building a business case for hitachi id password manager purchase and deployment

Building a Business Case

for Hitachi ID Password Manager

Purchase and Deployment

© 2014 Hitachi ID Systems, Inc. All rights reserved.

http://Hitachi-ID.com/

http://Hitachi.com/

This document presents a sample business case for justifying purchase and deployment of Hitachi IDPassword Manager.

Hitachi ID Password Manager addresses password management challenges, such as forgotten passwordsand users who write down their passwords, with password synchronization, self-service password reset andassisted password reset.

Contents

1 Introduction 1

2 Executive Summary 2

2.1 Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2.2 Cost savings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

3 Password Management Challenges 3

3.1 Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

3.2 User password problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

3.3 Assisted service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

3.4 Meeting SLA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

3.5 Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

3.6 Security impact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

4 User populations with special problems 7

4.1 Mobile users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

4.2 Passwords for vendors and partners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

4.3 Language support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

4.4 Infrequently used systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

5 Cost impact 9

5.1 Support costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

5.1.1 Direct cost savings with Hitachi ID Password Manager . . . . . . . . . . . . . . . . 9

5.2 Improved user productivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

5.3 Support statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

6 Additional technology applications 11

6.1 System migrations, mergers and acquisitions . . . . . . . . . . . . . . . . . . . . . . . . . . 11

i

Building a Business Case for Password Manager Purchase and Deployment

6.2 Managing authentication in e-business applications . . . . . . . . . . . . . . . . . . . . . . . 11

© 2014 Hitachi ID Systems, Inc. All rights reserved.


Building a Business Case for Hitachi ID Password Manager Purchase and Deployment

1 Introduction

This document presents a sample business case for justifying purchase and deployment of Hitachi IDPassword Manager.

Hitachi ID Password Manager addresses password management challenges, such as forgotten passwordsand users who write down their passwords, with password synchronization, self-service password reset andassisted password reset.

Password management for thousands of users, across multiple systems, is a costly problem for most enter-prises. Problems that arise from ineffective password management include:

• Support cost and meeting support SLA.

• Lost user productivity.

• Network security vulnerabilities.

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 1


2 Executive Summary

The following table shows the historical and projected trend of password resets handled by this company’shelp desk:

Password targets Year 2005 Year 2006 Year 2007 Year 2008Projected

Year 2009Projected

NT/Active Directory

Win2k

Novell

Unix

AS/400

OS/390

Oracle

PeopleSoft

Lotus Notes

Custom apps

Total resets

Cost of resets

2.1 Benefits

Hitachi ID Password Manager eliminates password complexity, to reduce support cost, recover user produc-tivity, and improve systems security. Combined with Password Manager’s rapid deployment, these benefitsyield positive ROI in just a few months:

• Eliminate password problems for users, from AAA problems/month to BBB problems/month.

• Reduce password-related IT support call volume, from CCC calls/month to DDD calls/month.

• Shorten password problem resolution at the IT help desk, from EEE minutes/call to FFF minutes/call.

• Help the support organization meet SLAs.

2.2 Cost savings

Together, these benefits will yield direct support cost savings of:

• $GGG/month to the support organization.

• Productivity worth $HHH/month recovered for the user population.



• Total projected annual savings are $SSS.

Hitachi ID Password Manager is scalable, and can support employees, contractors, vendors, partners andcustomers.

3 Password Management Challenges

3.1 Complexity

Problem: Managing multiple passwords is complex:

• Users have too many passwords.

• Different passwords expire on different schedules.

• Each password is subject to different rules about what constitutes an acceptable password value.

• Some systems force password expiration, and others don’t.

The Hitachi ID Password Manager solution: Password Manager eliminates password complexity with anumber of core technologies:

• Password synchronization:

Password Manager helps users to maintain a single password, changed on a single schedule, on allof their login IDs. Users no longer have to remember many different passwords, each with differentrules and on a different schedule.

• Consistent password policy:

With Password Manager, a user is presented with a single set of password rules that works on ev-ery system. This is easy to understand, so users have an easier time picking an acceptable newpassword.

• Early warning of password expiration:

Password Manager notifies users early and often that their password is about to expire, and theyshould change it. Even mobile users get ample warning, and can keep their passwords from expiring.

• One password update screen for every system:

With Password Manager, users can update any or all of their passwords from one place. This elimi-nates cryptic password screens hidden away in each system and application.

3.2 User password problems

Problem: Despite the above measures, some users will still have password problems. For example,someone who comes back from a holiday may have forgotten a password they set weeks earlier.



