Problem: When users sign into a system infrequently, they tend to forget the login process and password in the interval between logins. For example, a user who signs into a time tracking system just once a month may regularly forget that password, and so make regular password reset support calls. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 7
  • 11. Building a Business Case for Password Manager Purchase and Deployment The Hitachi ID Password Manager solution: Password Manager synchronizes passwords, giving users just one password to remember, and eliminating the problem. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 8
  • 12. Building a Business Case for Password Manager Purchase and Deployment 5 Cost impact 5.1 Support costs Most IT help desks report that: • 20% to 40% of total call volume is due to password resets. • These calls cost $25 to $35 to resolve. This can amount to a significant IT expense. 5.1.1 Direct cost savings with Password Manager Direct cost savings accrue from reduced workload, and reduced or reassigned head count, at the IT help desk. Support workload is reduced as follows: • Hitachi ID Password Manager addresses password complexity, and can significantly reduce the total number of password problems that users experience. Successful deployments can eliminate 80% or more of password problems. • Self-service directs some of the remaining password problems away from the help desk. Typically 60% or more of remaining password problems never reach the help desk. • The cost of remaining password reset calls is reduced, through a more streamlined call resolution process. Password calls are typically resolved by the help desk in about 1 minute with Password Manager. • Password Manager can eliminate the need to staff password support analysts on a 24x7 basis. • Password Manager significantly reduces the peak volume of password resets, especially in the morn- ing after weekends and holidays. This eliminates the need to staff the help desk for peak load, and underutilize that capacity at other times. Together, these benefits can reduce 90% or more of password-related IT support cost. 5.2 Improved user productivity Users typically spend twice as long with a password problem as the help desk. They try to sign in, fail to, try again, call the help desk, wait for service, identify themselves, authenticate, receive the service, perhaps wait for password propagation, and try to sign in again. The cost of user productivity, though not appearing on any single budget line item, amounts to about double the direct support cost. Hitachi ID Password Manager can recover this lost productivity, by eliminating problems before they start, by providing a self-service interface, and by make assisted resets more efficient. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 9
  • 13. Building a Business Case for Hitachi ID Password Manager Purchase and Deployment 5.3 Support statistics The following table shows the historical and projected trend of password resets handled by this company’s help desk: Password targets Year 2006 Year 2007 Year 2008 Projected Year 2009 Projected Year 2010 Projected NT/Active Directory Win2k Novell Unix AS/400 OS/390 Oracle PeopleSoft Lotus Notes Custom apps Total resets Cost of resets © 2014 Hitachi ID Systems, Inc.. All rights reserved. 10
  • 14. Building a Business Case for Hitachi ID Password Manager Purchase and Deployment 6 Additional technology applications 6.1 System migrations, mergers and acquisitions Hitachi ID Password Manager can assist in system migrations, or in mass movements of users between systems, as happens during mergers and acquisitions. Password Manager maintains a list of users on each system, and this data can be used to create batches of users on a new system. Password Manager password synchronization is an effective way to initialize passwords for new accounts given to existing users. Simply create a batch of new user IDs, each with a random password. Setup the new system as a password synchronization target system, and ask users (by e-mail) to change their password either on the Password Manager web user interface, or a password synchronization trigger system. This will cause the user’s selected new password to be applied to all of their accounts, including the new one. This process eliminates the need to give users default password values, or to e-mail initial passwords. It has been successfully used by Hitachi ID customers to activate thousands of users on new systems in a single, secure step. 6.2 Managing authentication in e-business applications Hitachi ID Password Manager is a hardened, Internet-ready application. It is suitable for deployment on a corporate Extranet, to support password management for outside, users, such as customers, partners or vendors. Password Manager is easy to integrate with other Extranet systems, such as subscription systems, CRM, etc. www.Hitachi-ID.com 500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com File: /pub/wp/documents/business-case/psynch/pwm-business-case-5.tex Date: 2009-03-09