2. What are the CXO’s telling us? “ It’s too expensive and manual to make sure we’re addressing all the necessary regulations. And then we have to do it all over again for the next time.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
3. What are the CXO’s telling us? “ 25% of my help desk calls are related to resetting forgotten passwords!” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
4. What are the CXO’s telling us? “ There is just no budget to hire more IT administrators, but our user population is growing, particularly as we bring more customers/partners online.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
5. What are the CXO’s telling us? “ I still have accounts in my systems for users that are long gone!” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
6. What are the CXO’s telling us? “ As employees and partners change responsibilities they keep acquiring new system privileges with us while none are removed. How do I fix that?” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
7. What are the CXO’s telling us? “ Internal and external auditors need to see if you have sufficient control over your IT systems and access to private data. Auditors don’t care generally how much it costs.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors ’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
8. What are the CXO’s telling us? “ Enterprise architects hate to see the IT ‘wheel’ continually reinvented. IAM should be employed and managed as part of enterprise architecture.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
9. What are the CXO’s telling us? “ I don’t want to see my organization in the news.” Continuous Compliance Escalating Administration Costs Ghost User Accounts Auditors’ Requirements Leverage-able It Infrastructure Negative Security-Related Publicity Accumulating & Inappropriate Privileges Help Desk Overload
10. The Essence of Business Doing More with Less is no longer a temporary economic issue – it is here to stay. LESS BUDGET LESS STAFF SHORTER SCHEDULE REDUCE COSTS COSTS TIME MORE USERS MORE ACCESS MORE FLEXIBILITY MORE APPS MORE PARTNERS MUCH FASTER USERS TRANSACTIONS COMPETITIVE EDGE CONDUCT BUSINESS
11.
12.
13.
14. Employment Life Cycle What is the Cost of Quarterly Reorganization? ACCESS & TRANSACTIONS MANAGEMENT Hire Promotion Relocation Team Project Departure
15. IAM Business Drivers – The Complete Picture Increasing Efficiency Complying With Regulation Increasing Security Enabling Business
16. Exercise – Identify Your Business Drivers Move your current provisioning toward “Phase 2” Improve Enterprise Services, SOA & IAM integration Manage information risks Integrate enterprise security apps Increase customer and partner satisfaction Manage user life-cycle more effectively Increase IT productivity Secure company data Enable Web services Streamline business processes Reduce cost of IT resources Increase user satisfaction Comply with security regulations Weighted Average (Totaling 100%) Business Driver
17.
18.
19. Business Impact of IAM Functionality ESA Support Provisioning & Federated Identity User Satisfaction Audit Delegated Administration & Self-Service Password Management Single Sign-On Registration & Enrollment Authentication and Authorization Information Consolidation Regulatory Compliance Risk Management Operational Efficiency Cost Containment Business Facilitation
20.
21.
22.
23.
24.
25.
26. RON for Typical Identity Management Tool – Basic Input 1920 Number of Work Hours Per Year $90,850 Average Fully-Burdened Employee Salary (Salary + 15%) $90,850 Annual Fully-Burdened Salary for IT Staff Member (Salary +15%) 15% Rate of Moves, Adds and Changes (MACs) 10% Turnover rate per year (% of users) 10% Rate of growth per year (% of users) 10,000 Number of External Users (partners and customers) 3,000 Number of Internal Users (employees) Company Details
27. RON for Identity Management – Industry Standard Assumptions 14 Number of Hours From Request Through Resolution for Moves/Changes (MACs) 10 Number of Hours From Request Through Resolution (for New Account) 0.75 Number of Hours to Delete Obsolete User 1 Number of Hours to Handle Moves, Changes (MACs) 3 Number of Hours to Set up a New User Assumptions
28. RON for Single Sign-On – Basic Assumptions 1920 Number of Work Hours Per Year $69,000 Average Fully-Burden Employee Salary (Salary + 15%) $90,850 Annual Fully-Burden Salary for IT Staff Member (Salary +15%) 4 Average Number of Accounts per Internal User (Employee) 3,000 Number of Internal Users (employees) Company Details
29. RON for Single Sign-On – Industry Standard Assumptions 10.0 Average Length of Help Desk Call (Minutes) 2 Average Time to Trial and Error Forgotten Password Per User (minutes) 80% Average % of Incorrect Logins to be Solved by Trial and Error 10% Average % of Total Logins that Are Incorrect Out of Total Logins 0.50 Time Spent to Login to a Single Account (Minutes) Assumptions
