Password management is essential to effective security. Today, end users authenticate themselves with passwords from a variety of devices to hundreds of applications and services. Effective password management solutions provide business users with an easy, intuitive way to change or reset passwords themselves, while enforcing a strong password policy across all applications.
However, Gartner estimates 40 percent of all IT service desks requests are still tied to password change requests, which hurts productivity and needlessly raises the cost of doing business. Password management systems help enterprises experience improved security posture while adhering to industry and government regulations. Not only is staff more productive, but it’s also easier to enforce centralized password policies across all users, applications and devices. These efficiencies significantly reduce the burden on help desk staff and cut costs.
There’s a decades-old debate about whether passwords are dead. But passwords continue to be the most widely used and accepted method of authentication, so they aren’t going away anytime soon. And while they are essential, passwords also threaten an enterprise’s security, with 75% of respondents to SailPoint’s 2018 Market Pulse Survey admitting they reuse passwords across accounts, including work and personal.
Password management might seem old hat, but it’s shocking to hear just how many organizations still aren’t doing it right. Users have so many passwords to remember, they’re cutting corners by not regularly updating them and making them unique. Duplication across applications is also a big problem – even among organizational and personal applications – and it creates a gateway for attackers to easily get access to enterprise data. Even IT decision makers within enterprises, who should be leading by example, have bad password habits. In a recent poll conducted by Vanson Bourne, they found 55% of IT decision makers have used the same password at work and in their personal life, and nearly a third admitted to using easy-to-guess words for their passwords.
Weak security practices leave organizations exposed to risk of breaches. Enterprise users share passwords across multiple accounts and systems, they do not regularly update or change their password, and they are not adhering to password management policies. The problem with this is that a seemingly unrelated consumer-facing security breach could also expose corporate passwords, which would allow hackers to access highly sensitive systems within your enterprise. The fallout of data breaches has long-lasting effects – as we’ve seen from the continued impact of the 2012 data breach at LinkedIn and the Yahoo breaches that were dubbed the worst of the 21st century.
Unfortunately, many users don’t immediately change their passwords after a data breach. The “domino effect” of breaches across multiple Internet services shows people still aren’t learning their basic security lessons. And employing a weak approach to securing identities, in part by not enforcing password reset among employees, is an example of how simple, internal controls could minimize the overall impact of a data breach.
Enterprises need to educate employees on the risks of poor password hygiene and enforce strong corporate policies. A sound password management program provides automated password assistance and resets to users is a critical facet of that automation. It should be part of a robust identity governance solution that provides the right preventive and detective controls required to control access and identify and remediate security issues.
Identity governance makes it possible for organizations to provide automated access to an ever-growing and changing IT environment, while also reducing potential security and compliance risks. User provisioning automates the defined processes for granting, changing and removing user access privileges. Policy management helps strengthen passwords across all applications. Access certifications ensure user access is appropriate and meets policy, audit and compliance requirements.
SailPoint’s open identity platform can help your organization:
SailPoint has an innovative approach to mobile password resets and provides automated tools to avoid costly help desk calls. Overall, the efficiencies gained through the power of identity is impressive. For example, GE reduced their help desk tickets for password reset requests from several hundred thousand to about 10,000 requests annually, providing a cost savings of over $2 million a year. Similarly, Rockwell Automation worked with SailPoint to automate everything from password synching to user provisioning. After implementing SailPoint’s open identity platform, 62,000 requests were efficiently handled automatically – most through self-service request – for a savings of about $1 million annually.
SailPoint also empower enterprise users to securely manage network access credentials from the cloud, especially when located remotely and locked out of the corporate network. Our unique, patented solution allows employees to safely manage enterprise passwords from mobile devices. This technology enables business users to reset their local and domain password remotely – without having to involve IT – which ensures ease of use while securing identity data for global enterprises. This means cost savings, improved productivity and a better end-user experience.
We make it possible for you to see and control access to all apps and data for all users, including non-human ones like bots.FIND OUT MORE
We’d like to talk about your business challenges and show how our identity platform can address them.