This document presents a sample business case for justifying purchase and deployment of Hitachi ID Password Manager.
Hitachi ID Password Manager addresses password management challenges, such as forgotten passwords and users who write down their passwords, with password synchronization, self-service password reset and assisted password reset.
Password management for thousands of users, across multiple systems, is a costly problem for most enterprises. Problems that arise from ineffective password management include:
- Support cost and meeting support SLA.
- Lost user productivity.
- Network security vulnerabilities.
http://hitachi-id.com/
3. Building a Business Case for Password Manager Purchase and Deployment
6.2 Managing authentication in e-business applications . . . . . . . . . . . . . . . . . . . . . . . 11
Š 2014 Hitachi ID Systems, Inc. All rights reserved.
4. Building a Business Case for Hitachi ID Password Manager Purchase and Deployment
1 Introduction
This document presents a sample business case for justifying purchase and deployment of Hitachi ID
Password Manager.
Hitachi ID Password Manager addresses password management challenges, such as forgotten passwords
and users who write down their passwords, with password synchronization, self-service password reset and
assisted password reset.
Password management for thousands of users, across multiple systems, is a costly problem for most enter-
prises. Problems that arise from ineffective password management include:
⢠Support cost and meeting support SLA.
⢠Lost user productivity.
⢠Network security vulnerabilities.
Š 2014 Hitachi ID Systems, Inc.. All rights reserved. 1
5. Building a Business Case for Password Manager Purchase and Deployment
2 Executive Summary
The following table shows the historical and projected trend of password resets handled by this companyâs
help desk:
Password targets Year 2005 Year 2006 Year 2007 Year 2008
Projected
Year 2009
Projected
NT/Active Directory
Win2k
Novell
Unix
AS/400
OS/390
Oracle
PeopleSoft
Lotus Notes
Custom apps
Total resets
Cost of resets
2.1 BeneďŹts
Hitachi ID Password Manager eliminates password complexity, to reduce support cost, recover user produc-
tivity, and improve systems security. Combined with Password Managerâs rapid deployment, these beneďŹts
yield positive ROI in just a few months:
⢠Eliminate password problems for users, from AAA problems/month to BBB problems/month.
⢠Reduce password-related IT support call volume, from CCC calls/month to DDD calls/month.
⢠Shorten password problem resolution at the IT help desk, from EEE minutes/call to FFF minutes/call.
⢠Help the support organization meet SLAs.
2.2 Cost savings
Together, these beneďŹts will yield direct support cost savings of:
⢠$GGG/month to the support organization.
⢠Productivity worth $HHH/month recovered for the user population.
Š 2014 Hitachi ID Systems, Inc.. All rights reserved. 2
6. Building a Business Case for Password Manager Purchase and Deployment
⢠Total projected annual savings are $SSS.
Hitachi ID Password Manager is scalable, and can support employees, contractors, vendors, partners and
customers.
3 Password Management Challenges
3.1 Complexity
Problem: Managing multiple passwords is complex:
⢠Users have too many passwords.
⢠Different passwords expire on different schedules.
⢠Each password is subject to different rules about what constitutes an acceptable password value.
⢠Some systems force password expiration, and others donât.
The Hitachi ID Password Manager solution: Password Manager eliminates password complexity with a
number of core technologies:
⢠Password synchronization:
Password Manager helps users to maintain a single password, changed on a single schedule, on all
of their login IDs. Users no longer have to remember many different passwords, each with different
rules and on a different schedule.
⢠Consistent password policy:
With Password Manager, a user is presented with a single set of password rules that works on ev-
ery system. This is easy to understand, so users have an easier time picking an acceptable new
password.
⢠Early warning of password expiration:
Password Manager notiďŹes users early and often that their password is about to expire, and they
should change it. Even mobile users get ample warning, and can keep their passwords from expiring.
⢠One password update screen for every system:
With Password Manager, users can update any or all of their passwords from one place. This elimi-
nates cryptic password screens hidden away in each system and application.
3.2 User password problems
Problem: Despite the above measures, some users will still have password problems. For example,
someone who comes back from a holiday may have forgotten a password they set weeks earlier.
Š 2014 Hitachi ID Systems, Inc.. All rights reserved. 3
7. Building a Business Case for Password Manager Purchase and Deployment
The Hitachi ID Password Manager solution: Password Manager helps users who continue to have
problems to resolve their own problems quickly and simply, without calling the help desk. Access to self-
service password reset is available from the login prompt, any web browser, or a telephone. Users may be
authenticated by answering a sequence of personal questions, using a hardware token, or with a biometric
voice print match.
3.3 Assisted service
Problem: Some users will call the help desk despite all of the above measures.