The Hitachi ID Password Manager solution: Password Manager helps users who continue to haveproblems to resolve their own problems quickly and simply, without calling the help desk. Access to self-service password reset is available from the login prompt, any web browser, or a telephone. Users may beauthenticated by answering a sequence of personal questions, using a hardware token, or with a biometricvoice print match.

3.3 Assisted service

Problem: Some users will call the help desk despite all of the above measures.

The Hitachi ID Password Manager solution: For these users, the best outcome is expedited service –resolve the problem in one minute, rather than 10 or 20.

Password Manager lets support analysts sign in themselves, look up a caller’s profile, authenticate thecaller, reset any or all of the caller’s passwords, and automatically generate a support ticket, all from asingle, streamlined web user interface.

This facility also eliminates the need for support analysts to have administrative access to target systems,and generates extensive audit logs.

3.4 Meeting SLA

Problem: Password resets come in huge fluctuations – they happen most often in the first hour of theday, usually on the first business day of the week. Support organizations have to be staffed for this peak ofactivity, but the rest of the time activity is less, so the staff hired to handle peak are wasted.

Password resets are due to login problems, which can happen any time, any where, in a large enter-prise. Supporting password problems on these terms means that a team of empowered analysts must beavailable, on-call, 24x7. This is costly, and can exacerbate the turnover of staff who have administrativecredentials.

Peak support call volumes due to password resets can overload a help desk, and impede the ability of thesupport organization to deal with other, more strategic problem types.

The Hitachi ID Password Manager solution: Eliminating the peak password reset call volume, andpassword call volume generally, is key to meeting SLA, as this is the most prevalent call type in most helpdesks.

3.5 Integration

Problem: An effective solution must support all systems on a network, not just some, and must integratewith existing IT infrastructure.

The Hitachi ID Password Manager solution: Password Manager comes with built-in integrations for over60 types of target systems (network operating systems, mainframes, directories, ERP applications, mailsystems, other applications, ASPs, etc.), plus other kinds of IT infrastructure:



• Call tracking systems (automatically create, update, close tickets).

• E-mail (for registration requests and activity notification).

• Interactive voice response units (telephone access).

• Tokens (manage SecurID, SafeWord devices).

• H.R. databases (retrieve data for Q&A authentication).

• Directories and meta directories (lookup and manage user profile data).

• Portals (make Password Manager an integral part of any portal).

• Network management systems (health monitoring, load balancing, etc.)

3.6 Security impact

Problem: Users respond to password complexity in a number of ways, each of which has a securityimpact:

• They pick trivial (easy to remember, easy to guess) passwords.

• They avoid changing passwords.

• They write down their passwords.

When users forget their passwords, they call the help desk and ask for a password reset, which can alsotrigger security problems:

• The user may not be authenticated by the support analyst, or the authentication process may be easyto defeat by an intruder (social engineering).

• Too many front-line support analysts have the right to reset passwords. This proliferation of powerfulcredentials, in the hands of high-turnover staff, is dangerous.

• Password resets may not be logged, so auditing is difficult.

The Hitachi ID Password Manager solution: Password Manager eliminates many security problems thatarise from ineffective password management:



Before With Password Manager

Written passwords Synchronized passwords are easy toremember: no need for sticky notes!

Unchanging passwords Enforce global password changes.

Easy-to-guess passwords Enforce a global, strong password policy.

Unreliable caller authentication before anassisted password reset

Require strong authentication prior to anypassword reset.

Too many support analysts haveadministrator credentials

Eliminate direct analyst access to targetsystems.

No password reset audit logs Extensive audit logs, plus auto-generatedsupport tickets.



4 User populations with special problems

Hitachi ID Password Manager effectively addresses the following special problems:

4.1 Mobile users

Problem: Mobile users are especially difficult to support:

• They may not sign into the network operating system regularly, so may not get early warning ofpassword expiration. As a result, these users are frequently locked out, and require service.

• They may require password resets on their own local PC, or on dial-up servers. This is technicallychallenging, as password management systems are centralized on the network.

The Hitachi ID Password Manager solution: Password Manager provides mechanisms to allow remoteusers to reset their own passwords, including telephone access via Interactive Voice Response technology,and remote user access.

4.2 Passwords for vendors and partners

Problem: Vendors and partners work off-site, and have similar problems to mobile users. As well, vendorsand partners may access corporate systems infrequently, and forget their own passwords regularly. Someusers who work for vendors and partners may make a password reset call every time they try to sign intothe corporate systems.

