Friday, September 4, 2015

Small business and IT problems

The IT industry seems to overlook the needs of the small business sector, instead focusing mainly on mid-sized and large organizations since they are often the ones that face the greatest number of issues with licensing, accounts and identity and access management rights, for example. Those leading the efforts of small businesses realize that they often have many of the same issues faced by larger organizations, but unlike large organizations, small businesses often do not have the staff and resources readily available to easily handle management of these tasks. Thus, these issues either go unaddressed or require more time and money spent on managing them than is necessary.

Similar Password Issues
One of main issues large and small businesses have in common are password management for their employees. Smaller organizations, just like larger corporations, have to access many systems and applications to perform their jobs. For example, think of a credit union. Employees there need to access several different financial systems to assist their customers. Entering credentials for each of these systems is time consuming, not to mention very difficult to remember. Hence, the reason why many employees tend to write down user credentials and keep them close at hand.

Additionally, just like employees in larger organizations, they often get locked out of their accounts and need to frequently reset their passwords. Often this is time consuming since they need to contact someone to do it for them. When a customer has to wait for an employee to reset their password this can be a huge annoyance and decrease customer satisfaction. 

To make these password issues even more difficult, small businesses often need to do more with less. In most case, the small businesses that I consulted and worked with don’t have an extensive budget to fix IT infrastructure or implement large, enterprise solutions to manage their processes. Instead, they need to find ways to be more efficient without breaking the bank; sometimes small business owners Frankenstein systems for the results they seek. This can often be difficult, though, since many password solutions are aimed at big business, and the thousands of employees that they have.

Additionally, small businesses compared to larger organizations often have very small IT or no departments. Sometimes only one or two people; sometime just themselves throw into everything else they must manage in their business’ daily lives. When an employee forgets their password or is locked out of an application they need to go through the process of resetting their passwords. If there is a help desk or IT department, having them focus on password resets can take away valuable time to focus on other issues. Even worse, if this issue occurs after business hours there may be no one to resolve the issue.

Case in point
Needham Bank in Needham, Massachusetts, is a private bank with fewer than 170 employees. Team members there need access to several different systems and applications to properly assist customers.
“Employees became frustrated at the number of disparate passwords they had, and the frequency they would have to enter the user names and passwords,” said James Gordon, vice president of information technology at the Bank.

It was also frustrating when employees had to stop what they were doing to contact the help desk and reset their password when they were locked out. Customers also became frustrated, as they had to wait for bank employees to sign into each application separately, which was time consuming.
To resolve its issues, Needham Bank implemented both a single sign-on solution (SSO) and a self-service password reset solution. SSO allows the organization to use a single set of credentials for all systems and applications needed to access and to help customers. The password reset solution allows employees to reset their own password without having to contact the help desk. Team members simply answer several security questions, which they previously provided answers for during initial enrollment, and are able to securely reset their own password.

Solutions such as these can assist small businesses with their access and identity management issues without them needing to spend big dollars on large, enterprise solutions that were not designed for them. Password management alone can have a huge effect on business for both large and small companies, which is why it is important to resolve the issues in the most appropriate way for the size of the organization.

For more information, please visit our website: www.tools4ever.com 


Friday, August 28, 2015

Self-Service Reset Password Solutions: Issues Addressed and Problems Solved

You're thinking about implementing a self-service reset password solution, but you are not quite sure if it is worth it or if it will benefit your organization. The following checklist provides an easy overview of issues you might face, as well as provides solutions to how a password reset solution can easily solve these issues in addition to saving you time and money. 

First, take a look at the following checklist. Following that we'll dig into some of the specific issues organizations face and how self-service reset password solutions address these problems. First, though, does your organization face many or all of these issues? 
  • Large percent of calls to your help desk is for password resets
  • Employees working off hours or in different time zones
  • Employees wasting time/productivity waiting for a password reset from the help desk
  • Your employees work with customers or patients, and their work is time sensitive
  • Password resets that need to be performed in many different systems and applications
  • Many of your employees work outside of the network and still need password resets
  • Your organization requires complex passwords, which many of your employees forget
If you have a number of these issues, you may be overwhelmed by the level of responsibility required for managing your manual processes; specifically, related to the management of resetting and serving access to employee's systems.

