Challenge Accepted: Work Smarter When It Comes to Identity Management
It was a little more than a year ago when the executive leadership at this enterprise challenged its business units to find ways to work smarter. And Terry Garbo, senior information security engineer at this organization, had one idea in particular: he’d go after the costs associated with service desk calls with a vengeance.
For background, this company has about 11,500 users across the country, and whenever users would need to reset their passwords they’d have to call the service desk. “My goal for us to work smarter would be to eliminate those service desk calls and empower users to be able to manage their own accounts. And I knew we’d save money in the process,” Garbo said.
To meet his goal, Garbo had an identity governance platform in mind and it was one he had worked with in the past – SailPoint’s IdentityNow and IdentityIQ. Garbo would deploy and integrate IdentityNow with the enterprise’s existing IdentityIQ system so that staff could reset their own passwords. Still, the organization would need to perform its due diligence before any final decision was made. “I presented my plan to my leadership and explained what I wanted to do, why I wanted to do it, the projected cost savings, and how we could do a proof of concept with approval,” he said.
The executive team loved the idea, agreed to the go-ahead for the proof-of-concept, and gave Garbo a deadline of only six months to get it complete. Challenge accepted. And the expectations were clear from the executives: The new system had to allow users to reset and unlock both the standard and elevated accounts, and it had to be usable from any device —laptop, workstation, tablet or phone — as long as it connected to a network. Finally, it had to be done securely and demonstrate a real return on the investment.
After completing a security review and other due diligence on IdentityNow it was time to move forward with its proof-of-concept. “The testing went smoothly. We would go into production by January,” he said. They decided to name the new system, based on IdentityNow, MyAccess.
In addition to hard cost savings, the organization also looked to deliver on efficiency savings. By reducing the time required through a self-service password reset, there would be more production time returned to associates across the organization. The team, in addition to streamlining costs, also wanted to enhance security through two-factor authentication. “We must follow PCI DSS (Payment Card Industry Data Security Standard), but we also must comply with other regulations such as the FDIC (Federal Deposit Insurance Corporation) as well as many other federal and state regulations.”
IdentityNow, delivered as a cloud service, provides identity governance throughout hybrid IT environments as it unifies identity management processes across cloud, mobile, and on-premises systems. IdentityNow also provides the necessary identity information — apps, users, data, access — in a single place.
For the initial deployment, the decision was made to focus on bringing self-service password resets for standard accounts. When it came to administrator accounts, because of their sensitivity, the organization elected to have those users check-in with the internal security team whenever they need a reset. This way, additional validation steps could be completed, Garbo explained.
Challenge Met with Substantial Cost Savings
Roughly 11,500 email registrations to MyAccess were sent when it went live. Within a day, that registration was complete without any significant snags. “People became confident with the process from the beginning. It just worked fantastically and without any issues,” Garbo said. IdentityNow made it possible for the organization to quickly enforce password strength policy as well as automate password resets.
“If someone sets up a password and it doesn’t meet our constraints, they’ll now receive a message that tells them that their password isn’t complex enough, such as it’s missing a special character or that it doesn’t have enough characters,” he explained.
The cost savings proved substantial. Within the first four months of deployment, 5,516 password resets were completed without service desk assistance with an estimated savings of over $150,000. When administrator accounts are eventually included into MyAccess, the savings will be even higher. “Everyone is happy with the system and how well this has turned out, which works out very well for me,” he concluded.