How to Get Bang for the Buck Out of Your Self-Service Password Management Solution

How to Get Bang for the Buck Out of Your Self-Service Password Management Solution

Reduce costs by enabling business users.

One of the biggest bang-for-your-buck purchases in the security world is still an enterprise-class self-service password management software solution, yet many organizations are still struggling with the volume of password-related service desk tickets even with a self-service password management solution installed. The problem in most situations boils down to two issues:

1. The solution deployed is immature, not intuitive or lacking features needed by your organization.

2. The self-service password management solution was not configured and deployed with the user community in mind.

Self-service is a wonderful thing if it is implemented effectively with the appropriate amount of organizational change management embedded in the project. However, not all self-service implementations go as planned primarily because people and cultures are all unique.

A dated example I like to give relating to self-service quirks dates back to the beginning of pay-at-the-pump gas stations. At the time, I was a passenger in a car and the driver desperately needed to get gas. He passed up three or four gas stations just because they did not have pay-at-the-pump credit card interfaces. Finally, he found a station that would take his credit card at the pump and he filled his tank. I then watched as he put the nozzle back and proceeded to walk into the gas station to buy some soda and snacks–in my mind erasing most of the benefit of the self-service actions! He was willing to risk running out of gas to find a self-service pump even though he always planned on going into the station to buy snacks. The moral of the story…

People will ultimately pick and choose the self-service options they desire to use, so you need to make sure they find value in your self-service solutions.

This brings me back to the #1 issue above relating to deploying the wrong solution. Just because a technology offers self-service capabilities doesn’t mean people will prefer to use it vs. calling the help desk. A self-service password management solution is no exception. The interface must be clean, communications must be well worded and it should ultimately solve your users’ password problems as quickly as possible. If you have the wrong solution, no amount of awareness will dramatically increase its utilization.

Added features such as password synchronization across a multitude of systems will also help convince your users to use the tool because then it addresses more than just a single password issue. Ultimately, a self-service password management solution should provide capabilities to address branding, connectivity to a variety of systems, communication customizations, password policy enforcement and other value-add features that help them understand their password-related issues such as the status of all their system accounts (i.e. are they locked out, passwords expired, etc.).

Once you have selected a robust solution, you still need to address item #2 above. A wealth of features definitely helps, but if you do not optimize the solution to your environment you may still alienate your users. A big mistake is using out-of-box messaging for all alerts and web pages tied to the password management software. Take the time to customize the messages so they make sense to your user community. Reminding them about your organization’s password and security policies at the time they are changing their password or unlocking their account will make things easier for them. Be sure to put your custom branding and messaging through user acceptance testing similar to how you would put the software itself through user acceptance testing to ensure there is no confusion.

Robust self-service password management software will help dramatically, but you still need to deploy it properly with the correct options enabled. By doing this, hopefully you will persuade people to actually embrace the “Self” component of self-service.

Follow Ryan Ward on Twitter at

To learn more about Avatier’s self-service password management and user provisioning identity management solutions watch the Gwinnett Medical Center customer case study.

Top 10 Password Management Best Practices -- The proven working guide for successful implementation.Get Your Free Top 10 Password Management Best Practices Guide

Learn the Top 10 Password Management Best Practices for successful implementations from industry experts. Use this guide to sidestep the challenges that typically derail enterprise password management projects.

Request the Workbook

Written by Ryan Ward

Ryan Ward is CISO at Avatier, responsible for security initiatives as well as strategic direction of IAM and security products. A sixteen-year veteran of the security industry, Ward comes to Avatier after five years with MillerCoors where he served as Enterprise Security Manager of the brewing company and USA Information Security Officer for the public company SABMiller. In those positions Ward was responsible for all Information Security initiatives for MillerCoors. Prior to MillerCoors, he served as Senior Information Security Leader at Perot Systems while supporting the Wolters Kluwer account. He previously held the position of Vice President of Information Systems for Allscripts.Ryan is also a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP).