Getting Help Desk to Fly High

Boeing gets users to manage own passwords

Eighteen months ago, if The Boeing Co.s help desk had had radar to track incoming calls from users whod forgotten passwords, the screen would have been lit up like a Christmas tree. Why? Because a whopping 500,000 such calls a year used to get stacked up in a gridlocked holding pattern.

At what Gartner Inc. estimates as a $20-per-call cost for password resets, which often drag on for an average of 7.5 minutes and involve a long process to authenticate the user ... well, you do the math. So its not surprising that IT officials at Boeing decided not long ago that they had to do something about the clogged phone lines. The Seattle aerospace giant implemented a password management system that enables employees to securely change their own information. So far, the initiative has caused support costs to nose-dive.

"We immediately realized that there was a large productivity savings on the part of our users," said Sheri Sladek, program manager for Boeings password reset program. "By moving to self-service password resets, Boeing expects to reduce the number of support calls handled by its support organization, while improving system security and user access to business-critical applications."

Companies have long struggled with identity management as they plug in e-business systems that let users collaborate with colleagues, business partners and customers. In fact, says Gartner, in Stamford, Conn., on average, 30 percent of calls to enterprise customer support centers come from users with password problems.

Much of this will be moot if Microsoft Corp.s Windows 2000 network operating system, as promised, delivers single-sign-on capabilities, which would dispense with the scores of passwords needed by users who want to log on to separate applications. But until enterprises such as Boeing figure out how to integrate the network infrastructure with the new operating system, single sign-on remains a Holy Grail.

Thats why experts such as Peter Lindstrom, an analyst with Hurwitz Group Inc., in Framingham, Mass., say that, in the meantime, it is worthwhile for large corporations to implement an automated system to allow end users to create and manage their own user passwords. Such systems enable enterprises to tighten security, reduce support costs and ensure user privacy, Lindstrom said.

In 1998, Boeing put together an enterprise team to evaluate off-the-shelf products that would enable automated password resets. The company chose to deploy a pilot implementation at its Wichita, Kan., division using PasswordCourier, a self-service password management application, and ProfileBuilder, a personal profile management product, from Courion Corp., also of Framingham. The project went into production in December 1999. After deploying the pilot, Sladek and her team spent months gathering feedback and tracking customer satisfaction for automated password resets. Overall, employees were pleased with self-service, Sladek said.

Currently, 17,000 employees at the Wichita site use the self-service application to reset the passwords they use to log on to Boeings corporate network.

The profile and password management products interface with Boeings Remedy Corp. AR System, a help desk application; an SAP America Inc. database; mainframe security systems; Unix systems; and Windows NT and Windows 2000 for authentication.

Users receive a new password by filling out a form on their Web browsers or by calling the help desks Interactive Voice Response unit, which guides them through the reset process and authenticates valid users after they provide two key pieces of information, which Sladek declined to reveal.

"We have passwords for many different systems, so we try to make it easy by asking the employee to remember the two pieces of information to authenticate," Sladek said. "That way, even if they keep forgetting the password for the intranet, the impact is minimal."

Sladek said Boeing has had success with users remembering the two pieces of information necessary for authentication. But thats just one of many policies the company enforces for password management. For instance, even before the self-service system was installed, users were forbidden from writing authentication information on sticky notes and attaching them to monitors.

Boeing is now going full-throttle with its self-service password management initiative. The company recently began a corporatewide implementation of the password management suite for the more than 150,000 employees and contractors worldwide accessing the corporate network and the intranet. Sladek expects the deployment to be finished by the end of this quarter.

Sladek said the company is also looking into the possibility of deploying Courion beyond the operating system level and extending self-service password resets to applications such as databases, customer relationship management systems and data warehouses.

All this will lower call center costs by, potentially, millions of dollars until Boeing finishes its wide-scale deployment of Windows 2000, a date for which neither Boeing nor Microsoft could supply. With Microsoft technologists working on-site, officials at Boeing hope to implement single-sign-on capabilities using Windows 2000. However, IT managers are still trying to figure out whether single sign-on will prove possible at Boeing, Sladek said. After all, no enterprise to date has been able to build an infrastructure to it.

"Single sign-on is something every company this size looks at," Sladek said. "Whether or not the infrastructure and technology is mature enough to handle a company the size of Boeing is still undetermined."

Until single sign-on is realized, self-service password management is key to Boeings technology strategy. And even if it is a stopgap measure, nobodys complaining. After all, as Sladek said, theres nothing that says "blue skies ahead" more than cutting help desk costs.