Until recently, it wasn't unusual for the corporate help desk at Atlanta-based SunTrust Banks to field 2,000 phone calls per month from users requesting assistance with their network passwords.
In fact, password reset queries typically ate up 11 minutes per user and amounted to between 25 percent to 27 percent of monthly help-desk call volume. The inquiries drained crucial technology support resources that could have been tackling more complex issues or projects, and dragged down the productivity of bank employees temporarily locked out of critical work systems, software and applications that only tech-support staff could access.
"Password management is a big problem in my enterprise," said Nancy Tripp, vice president of solution services at SunTrust. "People have forgotten their password, they can't change it, or they can't synchronize multiple passwords."
For IT staff, handling password reset calls is about as exciting as watching paint dry. "I could teach my 14-year-old to do password resets," Tripp said.
Aiming to cut the password reset resolution cycle and free up IT staff for more mission-critical projects-all while maintaining tight security-SunTrust decided to put the power of password management into the hands of its 27,500 employees.
"I was very interested in increasing productivity by allowing users to go into the intranet site, reset and automatically synchronize their passwords," Tripp said. "I wanted to reduce a lot of calls and work effort and man hours of my solutions center."
SunTrust brought in Courion, a Framingham, Massachusetts-based identity-management technology vendor, and integrated the company's Password Courier and Profile Courier password management systems into its network.
Password Courier is a secure, self-service password reset and synchronization system. Profile Courier is a self-service profile management system for privately maintaining personal authentication information within corporate directories.
The Courier technology automates the process that most human-assisted help desks employ today. "The premise is, instead of calling help, allow employees to securely authenticate and reset passwords themselves," said Tom Rose, vice president of marketing at Courion.
Launched at SunTrust in October, Courion's self-service identity management software has allowed SunTrust employees to manage their password profiles via a simple Web browser interface or over the phone. Once-unwieldy password reset calls that might have involved help desk staff, or even administrators of the bank's Unix and NT systems, now take one minute or less.
And in contrast to SunTrust's previous password reset process, which required users to verify a portion of their Social Security number, the Courion system employs a series of challenge-and-response questions of employees' own choosing, such as mother's maiden name, childhood friends or favorite date. These questions get encrypted and become invisible even to IT administrators.
SunTrust also chose Courion because its software integrated seamlessly with the bank's Remedy ARS service-management application. Now, when a bank employee resets a password, Remedy logs a ticket simultaneously, so that every password-reset attempt gets tracked. And should someone attempt to hack into the system, multiple password-reset requests would surface and get red-flagged.
Self-service password management is "really more secure all the way around," Rose said.
Along with improved security, SunTrust has enjoyed substantial savings. Each password reset call to a help desk costs between $20 and $30, and the average employee makes four password reset requests a year. That means a company of 20,000 employees could spend $2.5 million on password administration annually.
By switching to an automated, self-service system, the company can realize a return on investment within two years.
SunTrust's goal is to slash costly password reset calls by half. So far, 34 percent of the company's password resets involve the new Courion tools.
"We're making good progress, but not as rapidly as I like," said Tripp, adding that SunTrust wants to raise the percentage to between 75 and 80 percent by mid-year.
One hurdle to attaining that ROI, however, is changing corporate culture.
"People are highly resistant to change," Tripp said. "They perceive that it's easier to pick up the phone, talk to the solutions center, and have someone reset the password for them, rather than going to a Web site."
A requisite to achieving change is effective employee communications, through such vehicles as posters in a company's lunchroom, internal e-mails to employees, and links on the company's Web site.
So far, SunTrust has taken an aggressive approach, mailing marketing materials to employees, posting links to Courion on its home page, even producing "tattletale" reports that show when password reset calls go through to the help center.
ASSETS: $105 billion
BUSINESS CHALLENGE: Upgrade corporate password system to boost productivity, cut costs and protect security.
SOLUTION: Courion, a self-service online password management system.
KEY QUOTE: "I was very interested in increasing productivity by allowing users to go into the intranet site, reset and automatically synchronize their passwords."
-Nancy Tripp, vice president, solution services