Security Watch: Delegating the Problem
- 04 September, 2003 09:33
I was standing in the Data Centre of a large Australian organisation recently and on a suspended television was the helpdesk manager telling staff about some new initiatives that would make support quicker and more effective. One of these initiatives was enabling the helpdesk to reset passwords far more rapidly than ever before, reducing customer wait times and increasing satisfaction.
This instantly reminded me of an example I came across a few years ago. An insurance company had outsourced their IT operation to one of the large outsourcers. Included in this deal was the helpdesk and support facility. In order to reduce wait times, the outsourcer had a policy of accepting password change requests and simply calling the user back as identity verification.
I decided to test this. One cold Monday, on a day I knew the CIO was out of the country, I sneaked into his office and phoned the helpdesk. “I’ve forgotten my password” I said. The kind helpdesk operator on the end of the line took my name (that of the CIO) and said she would call me back as a security precaution. She called back, I answered the phone and within ten minutes was logging on as the CIO.
Analysis of helpdesk logs for this particular organisation showed that over 70 per cent of helpdesk issues concerned passwords and authentication. In order to solve this and create a dramatic cost reduction, an innovative approach was required. The decision was made to delegate this administration back down to the business.
In each business area, an individual was assigned the role of LAN Support Coordinator. This individual was granted the rights to administer passwords through Windows 2000 Active Directory. After a short one hour course on password administration, the organisation had an army of individuals with the skills and ability to manage the users in their local area.
Now, instead of asking the helpdesk, users with password issues could approach a team member and ask for a password reset. This individual would verify that they were the person they said they were, as they knew all of them personally.
The benefits of this were twofold. Firstly, the speed to resolve these issues was dramatically increased, and the cost to the organisation was reduced. There was still a cost associated with this operation, however it was now owned by the business and not by IT. Secondly the security of the entire IT infrastructure was increased. IT now had a way of personally verifying the identity of everyone requesting a password reset, a much more secure way of running an infrastructure.
Delegated administration is one of the numerous advantages given by directory based management of an IT infrastructure. In this case it increased overall security while simultaneously reducing costs. It is key that security executives are conversant with benefits offered by the latest technology, for not only can cost benefits be achieved but also dramatic increases in overall security.
Pushing IT administration back to the business can dramatically reduce costs, ensure that user directory data is more accurate, increase security and relieve the load on overburdened IT departments. The organisations who have successfully implemented such solutions have reaped huge benefits. It should surely be something to investigate this year!
Nick Beaugeard has been an IT consultant for the last 12 years, focusing on delivering enterprisewide systems management solutions to large global organisations across four continents. Beaugeard is a principal of the Bellerephon group, an Australian company targeted at delivering end to end systems management solutions to large organisations. He can be reached via e-mail at firstname.lastname@example.org.