When it comes to multi-user corporate password management, even the big boys miss the mark. You’d be surprised at how many sophisticated, large scale companies store administrative passwords for servers, network switches and routers on an Excel spreadsheet in a “secure” folder where members of the IT staff can access them as needed.
You trust your employees, keep good records, store your information safely and have never experienced a significant breach. Why fix what isnpt broken?
Companies cling to outdated, deficient protocols that not only drag on IT efficiency but also compromise network security for a variety of reasons. They sit on their hands around automating corporate password management because they are lulled into a false sense of security and hindered by organizational resistance to change and priorities considered more important.
The problem with this scenario is that you’re a sitting duck for a security breach. And, if and when you do have a problem, you look like someone who doesn’t know the basics.
So what are the top 5 stumbling blocks and how do you overcome them?
1) It costs too much. Actually, if you select the right solution, you save money and improve efficiency. When you consider that a host of recent studies confirm that “password reset” is the #1 reason that users call the IT help desk across organizations, you’re already investing a whole lot of seemingly “invisible” time and money into servicing these requests and unwittingly creating an organizational bottleneck. If you can eliminate this resource drain by implementing self-service password management, the solution quickly pays for itself.
2) It takes too long to implement. Your reservations associated with a lengthy password management implementation are well-founded. So are you concerns about project failure. Your stakeholders and decision makers will undoubtedly ask about what resources are required to install the solution and how long it will take to get it up and running. Make sure that the solution you select won’t take months and a glut of person-hours to implement. Ideally, the solution you select should be ready to go in just a few weeks so that you immediately reap the rewards of your investment.
3) It doesn’t cover all the bases. It’s true that not all applications are created equal and that you need to conduct your due diligence on the efficacy of the solution that you select. It’s important to take the time to carefully evaluate your needs and vulnerabilities before you commit to an automated corporate password management system. Your solution should be flexible enough that it can scale with your organization. It should include mobile identity management capabilities for user provisioning, access governance, and IT risk management making information security part of your operational workflow.
4) It’s inconvenient for our staff. It’s pointless to go to the trouble of researching, vetting, selecting and paying for a corporate password management system that your staff won’t use. IT veterans know that users will pursue the easiest and quickest path for help. Therefore, if your solution requires significant time and effort to master, your people won’t use it — they’ll just continue to call the help desk. Make sure that your corporate password management system features multiple options for password resets and to unlock accounts. Password management options for self-service password resets include the web, voice recognition, biometrics, phone PIN, dedicated kiosks and virtually any form of two-factor authentication available.
5) It won’t measurably improve our security profile. Here’s the thing about network security — it’s as vulnerable to threats from inside as it is from the outside. And while there’s no way to fully insulate your organization from maliciousness and negligence from within your walls, there are a host of measures you can put in place to prevent problems and to detect vulnerabilities early before they grow to a full-scale information security breach. By proactively addressing the threats from within through the automated enforcement of corporate password management policies, you significantly improve your enterprise risk management security profile.
Watch the video to see how senior security analysts at Gwinnett Medical Center discuss their active directory password reset success:
Learn the Top 10 Password Management Best Practices for successful implementations from industry experts. Use this guide to sidestep the challenges that typically derail enterprise password management projects.