The Hitachi ID Password Manager solution: For these users, the best outcome is expedited service â
resolve the problem in one minute, rather than 10 or 20.
Password Manager lets support analysts sign in themselves, look up a callerâs proďŹle, authenticate the
caller, reset any or all of the callerâs passwords, and automatically generate a support ticket, all from a
single, streamlined web user interface.
This facility also eliminates the need for support analysts to have administrative access to target systems,
and generates extensive audit logs.
3.4 Meeting SLA
Problem: Password resets come in huge ďŹuctuations â they happen most often in the ďŹrst hour of the
day, usually on the ďŹrst business day of the week. Support organizations have to be staffed for this peak of
activity, but the rest of the time activity is less, so the staff hired to handle peak are wasted.
Password resets are due to login problems, which can happen any time, any where, in a large enter-
prise. Supporting password problems on these terms means that a team of empowered analysts must be
available, on-call, 24x7. This is costly, and can exacerbate the turnover of staff who have administrative
credentials.
Peak support call volumes due to password resets can overload a help desk, and impede the ability of the
support organization to deal with other, more strategic problem types.
The Hitachi ID Password Manager solution: Eliminating the peak password reset call volume, and
password call volume generally, is key to meeting SLA, as this is the most prevalent call type in most help
desks.
3.5 Integration
Problem: An effective solution must support all systems on a network, not just some, and must integrate
with existing IT infrastructure.
The Hitachi ID Password Manager solution: Password Manager comes with built-in integrations for over
60 types of target systems (network operating systems, mainframes, directories, ERP applications, mail
systems, other applications, ASPs, etc.), plus other kinds of IT infrastructure:
Š 2014 Hitachi ID Systems, Inc.. All rights reserved. 4
8. Building a Business Case for Password Manager Purchase and Deployment
⢠Call tracking systems (automatically create, update, close tickets).
⢠E-mail (for registration requests and activity notiďŹcation).
⢠Interactive voice response units (telephone access).
⢠Tokens (manage SecurID, SafeWord devices).
⢠H.R. databases (retrieve data for Q&A authentication).
⢠Directories and meta directories (lookup and manage user proďŹle data).
⢠Portals (make Password Manager an integral part of any portal).
⢠Network management systems (health monitoring, load balancing, etc.)
3.6 Security impact
Problem: Users respond to password complexity in a number of ways, each of which has a security
impact:
⢠They pick trivial (easy to remember, easy to guess) passwords.
⢠They avoid changing passwords.
⢠They write down their passwords.
When users forget their passwords, they call the help desk and ask for a password reset, which can also
trigger security problems:
⢠The user may not be authenticated by the support analyst, or the authentication process may be easy
to defeat by an intruder (social engineering).
⢠Too many front-line support analysts have the right to reset passwords. This proliferation of powerful
credentials, in the hands of high-turnover staff, is dangerous.
⢠Password resets may not be logged, so auditing is difďŹcult.
The Hitachi ID Password Manager solution: Password Manager eliminates many security problems that
arise from ineffective password management:
Š 2014 Hitachi ID Systems, Inc.. All rights reserved. 5
9. Building a Business Case for Password Manager Purchase and Deployment
Before With Password Manager
Written passwords Synchronized passwords are easy to
remember: no need for sticky notes!
Unchanging passwords Enforce global password changes.
Easy-to-guess passwords Enforce a global, strong password policy.
Unreliable caller authentication before an
assisted password reset
Require strong authentication prior to any
password reset.
Too many support analysts have
administrator credentials
Eliminate direct analyst access to target
systems.
No password reset audit logs Extensive audit logs, plus auto-generated
support tickets.
Š 2014 Hitachi ID Systems, Inc.. All rights reserved. 6
10. Building a Business Case for Password Manager Purchase and Deployment
4 User populations with special problems
Hitachi ID Password Manager effectively addresses the following special problems:
4.1 Mobile users
Problem: Mobile users are especially difďŹcult to support:
⢠They may not sign into the network operating system regularly, so may not get early warning of
password expiration. As a result, these users are frequently locked out, and require service.
⢠They may require password resets on their own local PC, or on dial-up servers. This is technically
challenging, as password management systems are centralized on the network.
The Hitachi ID Password Manager solution: Password Manager provides mechanisms to allow remote
users to reset their own passwords, including telephone access via Interactive Voice Response technology,
and remote user access.
4.2 Passwords for vendors and partners
Problem: Vendors and partners work off-site, and have similar problems to mobile users. As well, vendors
and partners may access corporate systems infrequently, and forget their own passwords regularly. Some
users who work for vendors and partners may make a password reset call every time they try to sign into
the corporate systems.
The Hitachi ID Password Manager solution: Password Manager makes it easy for vendors and partners
to securely manage their own passwords.
