Friday, September 7, 2012

Allow the helpdesk focus on more important issues than simple password resets

Using a username and password to log on to applications and systems is a common method of authentication. Various laws and regulations in the healthcare industry require that access security is tightened and that passwords meet certain complexity requirements such as minimum length, use of special characters, use of an uppercase letter, etc. In addition, a frequent requirement is for passwords to be changed after a certain period of time has elapsed. With the introduction of complex passwords, it is often difficult for employees to remember their Active Directory password, especially after a vacation. This leads to a significant increase in the number of password reset calls to the helpdesk.
On average, 25% of the calls to a helpdesk are estimated to be password-related, such as resetting forgotten passwords. The IT staff is burdened with resolving these calls, resulting in an increased administrative load for the IT department. At the same moment, the end-user also loses productive time because he or she is locked out of the network temporarily. Wouldn’t it be great if the IT department was less burdened with their duties and could focus on resolving more critical calls?

Improvement of password management
South County Hospital, a 100 bed, 1,200 employee acute care hospital located in Wakefield, Rhode Island, was facing this exact problem. The hospital’s helpdesk was averaging between 20 to 25 password resets a month, each requiring about half an hour to complete due to the arduous process of receiving the call, placing a work order, resetting the password and then contacting the users, most of whom are busy clinicians.

With a focus on lean management, and an effort to make processes as efficient as possible, the hospital began to look for ways to improve password management and reduce the number of support calls to the helpdesk. By improving this process, the hospital also wanted to enhance the user’s experience so users did not have to wait on the process and could easily reset their own passwords to get on with their jobs.

When looking for a vendor with a solution to their password management issues, Tools4ever was a front runner as South County had previous experience utilizing another of their products, RealLastLogon. Tools4ever’s Self Service Reset Password Manager (SSRPM) was able to resolve all of the password reset issues in their environment and integrate with their Outlook web access page, a top priority at the hospital. SSRPM was also capable of integrating with Meditech, the hospital information system, to synchronize the password resets.

Self service password reset
With SSRPM, users can always reset their password and will no longer depend on the operating hours of the service desk or helpdesk. Before resetting the password, it is critical that users identify themselves by answering a few personal challenge questions. This is safer than the current method where it is possible for the user to call the helpdesk and can claim to be someone else. On the Windows login screen a new button is added, "Forgot My Password" which the end user can click if the password is forgotten. By answering a challenge questions such as, "What is my mother’s maiden name?” the user can identify themself and securely reset their password.

The helpdesk can also directly ask personal questions to identify a caller. The helpdesk employee does not see the full answers but, for example only the second and last character of the answer to positively identify the caller.

When entering the new password the end user is required to comply with the password complexity requirements of the organization. While entering the password the complexity rules that are met are flagged with a green check. For example: "Minimum password length of 10 characters: OK". There are no longer the cryptic error messages.

Besides the possibility of identifying the user by answering personal questions, Advanced Authentication is also possible, via enhanced authentication including email and SMS authentication. This means in addition to  the regular questions that need to be answered,  there is an an additional question of  "What is the PIN code you just received on your cell phone?". This form of authentication is referred to as two-factor authentication; something you know (answers) and something you have such as a mobile phone.

Easily customize and integrate with systems
South County implemented SSRPM in their environment and were able to integrate the solution with all of the applications at the hospital. SSRPM is set up to work with three different technologies at the hospital; Outlook Web Access for email, the standard Windows credential provider when logging onto to the computer, as well as web access for people working outside the network. The hospital was also able to modify the security questions which users would be asked when resetting their passwords. “The ability to choose questions that have an answer that only the user would know, yet are easy to remember, is important”, said Ken Hedglen, Information Technology Manager at South County Hospital.

With SSRPM, South County’s users no longer need to spend precious time contacting the helpdesk and waiting for a reply to their password reset request. They are now able to answer a series of security questions and quickly reset their own password. The hospital liked that they did not need to provide any training on the product due to it being self-explanatory. “Any system that we implement that we don’t hear anything about after the fact is good, because no news is good news when it comes to systems” said Hedglen. SSRPM has also been beneficial to the helpdesk as they can handle other types of work orders. “The helpdesk can now focus on more important issues rather than simple password resets and are much more productive.”


For more information on Tools4ever solutions, please visit our website.

No comments:

Post a Comment