30. RON for Single Sign-On – Avoidance Impact Results Calculations $485,156 Potential Lost Productivity (Due to Trial & Error) Costs Avoidance Related to SSO 75% % Lost User Productivity Cost Savings Provided by Single Sign-On $646,875 Total Cost of Lost Productivity (Due to Trial & Error of Forgotten Password) 3 Time Spent on Help Desk Calls Per User Per Year (hours) 3 Time Spent on Trial & Error Per User Per Year (hours) 20 Total Number of Incorrect Logins Solved by Help Desk Assistance Per User 80 Total Number of Incorrect Logins Solved by Trial & Error per User 100 Total Number of Incorrect Logins Per User Per Year Lost User Productivity Cost Due to Trial & Error of Forgotten Password $673,828 Potential Lost Productivity Costs Avoidance Related to SSO 75% % Lost User Productivity Cost Savings Provided by Single Sign-On $898,438 Cost of Lost Productivity (Due to Multiple Login Sessions) $36 Hourly Cost of Typical Employee 8 Number of Hours Spent on Login Sessions Per Internal User Per Year 1,000 Login Sessions Per User Per Year Lost User Productivity Cost Due to Multiple Login Sessions
31. RON for Web Access – Basic Input 1920 Number of Work Hours Per Year $90,850 Annual Fully-Burdened Salary for IT Staff Member (Salary +15%) 10 Number of Security Audits Per Year 15 Number of New Extranet Applications Per Year 10% Turnover Rate Per Year (% of users) 10% Rate of Growth per Year (% of users) 10,000 Number of External Users (partners and customers) Company Details
32. RON for Web Access – Industry Standard Assumptions 2 Average Number of Downtime Hours Per Year (Due to Security Breach) $30,000 Average Application Downtime Cost Per Hour (Due to Security Breach) 10.0 Average Length of Help Desk Call (Minutes) 30% Average % Help Desk Activity Related to Passwords 11 Average Number of Help Desk Calls Per User per Year $4,000 Average Cost of Security Audit $12,000 Average Access Control Development Cost Per Extranet/intranet Application Assumptions
33. RON for Avoidance Impact – Web Access $20,000 Potential Security Audits Costs Avoidance Related to Web Access Control 50% % Security Audits Cost Savings Provided by Web Access Control $40,000 Cost of Security Audits per Year Cost of Security Audits per Year $135,000 Potential Application Development Costs Avoidance Related to Web Access Control 75% % Application Development Cost Savings Provided by Web Access Control $180,000 Cost of Hard-Coding Access Control Cost of Application Development Time Associated with Access Control Results Calculations
34. RON for Avoidance Impact – Web Access CONTINUED $380,186 Total Potential for Cost Avoidance Related to Web Access Control $30,000 Potential Downtime Costs Avoidance Related to Web Access Control 50% % Downtime Cost Savings Provided by Web Access Control $60,000 Cost of Downtime Cost of Downtime Due to Attacks Caused by Unauthorized Access $195,186 Potential Extranets Help Desk Costs Avoidance Related to Web Access Control 75% % Extranets Help Desk Cost Savings Provided by Web Access Control $260,247 Cost of Help Desk Related to Extranets $47 Cost of IT Labor Per Hour 5,500 Total Time Spent by Help Desk staff on Passwords Related Calls Per Year (Hours) 33,000 Number of Help Desk Calls Related to Passwords Per Year 110,000 Number of Help Desk Calls Per Year Cost of Help-Desk (not using Self-Registration and Self-Service) Results Calculations
35. RON for Identity Management – Avoidance Impact $290,649 Potential IT Cost Avoidance Related to User Provisioning 90% % IT Cost Savings Provided by User Provisioning $322,943 Annual Cost of User Account Management by IT $47 Cost of IT Labor Per Hour 6825 Total Time Spent Annually on User Account Management (Hours) 1300 Number of Account Terminations Per Year 1950 Number of MACs per Year 1300 Number of New Users Per Year User Account Management Cost
36. RON for Identity Management – Avoidance Impact CONTINUED $510,676 Total Potential for Cost Avoidance Related to Admin $220,027 Potential Lost Productivity Cost Avoidance Related to User Provisioning 50% % Lost User Productivity Cost Savings Provided by User Provisioning $440,055 Total Lost Productivity Costs Per Year (Due to Account Management) $298,102 Cost of Lost Productivity For Existing Employees $141,953 Cost of Lost Productivity For New Employees $47 Hourly Cost of Typical Employee 450 Number of MACs per Year for Internal Users (Existing Employees) 300 Number of New Internal Users/Employees Per Year Lost User Productivity (Due to Account Management) Cost
37. Exercise – Building Your Own Financial Plan Estimates for your organization Where do I get the numbers from? Industry standard figures Rank financial drivers criteria by organizational importance