THE BEST HELP DESK BUSINESS CASE
The business case for self-service of passwords:
Cut service desk costs for passwords with 90%
25% of all calls relate to passwords
No capital investment CAPEX needed
Short implementation time
Investment Overview Accumulated
Cost of handling passwords in the Service Desk
The main value in the help desk business case is the major savings produced by FastPass in the Service Desk, as the users will resolve nearly all password problems using self-service, and free the agent's time.
To calculate the savings, the Financial Controllers will typically use one of two methods:
Calculation based on number of password resets
Calculation based on the percentage of the total Service Desk activity
Calls to IT Service Desk (Aberdeen Group)
What are the elements in the process of password reset, and what time is involved in each step?
User contact is Initiated
SD receives incident
SD authenticates user's identity
SD changes the password
SD releases the password
SD registers the incident
SD resumes other activity
All steps involved consume time for the Service Desk employees
When the user phones, the service desk agents stop their current activity, which might take some time to resume after dealing with the call.
They start a conversation to find out what the caller wants.
They must verify the user’s identity. Some Service Desks use call back phone numbers, which have to be looked up, and contact reestablished. Others use challenge questions. It is important to understand that this element is crucial for the security of the password process and must be very thorough. Some service desks pass this too fast, with high-security risks as a consequence.
The password is then changed in the relevant system and directory. If it is in Active Directory, the Service Desk employee might have the tools and experience. However, it might be in an SAP or AS/400 system, which means the call is passed to another department. The time for this will vary between organizations, but it is often lengthy.
The desk must tell the user the new password. This process must be secure, and avoid potential misunderstanding of upper- and lower-case letters, numbers and special characters. To do this properly and securely will take time.
To keep track of incidents and the service level, the call must be logged in the Service Desk. Even if this is a standard “Quick” call, it must be done, and this takes time.
The Service Desk employee will then resume the activity that was broken off to take the call. It can take several minutes to gather thoughts and restart an activity.
The time for resetting a password varies from around 5 minutes to 1 hour for the trickiest systems and secure processes.
What is the cost of a Service Desk hour?
There are various ways to calculate the cost of the Service Desk. The most complete method includes all direct and indirect costs and a proportion of all company overheads. The costs can be calculated by totaling hardware, software, office space, and staff costs, both direct and indirect.
Next, calculate the actual number of working hours available on the Service Desk, allowing for staff training, holidays, indirect work and sickness.
Dividing the total number of hours provided by the Service Desk into the total cost of the Service Desk gives a reasonable estimate of the cost of one hour of Service Desk time.
Based on this, analysts claim that the typical cost of resetting a password ranges from $20 to $150, depending on the process and the application.
Gartner says, up to 50 percent of helpdesk inquiries are password reset/unlock requests at a cost of $22.
Forrester found that some large US organizations spend over $1 million annually for password-related costs. (Source: “Best Practices: - Selecting, Deploying, and Managing Enterprise Password Managers”, Merritt Maxim and Andras Cser, Forrester Research, January 8, 2018)
Service Level considerations
Many companies have specific Service Level Agreements with users, as ITIL proposes. Others work on an implicit service level.
For a user, a forgotten password is like System Down, and hence top priority. The user will expect top priority incidents to be acted upon immediately. There is often a peak of ‘Forgotten Passwords’ calls on a Monday morning. Unless you roster extra staff for Monday mornings, you might miss your SLA. Then you must over perform for the rest of the week, to make sure that you reach your SLA target for the whole week.
There might be seasonal peaks after holiday periods, which will require extra staff or mean missed SLAs.
With FastPass you can handle all forgotten passwords immediately, no matter the time of day or the number of concurrent problems. This makes it much easier for the Service Desk manager to plan the staffing levels, as it is no longer necessary to have extra capacity to handle extreme peaks.
Once a self-service portal is introduced, users can be expected to use this to log other types of call. This can further reduce the load on the Service Desk, reducing cost still further and improving the quality of service to meet SLAs.
In some organizations – such as Managed Service Providers (MSP) – failing to comply with the SLA may result in direct financial penalties paid to the customer. With FastPass you will fulfill the very important, top priority password requests, reducing or even eliminating penalties.
24*7 Service Desk costs
Providing a service outside normal business hours is very expensive. If the majority of out-of-hour calls are password related incidents, then FastPass might remove the need for out-of-hours staffing. If this is the case, then the savings will be substantial, and might completely justify the costs of FastPass.
Many Passwords for the same users
In large organizations, users might have many passwords to remember, perhaps 20 systems needing 20 passwords to manage and remember. If the organization has a password policy that requires the passwords to be changed every other month, then the poor user has to change 20 passwords 6 times a year – 120 password changes. This might take 4 hours at least per employee per year.
FastPass can synchronize Passwords, so the user only has to change password in one system, and then all other systems get the same password automatically. The savings of password synchronization for a large organization might be the most important savings of all.
To calculate the help desk business case, the cost of operating a self-service of a password solution is necessary.
The FastPass solution can be acquired in different ways, but for the calculation of the help desk business case, the easiest model is the cloud operation.
The price for the solution depends on variables like a total number of users and functionality. An average price per password reset done with FastPass will be around $5 per password reset / unlock.
As the cloud model is service-based, then there are no investments in software or hardware to initiate the project.
The only other substantial cost is the cost of implementation. In most cases, this will add less than $1 to the cost per password reset.
User productivity is important
Improved USER service
Users call the service desk 1-8 times a year with a forgotten password problem. It probably doesn’t matter that much if it takes 5-15 minutes. This is however not the normal situation. The user calls in Monday morning and will queue up for 20-40 minutes as all the other users are calling in too.
The user might get the problem Saturday after a long vacation or a hard weekend and will have to wait for the queue Monday morning. This means a lot to the user and the company as the user is SYSTEM DOWN until the password is reset!
A special problem is users on remote network. Here it is not possible for the service desk to reset the password at the mobile PC-cache. In that case the user is helpless and a travel to a foreign country might be totally lost, if the PC is locked! This can be solved with the right solution
Modern users with smart devices have special issues. It is not obvious for a tablet user how he can get access to resetting the password for the network (there is no ctrl-alt-del button!). They don’t receive Windows warnings that the password is about to expire. The right solution can help the user to alleviate these issues.