That said, here are a number of issues your peers may be facing because they are not effectively addressing self-service access issues: 

Your Helpdesk Receives Too Many Password Calls
On average, 25 percent of the calls to a help desk are estimated to be password related, like resetting employees' forgotten passwords. At some organizations this number is even higher, of course. Though password resets are an easy problem for the help desk to solve, when there are many of these types of calls a day, this becomes time consuming for staff. This also may require additional staff for an organization that has many employees resetting passwords. If your organization's help desk calls are a large percent for password resets, a self-service password reset solution can easily and drastically reduce the amount of calls by up to 90 percent. This allows help desk staff to focus on other, more important, issues. In some cases, these solutions also decreases the amount of staff needed. 

Multiple Locations or Working in Different Time Zones
Some large or multi-located organizations have offices or employees across several regions, and many times their help desks are located only at their headquarters. Other companies have employees or users who need access to systems and applications outside the operational hours of the help desk. Take, for example, a school whose students need to access an application after school hours to complete their homework. If they need to reset their password after school then they are unable to contact the help desk. 

This can also be a problem for other types of organizations, such as banks or hospitals, which might not have a 24/7 help desk staff. If employees forget their passwords or are locked out of their accounts on weekends or after the hours of the help desk then they are not able to reset their passwords and access the systems or applications that they need. 

Time Spent on Waiting for a Password Reset
In many organizations the process of resetting a password is time consuming. The employee has to contact the help desk, who then places a work order, resets the password then contacts the users back. This process can take up to half an hour or more, during which the employee cannot complete their work. With a self-service reset password solution employees can be more productive and not waste time on simple issues like password resets. They can proactively reset their own password and continue with their work. 

Your Employees Work with Customers or Patients on Time-sensitive Issues
In many circumstances, it is important that your employees are able to log in quickly and access their accounts to properly serve their customers. When a customer has to wait for your employee to call the help desk and reset their password it can be an annoyance and a bad customer experience. This is extremely important in the case of care organizations where they need to quickly access systems and applications to serve their patients. In addition, other industries such as those with direct client contact, for example a bank, waiting for a password to be reset can be a huge annoyance for both the employee and customer. 

Password Resets Need to be Performed in Many Different Kinds of Systems and Applications
Organizations often use several different types of platforms, including often a variety of web applications. Employees often need to reset their passwords in many different types of applications, sometimes all at once, especially after a long break, such as summer break for schools. With a self-service password reset solution end users can reset as many passwords they need, in virtually any application or platform without having to burden the help desk. 

Many of Your Employees Work Outside of the Network and Still Need Password Resets
Many organizations have employees who work outside of the company's network, on the road or from a remote location or from home and use mobile devices. These employees often have the same issues as employees who work in the office with password resets. With a self-service password reset solution, employees can reset their password from anywhere and continue with their work. 

Your Organization Requires Complex Passwords that Many of Your Employees Forget
To ensure security of the network, organizations often require employees to use complex passwords, including using symbols and a certain number of characters. Though this can increase security, it can also lead them to forget and need to reset their password. A password reset solution can ensure that employees follow a certain password policy that follows the organizations guidelines, when they are resetting their password. 

In addition to the many issues that a self-service solution solves, there also are several additional benefits: 

Advanced Authentication
Advanced authentication in the form of two-factor authentication or SMS authentication can ensure security by requiring two forms of authentication for the user to reset their password. This will usually be an answer to a personal verification question in addition to a code sent via text message or email. This ensures that the person resetting the password is who they claim to be. 


Password resets for mobile devices
Since employees often use mobile devices, many password reset solutions have the ability to work with a web interface. This means that users who are on their cell phone or any other mobile device can also enjoy the benefits of the self-service password reset solution. 

