Password Management.ComThe Password ImpasseThe Optional ImpactThe Soultion - NetMagic Pro  
 

Breaking Through the
Password Impasse

  

 

Defining the Challenge and
Offering a Simply Efficient Solution

  
 
Copyright (c) 2002 NetMagic Pro and 
NetMagic Systems, Inc. are trademarks of NetMagic Systems, Inc.  All rights reserved. 
All other names or companies mentioned herein are either trademarks or 
registered trademarks of their corporations.
  
 

A White Paper by
NetMagic Systems, Inc.

  
Even the best business plans and processes have inherent inefficiencies that inevitably crop up during the minutia of day-to-day operations. The more complex the operational environment, the more these little operational details emerge above the noise of daily activity to have a measurable, negative effect on profitable operations. This is especially true of business processes deployed in complex computing environments, such as those deployed on multiple, geographically dispersed computing platforms (IBM, Unix, PCs, applications, etc.) and implemented through a host of Wide Area Network (WAN) and Local Area Network (LAN) technologies.
  
 

Defining the Challenge and Offering a Simple, Efficient Solution

  
The security requirements of such complex environments, while absolutely necessary, are often prime contributors to this daily dilution of the effectiveness of the business processes. Surprisingly, one of the most ubiquitous instruments of daily security regimens, the pesky password, is arguably the leading culprit in sapping the vitality and profitability from the day-to-day execution of the business processes. Passwords do this by sidelining (during prime time) the primary implementers and beneficiaries of the business process, the end-users and your customers, and they can be blocked from using their primary business applications for time periods ranging from tens of minutes to hours.
  
 

Three key problems sap time, productivity and profitability.
 
The crux of the problem is threefold: 
1. Proliferation: Passwords are omnipresent in your organization. 
2. Changeability: For security reasons or because of basic human foibles, the need to change or issue new passwords occurs at a very high frequency. 
3. Complexity: Changing passwords is not as simple and as quick in multi-platform, distributed environments as it should be.
  
 

 

  
The first issue, the ubiquitous nature of passwords (or personal identification numbers - PINs) derives simply from the fact that passwords are a foundational element of most security systems that provide access to valuable assets by large populations. The need for this something-you-know part of security disciplines may be widely supplemented by new technologies someday, but passwords are unlikely to disappear for many years to come.
The second issue with passwords is based on security disciplines that require frequent changing of passwords. It is also based upon the multiplicity of passwords that a single user must remember and the very human tendency to forget at least one of these passwords. Neither the frequent password change security regimen nor human nature is likely to be altered in a way that requires less frequent change of passwords. However, the number of passwords that a single user possesses is a controllable factor, either through operational procedures or through software tools that help limit the proliferation of multiple passwords per user.  This, of course, depends upon an organization's security goals and its operational environments. 
The third issue with passwords is the inability to quickly and simply change a password. This inability results from security requirements around password authority and from the diversity and complexity of the software tools employed to implement password changes in multi-platform environments.  The security delays in password changing are usually caused by security rules that dictate that only select personnel with special authority to manage the password change process may execute password changes. A necessary bottleneck is created through which all password change requests must pass.  Even in operations where sufficient authorized personnel are available to avoid this bottleneck, delays are caused by the time it takes to execute commands or invoke special password management tools specific to each of the platforms for which a user needs a password change.

  
     
     
 

Password management represents 30% of all Help Desk calls and can cost up to $49 per call.

 
Again, the net result of all this is the daily attenuation of the efforts of employers and customers executing business processes that were designed to contribute to profitability, while increasing service. To bring focus on the password problem and to provide a common mechanism for servicing user password exchange requests, most companies funnel password change requests through local or corporate Help Desk facilities, where procedures and the software tools for multiple-platform management of passwords and password change requests are centered. 
When a password change request is received at a Help Desk, the operator first authenticates the identity of the caller and then, using the password control software for each of the multiple platforms, executes the commands necessary to change or issue a new password for the requestor. This process can take tens of minutes, if the Help Desk operator has been provided the security authority to directly issue password changes, or it can take hours if the Help Desk operator must transfer the requests to a special group authorized to change passwords. Meanwhile, the requestor is sidelined from the business activity because they cannot access their desktop computers and, most importantly, their business applications that run on their desktop systems.
  
