The replacement of Optus’ manual staff password management with a self-service reset has lowered the security risk of staff sharing passwords and reduced IT helpdesk costs by 60 per cent, according to Optus group information security manager, Siva Sivasubramanian.
He was speaking at a CA Technologies World Expo 2011 case study session in Sydney.
Sivasubramanian said under the old manual system about 1500 local employees requested domain password resets per month. Each took helpdesk staff a minimum of 15 minutes to reset.
The problem cost the company $300,000 per year in productivity and helpdesk costs, and offshore staff and outsourcers had to deal with time-consuming resets.
“This opens up an avenue for bad behaviour. If that bad behaviour is not checked, what we have a decay of security culture. It’s no longer an operational problem, it’s a thin end of the wedge for a larger security problem,” Sivasubramanian said.
Optus countered the problem by installing CA’s Password Management rapid implementation software to 10,000 workstations in 2010.
Sivasubramanian said the self-service password management system lowered password-related helpdesk calls by 60 per cent and aimed to extend that figure to 90 per cent.
“I’m not going to throw more and more people and more and more resources into it. Let’s make it self-service,” he said.
The system, equipped with full Windows integration, enabled users who locked themselves out of their desktop to reset their own passwords after answering a series of personal verification questions.
It focused on solving four key problems: helpdesk control, cost control, user experience and regulatory compliance.
Sivasubramanian said the most important aspect in the process was the partnership between the vendor and the service provider.
“It is not the product that makes the difference. Products will always evolve and reach maturity over a period of time. But it is the relationship with the vendor or suppliers that is the most important thing,” he said.
Sivasubramanian said staff satisfaction had increased and productivity losses decreased with the implementation.
"Actual security is the responsibility of every individual in the company," he said.
The company comes under the larger umbrella of Singtel (ASX:SGT) serves about nine million customers globally, 10,000 employees in 64 Australian locations and 50 outsourced and offshore activities in Australia and Asia.