4.3 Language support
Problem: Global organizations must provide user support in multiple languages. Routine password man-
agement and password resets must both be available in multiple languages â on the same server, for the
same set of users and target systems, at the same time.
The Hitachi ID Password Manager solution: Password Managerâs fully customizable interface is already
available in multiple languages (English, Spanish, French, Dutch, and Japanese), and new languages are
added on request.
4.4 Infrequently used systems
Problem: When users sign into a system infrequently, they tend to forget the login process and password
in the interval between logins. For example, a user who signs into a time tracking system just once a month
may regularly forget that password, and so make regular password reset support calls.
Š 2014 Hitachi ID Systems, Inc.. All rights reserved. 7
11. Building a Business Case for Password Manager Purchase and Deployment
The Hitachi ID Password Manager solution: Password Manager synchronizes passwords, giving users
just one password to remember, and eliminating the problem.
Š 2014 Hitachi ID Systems, Inc.. All rights reserved. 8
12. Building a Business Case for Password Manager Purchase and Deployment
5 Cost impact
5.1 Support costs
Most IT help desks report that:
⢠20% to 40% of total call volume is due to password resets.
⢠These calls cost $25 to $35 to resolve.
This can amount to a signiďŹcant IT expense.
5.1.1 Direct cost savings with Password Manager
Direct cost savings accrue from reduced workload, and reduced or reassigned head count, at the IT help
desk. Support workload is reduced as follows:
⢠Hitachi ID Password Manager addresses password complexity, and can signiďŹcantly reduce the total
number of password problems that users experience. Successful deployments can eliminate 80% or
more of password problems.
⢠Self-service directs some of the remaining password problems away from the help desk. Typically
60% or more of remaining password problems never reach the help desk.
⢠The cost of remaining password reset calls is reduced, through a more streamlined call resolution
process. Password calls are typically resolved by the help desk in about 1 minute with Password
Manager.
⢠Password Manager can eliminate the need to staff password support analysts on a 24x7 basis.
⢠Password Manager signiďŹcantly reduces the peak volume of password resets, especially in the morn-
ing after weekends and holidays. This eliminates the need to staff the help desk for peak load, and
underutilize that capacity at other times.
Together, these beneďŹts can reduce 90% or more of password-related IT support cost.
5.2 Improved user productivity
Users typically spend twice as long with a password problem as the help desk. They try to sign in, fail to, try
again, call the help desk, wait for service, identify themselves, authenticate, receive the service, perhaps
wait for password propagation, and try to sign in again.
The cost of user productivity, though not appearing on any single budget line item, amounts to about double
the direct support cost.
Hitachi ID Password Manager can recover this lost productivity, by eliminating problems before they start,
by providing a self-service interface, and by make assisted resets more efďŹcient.
Š 2014 Hitachi ID Systems, Inc.. All rights reserved. 9
13. Building a Business Case for Hitachi ID Password Manager Purchase and Deployment
5.3 Support statistics
The following table shows the historical and projected trend of password resets handled by this companyâs
help desk:
Password targets Year 2006 Year 2007 Year 2008
Projected
Year 2009
Projected
Year 2010
Projected
NT/Active Directory
Win2k
Novell
Unix
AS/400
OS/390
Oracle
PeopleSoft
Lotus Notes
Custom apps
Total resets
Cost of resets
Š 2014 Hitachi ID Systems, Inc.. All rights reserved. 10
14. Building a Business Case for Hitachi ID Password Manager Purchase and Deployment
6 Additional technology applications
6.1 System migrations, mergers and acquisitions
Hitachi ID Password Manager can assist in system migrations, or in mass movements of users between
systems, as happens during mergers and acquisitions.
Password Manager maintains a list of users on each system, and this data can be used to create batches
of users on a new system.
Password Manager password synchronization is an effective way to initialize passwords for new accounts
given to existing users. Simply create a batch of new user IDs, each with a random password. Setup the new
system as a password synchronization target system, and ask users (by e-mail) to change their password
either on the Password Manager web user interface, or a password synchronization trigger system. This
will cause the userâs selected new password to be applied to all of their accounts, including the new one.
This process eliminates the need to give users default password values, or to e-mail initial passwords. It
has been successfully used by Hitachi ID customers to activate thousands of users on new systems in a
single, secure step.
6.2 Managing authentication in e-business applications
Hitachi ID Password Manager is a hardened, Internet-ready application. It is suitable for deployment on a
corporate Extranet, to support password management for outside, users, such as customers, partners or
vendors.
Password Manager is easy to integrate with other Extranet systems, such as subscription systems, CRM,
etc.
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: /pub/wp/documents/business-case/psynch/pwm-business-case-5.tex
Date: 2009-03-09