270 likes | 449 Views
FastPassCorp , Jesper Oestergaard , Director Business Development , jo@fastpasscorp.com. Self-Service Password Management Made easy. ”For your eyes only ”. Vivit Usergroup meeting: Chicago May 24, 2011. Agenda. FastPassCorp Self-service The Password problem space
E N D
FastPassCorp, Jesper Oestergaard, Director Business Development, jo@fastpasscorp.com Self-Service Password Management Made easy ”For youreyesonly” VivitUsergroup meeting: Chicago May 24, 2011
Agenda • FastPassCorp • Self-service • The Password problem space • The FastPass solution stack • Some more nuggets • Wrap-up
FastPassCorp A/S Founded as IT InterGroup in 2000: Services in IT security Identity & Access Management Sold to PriceWaterhouseCoopers June ’08 NowFastPassCorp: Independant Software Vendor (ISV) FastPassCorpfirst to introduce AD based password reset, november 2004 Sellingthrough a network of partners Service Providers, Service Management vendors & Partners, Desktop deployment partners Listed onNasdaq OMX Copenhagen Exchange (First North) september 2007: [FASTPC]
Customer / partner examples FastPass installations in 13 countries
- and – we’re partner with HP in the Enterprise Management Alliance Program..
”Gartner predicts that client self-service will account for 58 percent of all service interactions by 2010, due to their dramatic contribution to the reduction of cost of operating an IT environment” Self-service
Do youconsiderSelf-serviceimportant and an area to focus? Self-service Do you have a Self-servicestrategy? Whatimplications do yousee and whatareyourmainconcerns?
In order to enableSelf-servicepeopleneedaccess Self-service A forgotten password leaves the userwithoutaccess, so consider password self-service as part of yourSelf-serviceinitiatives!
The Password Pain - Service Desk - Gartner analysts says that 20-50% of all Service Deskcallsare for password reset - Forrestersuggeststhat the averagecost for a single password resetcouldbe as high as $100 - FastPassCorp research indicatesanything from $25 - $147 Calls to IT Service Desk (Aberdeen Group)
The Password pain - user side - Forgottenor a lost password willleave the userun-productive – and frustrated! - Un-productivitycanbeextreemelycostly – and so – a password resetneedsseverity 1- So, what’s the price for a single password resetif the requirementbasically is 24*7? The average time to resolve a forgotten password requestwillvary from <½ hour to severaldays: - 25% of industry norm companiestakes >4 hours - 40% of industry norm companiestakes <1 hour
The security issue For a start – lets look at the nature of the password! - Used for (secure!) Identification (authentication) of users - Supposed to be private – ”For your eyes only” - One of three Identification methodologies: ”something you know””something you have” ”something you are” Jane45#jacobs§99124%
The security issue - continued The password reset proces – a double sided who-is-who - If passwords are ”for your eyes only” – what about person in the Service Desk (or the outsourced Service Desk)? Fact: 60-80% of IT crimes are insiderjobs! - Secure Identification of the user calling, and a secure password handover proces is a demand to accomodate compliancy initiatives ( SarbanesOxleyact, ISO 27001 etc.) Who is responsible??
FastPass Password Manager v3 • Utilizes the existing Microsoft infrastructure (AD,ADAM/ADLDS) • Secureidentification of users (multi-authenticationengine) • Advancednotification services • Access from anywhere (XP, Vista, Windows 7, Browsers (PC & mobile), Service Desk portals (Service Req. mgmt.) • Scalable to large and complexenvironmentsincl. MSP’s • SR/Incident forwarding to HP Service Manager • Automatedenrolment Services • Enforces password policies • Multi-system reset for other platforms/systems (SAP, AS/400, SQL, Genericconnector etc.) • Web-services (SOA) application • Fast implementation (1-2 daysonwindows)
Secure identification • Configurable Multi-factor authentifikation • Profile based, and the profile is determined dynamically. • Profile is based on attributes and status. • Does the session come from a specific network (secure eller insecure). • Is the user member of a specific group (Administrator or normal user) • Has the user enrolled • Does the user have a mobile phone • Personal questions (Challenge questions) • One-time pincode for the mobile phone
Easy enrollment • Discovery Service • Collects users and groups • Is working almost like Hardware/Software Inventory solutions (Scanning, Collecting, Storing) • Enrollment Service • Invites users to enroll into FastPass Password Manager • Enables high enrollment rate and can also be used to inform/remind about the presence • Scheduling of invitations • Operates on a time line where the ”offset” time can be a specific time or a time relative to the discovery of a user • Invitations can be sent by e-mail or SMS New NAG screen in V 3.4! High enrollment percentage is necessary to win the productivity gains!
Notification Mail and/ or SMS notification at selected events to receivers • Events examples • A password has beenreset • A user has tried to enroll • A new user has beendiscovered • Receivers (examples): • The user • The user’ manager • The administrator • The HelpDesk system
”Simple Sign-on”: 1 user / 1 password for all systems Orselectivereset per system ifrequired!
UserIdentification and Authentication 2.0 More Nuggets.. - Challenge / Responsequestionsused by the Service Desk to identifyusers for otherpurposes
More Nuggets.. Are considering end-point encryption? FastPass introducesself-service for retreival of bios passwords (end-pointencrypteddevices) Supported systems: PGP & Checkpoint
Wrap-up What’s the value of Password Self-service?