For more information, please visit our website at: https://www.tools4ever.com/software/self-service-reset-password-management/

Friday, August 7, 2015

Health IT Savings Must Factor into ROI

No matter the industry, each time a purchase is made, business leaders always want to know what they are getting in return for their financial investment. Questions frequently asked include: “How is this going to help me?” and “What is my return on investment?” Another phrase, often uttered by “Mr. Wonderful” Kevin O’Leary from the popular show Shark Tank is, “What am I getting for my investment?”

By examining the answers to these questions, business managers and organizational leaders must ensure that their budget is being adhered to and that purchases by the organization are considered, or proven, not to be a “waste” of money.” Often, return on investment (ROI) is a combination of both “hard” and “soft” costs and savings, which can often be difficult to determine. The “hard” cost is easy to define: What am I spending now versus what will I be spending on a different product, solution or system, or by doing nothing? Alternately, how is this solution going to allow me to save money in the long run? In this scenario – “hard” costs and savings — there is a definitive dollar figure that is able to be applied to implementing a solution.

“Soft” savings are a bit more of a complex issue; they are more difficult to determine and to document. For example, time and labor saved, or stress saved by employees completing a task that takes 10 minutes versus 35 minutes are soft savings. Soft savings also might be seen in improvements in customer service or in the customer experience. It is difficult to put a dollar amount on these scenarios and improvements, but they do impact a business, its success and its financial performance.

Time is money, of course, but in the case of healthcare perhaps it’s more fitting to say that “time is life.” This savings equates to valuable potential life-saving time, as we well know, and, in turn, improves patient care. As healthcare organizations seek ways to allow clinicians the ability to focus more on patients rather than on information technology, there are some solutions available — many that that are often overlooked that allow them to reach their goals. Some of these technology solutions provide a direct correlation between a physician’s ability to enter an information system, retrieve or enter information and get back to focusing on patient care. Essentially, with these types of solutions, like access and identity management, physicians can get back to work more quickly and their interaction with the technology is reduced.

Because of proven soft savings, most health executives are able to justify some expenses related to hard dollar investment for these types of solutions. For example, access management solutions allow IT leaders the ability to automate account management processes – accessing system information, resetting passwords and ensuring proper access to proper individuals — rather than requiring hospital system admin employees to provision, delete and manage employee’s accounts. Thus, these employees can focus on more important issues and devote time to higher priorities.

In healthcare specifically, identity and access management software plays a key role in optimizing “hard” costs. They reduce costs by automating the user account lifecycle, allowing accounts to be quickly provisioned for clinicians or account changes to easily be made so that they have access to what they need, when they need it. Other password management solutions, such as single sign-on, further allow clinicians to easily move from room to room without needing to enter separate credentials for each application repeatedly each time they switch computers or workstations.


Therefore, when thinking of making a decision to purchase new IT solutions, healthcare leaders should keep in mind questions like, “How is this going to help me?” and “What is my return on investment?” At the same time, they also need to remember to keep soft dollar savings in mind.

For more information, please visit our website: https://www.tools4ever.com/industries/healthcare/ 

Friday, July 31, 2015

Wild Ways people Remember Passwords

Everyone has done it, used some kind of wild way to remember user names and passwords. Let’s face it, the rules for managing passwords is overwhelming. People are required to remember numerous sets of credentials for all of the systems and applications they need to access their job and personal life, but it’s often too difficult to remember them all.

In addition, passwords often are required to be complex with several different symbols and characters, and they often need to be changed every month or so. Given all of the rules and parameters, how is anyone supposed to keep track, and remember, all of this information on top of all the work they need to complete, PIN codes they need to recall and every other detail that takes up much needed bandwidth?

How do most people remember their passwords? Chances are they keep all of their pass codes in some type of non-secure method to remember them. Given my line of work with clients facing complex password issues, I’ve witnessed many wild ways in which end users use to remember passwords. Frighteningly so, some people even believe that their methods for password “storage” are safe and don’t realize that they are actually putting their organizations at risk.

Though organizational leaders may think that requiring employees to use complex passwords that get changed often is making their network secure, reality is this is often counterintuitive and leads employees to user non-secure methods.