     
 

NetMagic Pro is a cost-efficient, elegantly simple solution for password management.

  
The management of password changes has grown today to represent a very significant load on the work activities and resources of the Help Desk facilities.  Today, typically 30 percent of the calls to the Help Desk facilities are for password management, i.e., issuing a new password for a user who has forgotten their password or otherwise needs the password changed. The representative percentage can peak much higher than 30 percent on Mondays and days after holidays. There are various estimates as to the cost of password management calls by the Help Desk facility.  Gartner Group estimates the average as $25 per call, but many large organizations report costs as high as $49 per call. This is the cost of the Help Desk, and does not even factor in the lost productivity cost of idled end-users.
This password management problem is not restricted to very large organizations. For user populations of 200 to 1,000, it can easily represent 2,000 calls per year. For very large organizations of 80,000 unique user IDs, there can be 800,000 to 1,000,000 password-reset calls per year.

  
     
     
With a problem this costly, one would expect software tools to arise that would help get these costs under control, and over the past five years, these have appeared, but they are very expensive in their own right and costly to deploy.  These expensive solutions are mostly targeted at large user populations. They are usually of two types: password modules as part of large enterprise management control products (CA/Unicenter (r), BMC (r) InControl (r), Tivoli (r)) or password project software packages in which a core password management software (often with much functionality beyond password management) is packaged with onsite consulting to deliver a tailored solution for standard platforms such as IBM (r) OS390/RACF (r), Unix (r), MicrosoftWin2000(r), SAP (r) and PeopleSoft (r).  Fortunately for small, medium and large organizations seeking better return on investment than can be obtained from the large, multi-functional software products, a moderately priced password management software tool with an elegantly simple architecture, easily deployable over enterprises with 100 to 100,000-plus user IDs, is available. This standalone software tool, focused exclusively on password management, is NetMagic Pro (tm) from NetMagic Systems of New York. 

  
 

NetMagic Pro’s Load-&-Go capability makes it fast to implement and easy to use.

  
NetMagic Pro is an enterprise-wide password management software program that manages passwords for some of the largest organizations in North America in 7-day by 24 hour/day operations. This five-year-old, load-and-go password management tool has evolved from its roots in Microsoft's NT/Win2000 and Novell's NetWare to include simple-to-deploy and simple-to-use, yet highly secure password management for IBM/OS390/RACF and the major Unix platforms of Linux, HP-UX, IBM AIX and Sun Solaris. For these platforms, NetMagic Pro is installable out-of-the-box in a couple of hours.  It fits both industry and government dictums for Commercial-Off-The-Shelf (COTS) products from software vendors, yet NetMagic Pro offers easy extendibility through special application programming interfaced options (APIs) that allow straightforward expansion into password management of other platforms, especially operational business applications, even those developed in-house.
NetMagic Pro solves each of the three key obstructions that passwords present to efficient execution of business processes. Password proliferation can be minimized by using NetMagic Pro's ability to synchronize an end-user's multiple passwords across diverse platforms into a single password that is easy for the end-user to remember.
  
     
 

NetMagic Pro can break through your Password Impasse.

  
NetMagic Pro makes the password management process far more efficient and less costly by making it extraordinarily easy for Help Desk operators or end-users to change the password, reset the password, and unlock the user's locked account after the security mechanisms have locked an account after a predetermined number of attempts to enter an invalid password. NetMagic Pro does this in two ways: 
* Automating the password reset process for the Help Desk by providing a simple automatic GUI that is the same for all platforms. What took 10 - 15 minutes or more will now take much less than a minute, saving time for both the Help Desk operator and the end-user who has made a telephone call to the Help Desk for support
* Eliminating the need for the end-user to call the Help Desk by providing the end-user with an intuitive, simple web screen that lets them verify their identity by answering a pre-defined set of user authorization questions, and then changes or resets their own password, thus saving tens of minutes to hours of time away from their business applications.

If your organization faces the performance losses addressed here, or if you're interested in partnering with NetMagic Systems to address the resolution of these problems for your clients, please visit The Solution or Contact Us.