1 / 27

FastPassCorp , Jesper Oestergaard , Director Business Development , jo@fastpasscorp

FastPassCorp , Jesper Oestergaard , Director Business Development , jo@fastpasscorp.com. Self-Service Password Management Made easy. ”For your eyes only ”. Vivit Usergroup meeting: Chicago May 24, 2011. Agenda. FastPassCorp Self-service The Password problem space

saima
Download Presentation

FastPassCorp , Jesper Oestergaard , Director Business Development , jo@fastpasscorp

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FastPassCorp, Jesper Oestergaard, Director Business Development, jo@fastpasscorp.com Self-Service Password Management Made easy ”For youreyesonly” VivitUsergroup meeting: Chicago May 24, 2011

  2. Agenda • FastPassCorp • Self-service • The Password problem space • The FastPass solution stack • Some more nuggets • Wrap-up

  3. FastPassCorp A/S Founded as IT InterGroup in 2000: Services in IT security Identity & Access Management Sold to PriceWaterhouseCoopers June ’08 NowFastPassCorp: Independant Software Vendor (ISV) FastPassCorpfirst to introduce AD based password reset, november 2004 Sellingthrough a network of partners Service Providers, Service Management vendors & Partners, Desktop deployment partners Listed onNasdaq OMX Copenhagen Exchange (First North) september 2007: [FASTPC]

  4. Customer / partner examples FastPass installations in 13 countries

  5. - and – we’re partner with HP in the Enterprise Management Alliance Program..

  6. ”Gartner predicts that client self-service will account for 58 percent of all service interactions by 2010, due to their dramatic contribution to the reduction of cost of operating an IT environment” Self-service

  7. Do youconsiderSelf-serviceimportant and an area to focus? Self-service Do you have a Self-servicestrategy? Whatimplications do yousee and whatareyourmainconcerns?

  8. In order to enableSelf-servicepeopleneedaccess Self-service A forgotten password leaves the userwithoutaccess, so consider password self-service as part of yourSelf-serviceinitiatives!

  9. The Password Pain - Service Desk - Gartner analysts says that 20-50% of all Service Deskcallsare for password reset - Forrestersuggeststhat the averagecost for a single password resetcouldbe as high as $100 - FastPassCorp research indicatesanything from $25 - $147 Calls to IT Service Desk (Aberdeen Group)

  10. The Password pain - user side - Forgottenor a lost password willleave the userun-productive – and frustrated! - Un-productivitycanbeextreemelycostly – and so – a password resetneedsseverity 1- So, what’s the price for a single password resetif the requirementbasically is 24*7? The average time to resolve a forgotten password requestwillvary from <½ hour to severaldays: - 25% of industry norm companiestakes >4 hours - 40% of industry norm companiestakes <1 hour

  11. The security issue For a start – lets look at the nature of the password! - Used for (secure!) Identification (authentication) of users - Supposed to be private – ”For your eyes only” - One of three Identification methodologies: ”something you know””something you have” ”something you are” Jane45#jacobs§99124%

  12. The security issue - continued The password reset proces – a double sided who-is-who - If passwords are ”for your eyes only” – what about person in the Service Desk (or the outsourced Service Desk)? Fact: 60-80% of IT crimes are insiderjobs! - Secure Identification of the user calling, and a secure password handover proces is a demand to accomodate compliancy initiatives ( SarbanesOxleyact, ISO 27001 etc.) Who is responsible??

  13. FastPass Password Manager v3 • Utilizes the existing Microsoft infrastructure (AD,ADAM/ADLDS) • Secureidentification of users (multi-authenticationengine) • Advancednotification services • Access from anywhere (XP, Vista, Windows 7, Browsers (PC & mobile), Service Desk portals (Service Req. mgmt.) • Scalable to large and complexenvironmentsincl. MSP’s • SR/Incident forwarding to HP Service Manager • Automatedenrolment Services • Enforces password policies • Multi-system reset for other platforms/systems (SAP, AS/400, SQL, Genericconnector etc.) • Web-services (SOA) application • Fast implementation (1-2 daysonwindows)

  14. Secure identification • Configurable Multi-factor authentifikation • Profile based, and the profile is determined dynamically. • Profile is based on attributes and status. • Does the session come from a specific network (secure eller insecure). • Is the user member of a specific group (Administrator or normal user) • Has the user enrolled • Does the user have a mobile phone • Personal questions (Challenge questions) • One-time pincode for the mobile phone

  15. Easy enrollment • Discovery Service • Collects users and groups • Is working almost like Hardware/Software Inventory solutions (Scanning, Collecting, Storing) • Enrollment Service • Invites users to enroll into FastPass Password Manager • Enables high enrollment rate and can also be used to inform/remind about the presence • Scheduling of invitations • Operates on a time line where the ”offset” time can be a specific time or a time relative to the discovery of a user • Invitations can be sent by e-mail or SMS New NAG screen in V 3.4! High enrollment percentage is necessary to win the productivity gains!

  16. Notification Mail and/ or SMS notification at selected events to receivers • Events examples • A password has beenreset • A user has tried to enroll • A new user has beendiscovered • Receivers (examples): • The user • The user’ manager • The administrator • The HelpDesk system

  17. ”Simple Sign-on”: 1 user / 1 password for all systems Orselectivereset per system ifrequired!

  18. FastPass Overview

  19. Case: G4S Self-service portal

  20. And integratedintoSelf-service portal

  21. Self-service portal in Service Management solution

  22. Demonstration

  23. UserIdentification and Authentication 2.0 More Nuggets.. - Challenge / Responsequestionsused by the Service Desk to identifyusers for otherpurposes

  24. Access cardself-service pin coderetreival

  25. Access cardself-service pin coderetreival

  26. More Nuggets.. Are considering end-point encryption? FastPass introducesself-service for retreival of bios passwords (end-pointencrypteddevices) Supported systems: PGP & Checkpoint

  27. Wrap-up What’s the value of Password Self-service?

More Related