Here are just some of wildest ways I’ve seen people store their passwords:
  1. Since employees feel they have to constantly login, many folks keep their credentials in front of them, written on Post-It notes, pasted to their computer screen in plain sight of passersby. That just makes it a lot easier for hackers to gain access to critical information.
  2. Some people think that if they hide their passwords, this will keep their information more secure. Many employees, however, actually keep their password sheets in their desk drawer or under their keyboards, falsely assuming no one will just open the drawer or move the keyboard and take a peek.
  3. Recently, one of our employees visited the doctor’s office and saw that the receptionist actually had her passwords listed on a recipe card atop the desk next to her monitor in clear view of everyone coming and going. Next to that card were instructions – step by step — for accessing all of her accounts.
  4. Some people even use an invention that they believe is helping them keep their passwords safe: A type of notebook that looks like a phone book allowing them to write down their passwords and organize them. Sure, this is good for organization, but what happens when someone finds the notebook and has access to all of the credentials?
Chances are, many employees in virtually every organization use these methods, but these strategies can cause security risks for any organization. Luckily, though, there are easy ways to stop employees from using such non-secure methods.

One way is with a simple single sign-on solution. An SSO allows employees to create a single set of credentials for all of their systems and applications, eliminating the need to write down passwords or use other non-secure methods for storing their information. Employees simply log in with their credentials and thereafter are authenticated in each of their applications automatically after they are launched.


So, while it may be funny to read how employees remember their passwords, it won’t be funny when your organization faces a security breach because of it.

For more information, please visit our website.  

Friday, July 24, 2015

Opening up your Data to Customers and Partners

Where IT previously catered to internal employees needing access to information inside the company network, many organizations now find themselves in the preliminary stages of sharing information from their company networks with external clients. A wholesaler, for example, may offer clients a portal where they can view inventory and order status, their customer details, and outstanding invoices.
Ensuring the safe exchange of information to third parties is a whole other issue, as is the process of letting users authenticate themselves. However, the process is usually simple and easily managed, in most cases, automatically. 

Identity Providers
In addition to providing access to employees, organizations are also becoming identity providers for external customers needing access to business information stored in the company network. External clients, such as a utility provider, who log in to the network, via a portal, must be able to easily authenticate themselves.

Most organizations choose to use their existing Active Directory for this authentication. After all, the Active Directory (AD) is an excellent credential store for employee user accounts.
Since most users also often have considerable AD experience, enabling optimum management and continuity, most organizations also choose to include an AD account for external customers who need to access their network. Organizations often enter into agreements with Microsoft to prevent Client Access License (CAL) fees needing to be paid unnecessarily for infrequently-used AD accounts.
A drawback of adding customers to the internal AD is that the number of accounts increases significantly.

Organizations also often realize that they must have the identity lifecycle for third party accounts fully under control. After all, if any customer can log in via the portal, this could result in potential financial damage. Thus, the organization must ensure that their AD is clean and up-to-date. All of this represents a major management burden for the IT department.
These issues can easily be solved though using an identity management solution enabling real-time user account management for external customers.

The CRM Solution as Source System
Another consequence organizations face when deciding to add third party accounts to the AD is that it involves a source system other than the one utilized for employees.

For them, the HR system is often used to create network user accounts, but customer data comes from a CRM system. More often than not, CRM systems do not contain clean and up-to-date information, making them problematic to use as a source system for user accounts. If organizations want to act as identity provider for external customers, this means they either need to optimize the content of their CRM, or look for another source system.


Organizations can address this problem by not populating the AD until the customers log in to the portal the first-time, enter their details and are granted access after internal validation. By creating a link between the CRM system and the AD, it is then possible to add to the customer details using information from the CRM system.

For more information, please visit our website

Friday, July 17, 2015

Hard and Soft Savings Must Factor into ROI, Especially for Health IT Solutions

No matter the industry, each time a purchase is made, business leaders always want to know what they are getting in return for their financial investment. Questions frequently asked include: “How is this going to help me?” and “What is my return on investment?” Another phrase, often uttered by “Mr. Wonderful” Kevin O’Leary from the popular show Shark Tank is, “What am I getting for my investment?”

