The true cost of Password Management
Transcript of The true cost of Password Management
-
7/27/2019 The true cost of Password Management
1/6
1 . 8 0 0 . 8 1 3 . 6 4 1 5 | w w w . s c r i p t l o g i c . c o m
TheTrueCostofPasswordManagement
AScriptLogicProductPositioningPaper
-
7/27/2019 The true cost of Password Management
2/6
2|TheTrueCostofPasswordManagement
The True Cost of Password Management
Iveforgottenmypassword!
Icant
log
in!
Canyouhelpmechangemypassword?Myoldonejustexpired.
WhycantIjustreusemyoldpassword?Icanrememberthatone.
ChancesarethatnearlyoneoutofeverythreetimesthehelpdeskorITdepartmentpicksup
thephone,itsforapasswordmanagementissue.Passwordsarenecessarytoprovidethesecurityand
accessmanagementrequiredbytodaysenterprise.Butaretheycostingyoumoney?
Ontheonehand,passwordresetsseemtodemandaninordinateamountofITattention.On
theother
hand,
in
an
effort
to
ease
the
need
to
bother
the
help
desk,
end
users
often
resort
to
non
securepasswordpracticesthatmayactuallymaketheenterprisemorevulnerable.Perhapsnoother
areaofITcanoffertheimmediatereturnoninvestment(ROI),orenduserenablingsatisfactionthan
automationofpasswordmanagement.
AccordingForrester
Passwordproblemsandresetsgenerallyconstitutebetween25%and40%oftotalhelpdesk
incidents.1
1Twenty-Three Best Practices For The Customer Service Center, Chip Gliedman, Forrester, October 11, 2005
HelpDesk
Call
Volume
CallsforPasswordResets
OtherHelpDeskCalls
-
7/27/2019 The true cost of Password Management
3/6
3|TheTrueCostofPasswordManagement
Needlesstosay,eventhemostefficientorganizationprobablyadmitspasswordmanagementas
oneofitsmostinefficientITtasks.Inreality,mostorganizationsspendapproximately1/3oftheirIT
attentiononpasswordresets.
TheTrueCostofPasswordManagementWhileitisdifficulttoplaceanexactcostonasinglepasswordresetcall,analystshavebeenabletomakesomefairlyaccurateassumptions.Analystsplacethecostofatypicalpasswordresetcallat
between$10and$31.Addtothisthelostproductivitywhileendusersdealwiththeirpassword(rather
thanperformingtheirjob),whichsomeanalystshaveplacedat20minutesperincident,andthe
financialimpactofmanualpasswordmanagementpracticescanbesignificant.
Ina2004Gartnercasestudy,alargebeveragecompanydeterminedthat30percentofhelp
deskcallswerepasswordrelatedwithanaveragecostof$17.23percallforanannualimpactofmore
than$900,0002.
Evenifweassumethelowestnumbers($10percalland15percentofcalls),itquicklybecomes
apparentthatmanualpasswordmanagementisoneareathatcandeliversignificantROIthrough
automation.
AutomatingPasswordManagementGartnerestimatesabout7090percentcostsavingsforhelpdesksthroughthe
implementationofaselfservicepasswordresetsolution3
2Automated Password Resets Can Cut IT Service Desk Costs,Gartner, 13 December 2004, ID Number G001235313Toolkit: Evaluating Enterprise Options for Managing Passwords, Gartner, 3 November 2006, ID Number
G00144094
HelpDeskCallVolumeSavingswith
DesktopAuthority
Password
Self
Service
PasswordResetRelatedCalls
OtherHelpDeskCalls
-
7/27/2019 The true cost of Password Management
4/6
4|TheTrueCostofPasswordManagement
Atitsveryessence,DesktopAuthorityPasswordSelfServiceprovidestheendusercommunity
withinanorganizationwiththeabilitytochangeandresetpasswordswithoutinvolvingthehelpdeskor
ITstaff.Itpresentsaseriesofchallenge/responsequestionsthatendusersmustanswerinorderto
unlockalockedaccount,changeapassword,orreaccesssystemsoncetheirfailedloginshaveexceeded
thelimit.
Inmostcases,whenausercannotaccesshisorhersystemduetoapasswordissue,theuser
cannotaccesstheselfservicepasswordresetapplication.Ratherthanrequireuserstosimplyborrowa
neighborsPCtoaccesstheapplication,answerthequestions,andresetthepasswordorutilizekiosks
whosesolepurposeispasswordresets,DesktopAuthorityPasswordSelfServiceallowswebbased
accesstotheapplicationpriortologinthroughaGINAextensiononthedesktop.SimplybyclickingaI
forgotmypasswordlink,theuseristakentoawebpagewithpasswordresetfunctionalityisavailable.
-
7/27/2019 The true cost of Password Management
5/6
5|TheTrueCostofPasswordManagement
CalculatingReturnonInvestmentBasedonaconservativeuseofthenumbersprovidedbyanalystfirms,thefollowingROIcanbe
experiencedthroughimplementingDesktopAuthorityPasswordSelfServicetomanageADbased
passwords.Weusea1,000usercompanyasanexampleandacostof$5.60/seatfortheDesktop
AuthorityPasswordSelfService.
EmployeeData
NumberofUsers 1,000
Averagefullyburdenedsalaryofuser(employee) $50,000
Annualfullyburdenedsalaryofhelpdeskassociate $50,000
Hoursinasingleworkyear 2,080hours
HelpDeskMetrics
Helpdeskcallsperusereachyear 10
Percentagecallsrelatedtopasswordreset 40%
Average
duration
password
reset
call
15
mins./callAverageuserinactivityforpasswordissue 20mins./call
WithoutaPasswordManagementSolution
Totalnumberofhelpdeskcallsperyear 10,000
Totalhelpdeskcallsforpasswordincidents 4,000
Totalannualhelpdesktimespentonpasswordresetcalls 1,000hours
Totalannualuserinactivitywastedonpasswordresetcalls 1,333hours
Costofuser'stimelostforeachincident $8.01percall
Costofhelpdeskforeachincident $6.01percall
Totalcostofuserinactivitywithoutpasswordmanagementsolution $32,051
Costof
password
reset
help
desk
calls
$24,038
TotalCostwithoutPasswordManagementSolution $56,089
WithaPasswordManagementSolution
Percentageofpasswordcallshandledbysolution 100%
Totalnumberofcallscovered 4,000
Averagedurationselfservepasswordresetsession 3minutes
Totalcostofuserinactivityforuserswithsolution $4,807
Costofpasswordresethelpdeskcalls $0
TotalCostwithPasswordManagementSolution $4,807
ROIAnalysis
AnnualsavingswithDesktopAuthorityPasswordSelfService $51,282
LessUpfrontSoftwareInvestment ($5,600)
OneYearDollarSavings $45,682
BenefitasaMultipleofCost 8.1x
PaybackPeriodonInvestment 1.3Months
-
7/27/2019 The true cost of Password Management
6/6
6|TheTrueCostofPasswordManagement
ConclusionObviously,theROIforimplementingaselfservicepasswordresetsolutionissignificant.This
benefitcanbeevenfurtherenhancedwhenthesolutioniscombinedwithtechnologiesthatreducethe
overallnumberofpasswordsthatmustbemanaged.Nootheridentitymanagementpracticecanbring
thefinancialbenefit,securityenhancements,andcomplianceenablingpracticesthatcomewithan
automatedpasswordmanagementsolution.Simplyenablingenduserselfservicecandramatically
reducecostsandincreaseefficiency.Inaddition,usingDesktopAuthorityPasswordSelfServicecan
providesignificantimprovementsinsecurityandcompliance.