Password Management:
Organizations are being challenged by growing user populations that are no longer confined to employees but also include customers, contractors, suppliers and partners. Ever expanding user communities requiring access to increasing numbers of applications and processes have created the need for solutions that can manage identities while controlling access to resources based on rights and privileges. The emergence of regulatory mandates such as Sarbanes-Oxley Act, HIPAA and Gramm-Leach-Bliley Act (GLBA) in the US, EU data privacy regulations and banking industry Basel II in Europe, J-SOX in Japan and Payment Card Industries standards on a global basis etc., has affected the way organizations manage their business processes. The IT industry challenges are further complicated by the need to audit and scrutinize user access to data and applications based on user attributes.
The dynamics of the evolving IT environment have forced the enterprise to look at alternative approaches to not only ensure the integrity of their target systems, but to do it in an effective, efficient and secure manner. In an endeavor to meet the identity management challenges, IT administrators are faced with the daunting task of monitoring user privileges, passwords and their management as well as access right to growing number of applications, both internal and external to the organization.
Password management is the gateway to managing identities and therefore is often considered to be the initial step in identity and access management related projects. The IT environment challenges described above should be viewed as a holistic approach to managing the identity management chaos, where password management plays an important role.
Enterprise Password Management Issues:
In a typical IT environment, users may have access to services such as travel, time management, pension and healthcare as well as many other partner and vendor related data. Each and every time a person requires access to an application, they are likely to login with specific passwords. Growing numbers of users with multiple passwords creates what is often referred to as password inflation. This is a daunting administrative IT task as well as a nuisance to the end user. Having to remember numerous passwords is always a security and convenience issue where lack of adequate management tools to manage forgotten passwords can lead to:
- User frustrations caused by having to wait for help desk password resets
- Idle users giving rise to an unproductive workforce
- Administrators engaged in manually managing password resets are removed from other important daily functions
According to industry reports and studies, 30% – 40% of help desk calls are password related and costs can average $250 per user per year. For a medium sized organization with 1,500 employees, as an example, the average annual cost for managing passwords can easily add up to $375,000 or more.
It is not surprising therefore, that password management is a foremost consideration at the start of any identity management projects, especially when the tangible benefits are readily demonstrated.
Enter Password Management
An ideal Password Management solution enables the centralized management of user accounts where password policies can be defined, empowers the end user to reset passwords through self-service capabilities, and simplifies the password administration process so that it can be performed by help desk staff rather than system administrators.
The benefits of deploying password management solutions will not only improve enterprise efficiency, but will enable the organization to maximize enterprise security by ensuring compliance with both corporate policies and regulatory mandates.
What to Look for in a Solution
Not all password management tools are created equal and the effectiveness and efficiency of self-service and administrator functions offered by each solution can vary dramatically. As mentioned above, a password management solution should simplify the user experience as much as possible while adhering to corporate and regulatory policies at all times. Examples of capabilities that can help achieve this are:
- Self-Service Password Management allows users (employees, partners, customers) to manage their own passwords with the following tasks:
– Self Registration Enables the user to specify a password when they register at a corporate website.
– Change Passwords Enables the user to modify their passwords without help from IT or help desk personnel. In more sophisticated systems, this can be achieved through interactive logon services such as Windows GINA (when Control-Alt-Delete is pressed) that further simplifies the self-service password management functions.
