WellPoint Healthcare Networks Inc., one of the largest publicly traded health care companies in the U.S., this week will announce a deal with Courion Corp. to help put password management and identity authentication back in the hands of its 16,000 users.
WellPoint, formerly Blue Cross of California, is using Framingham, Mass.-based Courion's PasswordCourier and ProfileCourier software to reduce help desk costs associated with managing passwords and to improve security by automating password policy enforcement.
The Courion tools were deployed last month on WellPoint's network.
Passwords are the main vehicle for WellPoint's 16,000 employees to gain access to the corporate network. However, recent mergers and acquisitions, as well as a move last December from a mainframe environment to a client/server network, made password management a nightmare for employees who needed to synchronize access across multiple systems, said Tom Kiger, a data security engineer at Thousand Oaks, Calif.-based WellPoint.
"We needed a way to get them back online quicker so that they could focus on their jobs," said Kiger, adding that the company's workers are spread across 80 offices that use seven different operating systems. The use of Courion's technology offers WellPoint what Kiger called a "self-service process" that didn't force the company to lock itself into a proprietary framework.
Users access PasswordCourier through a Web browser or the Windows NT log-in prompt or via automated telephone response. The software prompts users for specific answers to secret questions that they establish and links to an encrypted database where the authentication information is stored.
WellPoint outsources its help desk functions to Verizon Communications, and the last thing it wants is to pay Bedminster, N.J.-based Verizon for each and every request made by an employee to have his password reset, said Kiger.
"[Verizon has] a lot of responsibilities outside of resetting passwords, such as supporting our daily telecommunications needs," he said.
A typical help desk request can cost anywhere from $25 to $35, claimed Tom Rose, a vice president at Courion. "The help desk employee has to challenge you to confirm your identity, log the call into the help desk system, manage audit logs and then has to go out across multiple platforms to change the password," he said.
Nancy Alter, director of IT customer support at Penn Mutual Life Insurance Co. in Horsham, Pa., said her company has been using PasswordCourier for the past three years. The software has allowed Penn Mutual's information security specialists to concentrate on strategic projects instead of the 145 to 200 requests for password resets that the company had been dealing with every month, said Alter.
"They're not in the on-demand production mode that a help desk is in, so it would take 15 to 20 minutes, and that's lost productivity," she said.
Penn Mutual plans to move to a self-service model sometime next year, Alter said. So far, the company has saved approximately $17,000 to $20,000 per year using the Courion software, she said.
Pete Lindstrom, an analyst at Hurwitz Group Inc. in Framingham, Mass., said the decision to automate the password reset process should be "a slam-dunk for any enterprise."