The Hitachi ID Password Manager solution: Password Manager makes it easy for vendors and partnersto securely manage their own passwords.

4.3 Language support

Problem: Global organizations must provide user support in multiple languages. Routine password man-agement and password resets must both be available in multiple languages – on the same server, for thesame set of users and target systems, at the same time.

The Hitachi ID Password Manager solution: Password Manager’s fully customizable interface is alreadyavailable in multiple languages (English, Spanish, French, Dutch, and Japanese), and new languages areadded on request.

4.4 Infrequently used systems

Problem: When users sign into a system infrequently, they tend to forget the login process and passwordin the interval between logins. For example, a user who signs into a time tracking system just once a monthmay regularly forget that password, and so make regular password reset support calls.



The Hitachi ID Password Manager solution: Password Manager synchronizes passwords, giving usersjust one password to remember, and eliminating the problem.



5 Cost impact

5.1 Support costs

Most IT help desks report that:

• 20% to 40% of total call volume is due to password resets.

• These calls cost $25 to $35 to resolve.

This can amount to a significant IT expense.

5.1.1 Direct cost savings with Password Manager

Direct cost savings accrue from reduced workload, and reduced or reassigned head count, at the IT helpdesk. Support workload is reduced as follows:

• Hitachi ID Password Manager addresses password complexity, and can significantly reduce the totalnumber of password problems that users experience. Successful deployments can eliminate 80% ormore of password problems.

• Self-service directs some of the remaining password problems away from the help desk. Typically60% or more of remaining password problems never reach the help desk.

• The cost of remaining password reset calls is reduced, through a more streamlined call resolutionprocess. Password calls are typically resolved by the help desk in about 1 minute with PasswordManager.

• Password Manager can eliminate the need to staff password support analysts on a 24x7 basis.

• Password Manager significantly reduces the peak volume of password resets, especially in the morn-ing after weekends and holidays. This eliminates the need to staff the help desk for peak load, andunderutilize that capacity at other times.

Together, these benefits can reduce 90% or more of password-related IT support cost.

5.2 Improved user productivity

Users typically spend twice as long with a password problem as the help desk. They try to sign in, fail to, tryagain, call the help desk, wait for service, identify themselves, authenticate, receive the service, perhapswait for password propagation, and try to sign in again.

The cost of user productivity, though not appearing on any single budget line item, amounts to about doublethe direct support cost.

Hitachi ID Password Manager can recover this lost productivity, by eliminating problems before they start,by providing a self-service interface, and by make assisted resets more efficient.



5.3 Support statistics

The following table shows the historical and projected trend of password resets handled by this company’shelp desk:

Password targets Year 2006 Year 2007 Year 2008Projected

Year 2009Projected

Year 2010Projected

NT/Active Directory

Win2k

Novell

Unix

AS/400

OS/390

Oracle

PeopleSoft

Lotus Notes

Custom apps

Total resets

Cost of resets



6 Additional technology applications

6.1 System migrations, mergers and acquisitions

Hitachi ID Password Manager can assist in system migrations, or in mass movements of users betweensystems, as happens during mergers and acquisitions.

Password Manager maintains a list of users on each system, and this data can be used to create batchesof users on a new system.

Password Manager password synchronization is an effective way to initialize passwords for new accountsgiven to existing users. Simply create a batch of new user IDs, each with a random password. Setup the newsystem as a password synchronization target system, and ask users (by e-mail) to change their passwordeither on the Password Manager web user interface, or a password synchronization trigger system. Thiswill cause the user’s selected new password to be applied to all of their accounts, including the new one.

This process eliminates the need to give users default password values, or to e-mail initial passwords. Ithas been successfully used by Hitachi ID customers to activate thousands of users on new systems in asingle, secure step.

6.2 Managing authentication in e-business applications

Hitachi ID Password Manager is a hardened, Internet-ready application. It is suitable for deployment on acorporate Extranet, to support password management for outside, users, such as customers, partners orvendors.

Password Manager is easy to integrate with other Extranet systems, such as subscription systems, CRM,etc.

www.Hitachi-ID.com

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: [email protected]

File: /pub/wp/documents/business-case/psynch/pwm-business-case-5.texDate: 2009-03-09


building a business case for hitachi id password manager purchase and deployment

Technology

password complexity

password synchronization

assisted password

single password

selfservice password

password manager noties

user password problems3

password targets year