Self-service passwords cuts costs for Optus

Optus has deployed a self-service password management system to address 1500 reset requests from its employees and contractors each month.

The Singtel subsidiary had about 10,000 employees in 64 Australian locations, and 50 outsourced vendor locations in Australia and Asia.

According to group information security manager Siva Sivasubramanian, workers’ domain password reset requests generated $300,000 a year in productivity and helpdesk costs.

Prior to the self-service deployment, local employees who were locked out of their accounts took at least 15 minutes to have their passwords reset by helpdesk staff.

Resets took longer for offshore staff and outsourcers.

“The operational spread poses a particularly challenging security landscape for us,” Sivasubramanian told the CA World Expo in Sydney.

Besides productivity and helpdesk costs, Optus was concerned that the time it took to reset passwords would prompt employees – particularly contact centre staff with challenging performance targets – to share log-in details.

The Australian Privacy Commissioner criticised Optus' competitor Vodafone in February for its use of shared log-in details in retail stores and dealerships.

“If you’re … trying to measure a person’s productivity based on the number of [customer] calls [they resolve], even a 15-minute lag per person has a telling impact on the operation,” Sivasubramanian said.

“This opens up an avenue for bad behaviour. Guys will be either sharing passwords, or their managers will force them to use someone else’s password so as to get the ball rolling.

“Today, they will be sharing passwords; tomorrow they will be doing something [else]. It is no longer an operational problem; this is a thin end of the wedge of a wider security problem.”

Since deploying CA’s Password Management software to 10,000 workstations last year, Sivasubramanian reported reducing password-related helpdesk calls by 60 percent.

The software allowed users to define ten questions and answers, of which three would be used for authentication when they requested a password reset.

Sivasubramanian said the project was driven by user demand, in line with his view that security was a product of people and processes first, and technology last.

“Staff satisfaction has increased and the productivity losses have fallen,” he said, adding that Optus hoped to reduce password-related helpdesk calls by a total of 90 percent in coming months.

“People are no longer whinging and wailing that they have been locked out; they simply go into this thing, click a link, and a few seconds later, they are back in business.”