The Business Challenge
In the fiercely competitive hospitality industry, the inability to complete a sale can affect a company’s ability to be successful on the world stage. Yet, increasingly sophisticated types of passwords designed to thwart identity thieves are, ironically, locking out agents and customer service representatives as well. Such was the case at the 3,900-employee Hilton Grand Vacations Company (HGV), where password resets and locked accounts topped 60 percent of all helpdesk requests by late 2006.
Exacerbating matters was HGV’s global reach, which includes more than 50 locations scattered worldwide. “Although regular IT helpdesk support is from 8 A.M. to 11 P.M. Eastern Time, we’re really on call 24/7,” explains Rich Jackson, vice president of technology operations for HGV. “The combination of multiple time zones, cultures, and customs could slow overseas offices to a crawl and certainly lead to support challenges.”
Since Jackson had centralized the Orlando-based company’s support functions, he saw the mushrooming resets as a bottom-line threat. “We operate with the philosophy that our helpdesk is the ‘tip of the spear,’ and we work to build a strong customer-centric culture. Obviously the ability to eliminate 2,000 or so password resets a month would give us more time to focus on higher-level work for our customers,” says Jackson. “So we needed a password solution that was not only elegant and simple, but also that truly solved our problem – we weren’t interested in just applying a Band-Aid.”
“In addition, efficiency is key at rapidly growing, fast-paced companies like HGV,” continues Jackson. “In fact, some days we schedule time to breathe around here,” he jokes. “This meant that a churn-free implementation and administration was also important because anything that’s unnecessarily complicated creates more problems than it solves. We can’t afford to dedicate one individual just to sign-on. We needed a solution that required virtually no tweaking, tuning, or babysitting – period.
HGV researched options by Citrix, Novell, and Sun, but OneSign® proved to be the clear winner. “The Imprivata solution didn’t just meet our requirements, it actually exceeded our expectations,” Jackson says. “A very impressive feature was the solution’s granularity. For our purposes, the choice was very clear.”
Imprivata also scored well in heterogeneous environments. “We run Windows, UNIX, Solaris, and Linux in our main data center, with many VPN tunnels,” Jackson says. “And we virtualize extensively with VMware as an integral part of our strategy. Therefore, password complexity rules can vary according to operating system and application, plus there are different aging rules. OneSign transparently manages all of these variables and users only needed to know a single logon.”
Jackson asked for a demo unit. “We kept looking for issues and challenges,” continues Jackson. “However, the demo appliance passed every test we threw at it.”
HGV took the plunge. “After a contract is signed is usually when you find out whether the plate of food you’re served is really what you ordered,” Jackson notes. “But problems never materialized. OneSign is very powerful, but really simple to implement.”
After completing the rollout in August 2007, HGV began encouraging the adoption of OneSign’s self-service password resets. “Initially we considered developing an end-user training course,” Jackson says. “But there’s so little to learn that we taught our helpdesk staff to be teachers, instead. In turn, they empowered employees to reset their passwords themselves.”
The results were immediate. “During our first full month of implementation alone, resets dropped by 30 percent,” says Jackson. “Even requests from our Asian offices are decreasing as they gain confidence with the self-service culture.”
Now Jackson looks forward to leveraging OneSign’s advanced abilities to improve the security of physical and logical access. “Since OneSign compliments our existing identity badge system, we’re already planning to integrate them,” Jackson says. “And to assist with meeting payment card industry (PCI) regulations, we’ll definitely utilize the appliance’s two-factor authentication capabilities.”
Integration of physical and logical access will benefit HGV in various ways, according to Jackson. “First, the interdepartmental process of completing employment status changes, including positive ones like employee to consultant, can provide an interval where a person has unauthorized rights,” he says. “Also, if someone is badged into our facility and, concurrently, there’s an external login request, we’ll instantly know there’s an unauthorized attempt. In other words, tying rights to ID badges permits OneSign to help us thwart these types of scenarios.”
Still other benefits will come from additional efficiencies HGV expects to achieve. “We’ve gained totally unforeseen capabilities, such as the ability to track application usage and trim site licenses to match,” enthuses Jackson. “And to streamline regulatory compliance, we’ll be evaluating our current logging and reporting tools to see which ones we can eliminate due to OneSign’s built-in features and functions.”
Overall, HGV’s satisfaction couldn’t be higher, Jackson reports. “Our entire experience has been terrific,” he says. “OneSign didn’t just do what they said it would. Quite simply, OneSign worked seamlessly, right out of the gate.”