BOOTSTRAPPING SELF-SERVICE

SOLUTIONSChallenges and Opportunities

Kevin Sullivan

Director of Sales Engineering

Specops Software

Welcome

• Kevin Sullivan

– kevin.Sullivan@specopssoft.com

– @kevsully67

• Director of Sales Engineering

• Recovering GP MVP, Musician

• Previously Principal Program Manager at Microsoft

• Technology lover – geek dad

WHOAMI

THAT WAS EASY

Agenda

• Self-Service Password Solutions

• Multi-Factor Authentication

• The Project

• Success Center

WHAT TO TALK ABOUT

Self-service Password Solutions

• Reduce Operational Costs

– Helpdesk/Service desk call volume

• Increase Operation Efficiency

– IT can focus on more pressing issues with fewer distractions

• Increase End-User Productivity

– Get back to work quicker! No one knows you forgot your password

WHAT IS YOUR GOAL

Calculate Costs

• Lots of research from Analysts– ~1.7 - 2 password related calls per year per user

– >$20.00 per call (unloaded)

– $51.00 - $147.00 per call savings (fully loaded)

• Employee lost time

• Helpdesk employee time

• Where are the hidden costs?

• Success Center– Simple and to the point

– Deeper ROI analysis available

WHAT CAN I SAVE

MULTI-FACTORAuthenticate

Who Am I?

AUTHENTICATION, AUTHORIZATION, ACCESS CONTROL

Multi-Factor Models

• You know something – knowledge factor

• You have something – possession factor

• You are something – inherence factor

AUTHENTICATION, AUTHORIZATION, ACCESS

You Know Something

• Username/Password– Complex

– Longer is Stronger

– Don’t Tell

• Challenge Questions– Press worthy exploits

– Preference vs. Fact

• Image Recognition?– Pick pictures – I’ve seen some claim this is an additional

factor – it is not

WHAT DO I KNOW?

Things to Think About

• BAD – What is your mother’s maiden name?

• GOOD – Who did you have a crush on in High School?

• Q/A GOOD

1. Q - What is your favorite color? A – Elephant

2. Q – Where is your favorite beach? A – Blue

3. Q – What is your favorite animal? A - Hawaii

CHALLENGE QUESTIONS

Some Thoughts

• When security is a goal Challenge Questions are as important as Passwords

– Needs to be taken seriously

• Users need to be able to remember answers

– Educate users with techniques

– Low cost of entry

• Answers do not need to actually ‘answer’ the question

– What is your favorite color? Cabbage!

• Not compliant with some strict regulations

– Need a second factor

TIPS – MORE AT HTTP://SUCCESS.SPECOPSSOFT.COM

How Bad do They Want In?

• In what city were you born?

– 1/3 US citizens live in the top 250 cities

• What is your favorite movie?

– http://imdb.com/chart/top

• When is your anniversary?

– Average length of marriage is 7.2 years

– 2,628 likely dates

• What is your favorite color?

– 100 common names

I WAS TOLD THERE WOULD NOT BE ANY MATH!

You Have Something

• Irrelevant without first factor (must know something and have something)

– Card/PIN – know and have

• Registered mobile number

– Most common

– Increasing in popularity

• Security Token / USB Token / Key fob

– Get’s lost

– Get’s stolen

WHAT DO I HAVE

You Are Something

• Typically refer to biometrics

• Fingerprint Readers– Some traction

• Retinal Scans– Mostly mission impossible

– Eye’s, not attached, won’t work!

• Facial Recognition– Burgeoning tech

• DNA test – this should be real popular with end-users

WHO ARE YOU – WHO-OO-ARE-YOU

Some Don’t Fit So Well

• Trusted third party– Manager Approval

• Voice Recognition– Nuance Software doing some work

• Integrated Voice Recognition (IVR)– Losing favor

– Hard to implement/manage

• Behavioral Authentication– AuthenWare – Citrix

– BehovioSec

AND A BONUS

PLAN, PLAN, PLANThe Project

Decisions – Is Self-Service For Everyone?

• Involve representation from all groups during planning

– End-users

– IT

– Executive

– Business Leaders

• Who to include/exclude?

– Privileged Accounts

– HBI/MBI/LBI data access

• Rules to meet business needs

WHO CAN USE SELF-SERVICE

Decisions – What Info to Use

• What questions to make available?

• Do I have all mobile numbers?

– What if I don’t?

• What business specific workflows exist?

WE MAY WANT TO SIT DOWN FOR THIS

Decisions – How to get the word out

• Communicate directly

• Via email

• Force enroll/register

• Public Service Announcements (PSA)

• Word-of-mouth

HOW DO YOU LET THEM KNOW

Success Center

• Templates

• Communication Plan

• Best Practices

• Success Stories

• Highlights– How do I justify m investment?

– Getting stakeholders on the same page

– Preparing the helpdesk

– What’s in it for them?

– How to achieve 100% adoption

– Make it mobile

HTTP://SUCCESS.SPECOPSSOFT.COM

Wrap-up

• Questions

• Next month?

• Send feedback

• kevin.sullivan@specopssoft.com

WHAT DOES THE FUTURE BRING?