fastpasscorp , jesper oestergaard , director business development , jo@fastpasscorp
DESCRIPTION
FastPassCorp , Jesper Oestergaard , Director Business Development , [email protected]. Self-Service Password Management Made easy. ”For your eyes only ”. Vivit Usergroup meeting: Chicago May 24, 2011. Agenda. FastPassCorp Self-service The Password problem space - PowerPoint PPT PresentationTRANSCRIPT
1FastPassCorp, Jesper Oestergaard, Director Business Development, [email protected]
Self-Service Password Management
Made easy
Vivit Usergroup meeting: Chicago
May 24, 2011
”For your eyes only”
Agenda
• FastPassCorp
• Self-service
• The Password problem space
• The FastPass solution stack
• Some more nuggets
• Wrap-up
FastPassCorp A/S
• Founded as IT InterGroup in 2000:– Services in IT security
• Identity & Access Management – Sold to PriceWaterhouseCoopers June ’08
• Now FastPassCorp:– Independant Software Vendor (ISV)
• FastPassCorp first to introduce AD based password reset, november 2004
– Selling through a network of partners• Service Providers, Service Management
vendors & Partners, Desktop deployment partners
– Listed on Nasdaq OMX Copenhagen Exchange (First North) september 2007: [FASTPC]
jun okt
feb jun ok
tfe
b jun okt
feb-
110
50000100000150000200000250000300000350000400000450000500000
User license sold (V3)
Customer / partner examplesFastPass installations in 13 countries
- and – we’re partner with HP in the Enterprise Management Alliance Program..
”Gartner predicts that client self-service will account for 58 percent of all service interactions by 2010, due to their dramatic contribution to the reduction of cost of operating an IT environment”
Self-service
Do you consider Self-service important and an area to focus?
Self-service
Do you have a Self-service strategy?
What implications do you see and what are your main concerns?
In order to enable Self-service people need access
Self-service
A forgotten password leaves the user without access, so consider password self-service as part of your Self-service initiatives!
The Password Pain - Service Desk
(Aberdeen Group)
Calls to IT Service Desk
- Gartner analysts says that 20-50% of all Service Desk calls are for password reset
- Forrester suggests that the average cost for a single password reset could be as high as $100
- FastPassCorp research indicates anything from $25 - $147
The Password pain - user side
- Forgotten or a lost password will leave the user un-productive – and frustrated!
- Un-productivity can be extreemely costly – and so – a password reset needs severity 1
- So, what’s the price for a single password reset if the requirement basically is 24*7?
The average time to resolve a forgotten password request will vary from <½ hour to several days:
- 25% of industry norm companies takes >4 hours - 40% of industry norm companies takes <1 hour
The security issue
For a start – lets look at the nature of the password!
- Used for (secure!) Identification (authentication) of users
- Supposed to be private – ”For your eyes only”
- One of three Identification methodologies: ”something you know””something you have” ”something you are”
Jane45#jacobs§99124%
The security issue - continued
The password reset proces – a double sided who-is-who
- If passwords are ”for your eyes only” – what about person in the Service Desk (or the outsourced Service Desk)?
Fact: 60-80% of IT crimes are insiderjobs!
- Secure Identification of the user calling, and a secure password handover proces is a demand to accomodate compliancy initiatives ( Sarbanes Oxley act, ISO 27001 etc.)
Who is responsible??
FastPass Password Manager v3
• Utilizes the existing Microsoft infrastructure (AD,ADAM/ADLDS)
• Secure identification of users (multi-authentication engine)• Advanced notification services• Access from anywhere (XP, Vista, Windows 7, Browsers
(PC & mobile), Service Desk portals (Service Req. mgmt.)• Scalable to large and complex environments incl. MSP’s• SR/Incident forwarding to HP Service Manager• Automated enrolment Services• Enforces password policies• Multi-system reset for other platforms/systems (SAP,
AS/400, SQL, Generic connector etc.)• Web-services (SOA) application• Fast implementation (1-2 days on windows)
Secure identification
• Configurable Multi-factor authentifikation– Profile based, and the profile is determined dynamically.– Profile is based on attributes and status.
• Does the session come from a specific network (secure eller insecure).
• Is the user member of a specific group (Administrator or normal user)
• Has the user enrolled• Does the user have a mobile phone
– Personal questions (Challenge questions)– One-time pincode for the mobile phone
Easy enrollment
• Discovery Service– Collects users and groups– Is working almost like Hardware/Software Inventory solutions (Scanning,
Collecting, Storing)
• Enrollment Service– Invites users to enroll into FastPass Password Manager– Enables high enrollment rate and can also be used to inform/remind
about the presence– Scheduling of invitations– Operates on a time line where the ”offset” time can be a specific time or a
time relative to the discovery of a user– Invitations can be sent
by e-mail or SMS
Act
ion
1
Act
ion
2
0 1 2 3 4 5 6 7 8 0 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
Act
ion
3
Act
ion
4
Act
ion
5
High enrollment percentage is necessary to win
the productivity gains!
New NAG screen in
V 3.4!
Notification
16
Mail and/ or SMS notification at selected events to receivers
• Events examples– A password has been reset– A user has tried to enroll– A new user has been discovered
• Receivers (examples):– The user– The user’ manager– The administrator– The HelpDesk system
”Simple Sign-on”: 1 user / 1 password for all systems
Or selective reset per system if required!
FastPass Overview
Case: G4S Self-service portal
And integrated into Self-service portal
Self-service portal in Service Management solution
Demonstration
User Identification and Authentication 2.0
- Challenge / Response questions used by the Service Desk to identify users for other purposes
More Nuggets..
Access card self-service pin code retreival
Access card self-service pin code retreival
More Nuggets..
Are considering end-point encryption?
FastPass introduces self-service for retreival of bios passwords (end-point encrypted devices)
Supported systems: PGP & Checkpoint
What’s the value of Password Self-service?
Wrap-up