By examining the answers to these questions, business managers and organizational leaders must ensure that their budget is being adhered to and that purchases by the organization are considered, or proven, not to be a “waste” of money.” Often, return on investment (ROI) is a combination of both “hard” and “soft” costs and savings, which can often be difficult to determine. The “hard” cost is easy to define: What am I spending now versus what will I be spending on a different product, solution or system, or by doing nothing? Alternately, how is this solution going to allow me to save money in the long run? In this scenario – “hard” costs and savings — there is a definitive dollar figure that is able to be applied to implementing a solution.

“Soft” savings are a bit more of a complex issue; they are more difficult to determine and to document. For example, time and labor saved, or stress saved by employees completing a task that takes 10 minutes versus 35 minutes are soft savings. Soft savings also might be seen in improvements in customer service or in the customer experience. It is difficult to put a dollar amount on these scenarios and improvements, but they do impact a business, its success and its financial performance.
Time is money, of course, but in the case of healthcare perhaps it’s more fitting to say that “time is life.” This savings equates to valuable potential life-saving time, as we well know, and, in turn, improves patient care. As healthcare organizations seek ways to allow clinicians the ability to focus more on patients rather than on information technology, there are some solutions available — many that that are often overlooked that allow them to reach their goals. Some of these technology solutions provide a direct correlation between a physician’s ability to enter an information system, retrieve or enter information and get back to focusing on patient care. Essentially, with these types of solutions, like access and identity management, physicians can get back to work more quickly and their interaction with the technology is reduced.

Because of proven soft savings, most health executives are able to justify some expenses related to hard dollar investment for these types of solutions. For example, access management solutions allow IT leaders the ability to automate account management processes – accessing system information, resetting passwords and ensuring proper access to proper individuals — rather than requiring hospital system admin employees to provision, delete and manage employee’s accounts. Thus, these employees can focus on more important issues and devote time to higher priorities.

In healthcare specifically, identity and access management software plays a key role in optimizing “hard” costs. They reduce costs by automating the user account lifecycle, allowing accounts to be quickly provisioned for clinicians or account changes to easily be made so that they have access to what they need, when they need it. Other password management solutions, such as single sign-on, further allow clinicians to easily move from room to room without needing to enter separate credentials for each application repeatedly each time they switch computers or workstations.

Therefore, when thinking of making a decision to purchase new IT solutions, healthcare leaders should keep in mind questions like, “How is this going to help me?” and “What is my return on investment?” At the same time, they also need to remember to keep soft dollar savings in mind


For more information, please visit our website

Friday, July 10, 2015

Marywood University Case Study

Marywood University has implemented Tools4ver’s User Management Resource Administrator (UMRA). Located in Scranton, Penn., with more than 3,200 undergraduate and graduate students, and several hundred staff members, professors and other employees working at the university, the school needed an efficient way to provision user accounts.

With UMRA, the account management process at Marywood University is now fully automated so that no manual action needs to be taken by the IT staff. Once a student’s information is added into the Ellucian student information system, all appropriate accounts are automatically provisioned, a Gmail account is created and a password for the portal is generated.

Before adding Tools4ever’s UMRA, “It was an extremely time consuming, labor intensive challenge to provision portal accounts and corresponding Gmail addresses,” said Anthony Spinillo, chief information officer at Marywood University.

Spinillo added, “Our help desk would field dozens of calls per day because of long turnaround time on provisioning, but with UMRA, these calls dried up. Helpdesk staff now has much more time to help students and faculty with instructional technology issues.”


Marywood University also is planning to implement Tools4ever's Self Service Reset Password Manager (SSRPM) that will allow students and staff the ability to easily and securely reset their own passwords without needing to contact the help desk. Doing so will free up more time for Marywood University’s help desk employees and allow for students to be more productive.

For more information or to read the entire case study, please visit our website.