|By Srinivasan Sundara Rajan||
|September 25, 2016 10:00 AM EDT||
Reducing IT Operation Costs with Windows 10 Hello for Business
The newer Windows 10 devices with the Hello extensions are definitely going to have a cost implication, but in today's context in our own consumer world where every individual has access to Smartphones with advanced biometric features, why should the enterprise user continue to use the old PCs that are managed by traditional passwords? I think the cost of transformation to these devices will be worth the efficiencies in the ITIL operations as well as improved security to enterprise data. It would be useful to collect data about OEMs who have Windows 10 PCs with Biometric Hello features and the same list can be utilized by enterprises. I will write a separate article on Windows 10 devices for enterprises.
Incident Management and Passwords
Incident management, which is one of the process area of ITIL, is key for organizations to ensure that their service operations are running without impacting the business. Within the incident management there are two major triggers, known as Incidents (unplanned disruption to the service operations) and Service Requests (formal requests from end users for IT Services). Also in the ITIL/ITSM world the term Ticket is used for the method of initiation of a request from the user community to the IT department.
Without getting much into the classic definitions of ITIL, from the definitions above, it is easy to think that as an IT department, our goal is to minimize the effort spent on incident management be it Incidents or Service Requests, so that IT department spends a lower cost on operations while also concentrating more on the innovation.
Over the years, organizations have tried multiple options to reduce the incidents and service requests, one method they adopt is "Automation" and most times they also resort to "Self Service". Automation basically prevents manual effort on incidents and solves it with machines and self-service is more about letting the end users to solve the "Service Request" by themselves.
However, if you really think of the above two approaches, they don't prevent the issue at the source rather provide an efficient way to solve them. More and more organizations would like to prevent the issue at the source, so that they don't occur in the first place.
From the analysis of the Incident database from several organizations, it is found that the nearly 40% of Incidents/Service Requests are password related and most times IT departments take a minimum of 30 minutes and more to solve that issue. So if we really look this from a lost productivity angle of both IT department and end users this problem is not small as it looks.
While the traditional methods of self-service password management will continue to have value, the next generation end user management should go towards password less operations. Let us get into some directions from Windows 10 enabled features in this direction.
Windows 10 Features for Password Elimination
Windows 10 which recently had an anniversary update, has come up with some new features which needed some introduction.
Windows 10 Hello
In Windows 10, Hello replaces passwords. Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Hello provides a layer of protection by being unique to the device on which it is set up. The biometric data used to support Windows Hello is stored on the local device only. It doesn't roam and is never sent to external devices or servers.
Windows Hello for Business (Formerly Known as Microsoft Passport for Work)
Windows Hello for Business, which is configured by Group Policy or MDM policy, uses key-based or certificate-based authentication. In Windows 10, the Windows Hello for Business (formerly known as Microsoft Passport for Work) feature can replace passwords with strong two-factor authentication that combines an enrolled device with a PIN or biometric (fingerprint or facial recognition) user input to sign in.
TPM (Hardware Chip)
Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. Microsoft Hello For Business takes the PIN or biometric information from Windows Hello , and uses this information to have the TPM-chip generate a set of public-private keys.
Azure Active Directory & AD Join for Windows 10
Azure Active Directory (Azure AD) is Microsoft's multi-tenant cloud based directory and identity management service. Azure Active Directory Join (Azure AD Join) is the functionality that registers a company-owned device in Azure Active Directory to enable centralized management of the device. I have covered in detail about Azure AD Join for Windows 10 in my earlier article.
Azure AD SSO (Application Access)
Azure AD enables easy integration to many of today's popular SaaS applications; it provides identity and access management, and enables users to single sign-on to applications directly, or discover and launch them from a portal such as Office 365 or the Azure AD access panel.
The above are just brief explanation of the mentioned technologies, detailed explanation of them are available on the Microsoft website.
Blueprint of a Password Less Enterprise
Powered by Windows 10 features (Hello for Business) & Azure Active Directory (AD Join, SSO), an enterprise can transform into a password less enterprise, which is not only secure but the associated IT Operations will also be lean and efficient.
The below diagram gives a blueprint of the same.
The newer Windows 10 devices with the Hello extensions will definitely going to have a cost implication, but in today's context in our own Consumer world every individual has got access to Smartphones with advanced biometric features, why should the enterprise user continue to use the old PCs which are managed by traditional passwords ? I think the cost of transformation to these devices will worth the efficiencies in the ITIL operations as well as improved security to enterprise data. It would be useful to collect data about OEMs who have windows10 PCs with Biometric Hello features and the same list can be utilized by enterprises. I will write a separate article on Windows 10 devices for enterprises.
- Java EE 7 and Cloud Computing
- Cloud Computing Reference Architecture – Review of the Big Three
- Windows Azure vs VMware vFabric
- PaaS: .NET vs Java EE
- Using Amazon Elastic MapReduce in the Automotive Industry
- Five Factors to Influence Cloud Adoption – The Pros and Cons
- Dynamic Scaling and Elasticity - Windows Azure vs Amazon EC2
- Cloud Analytics - The Big Four Offerings
- Enterprise Java EE PaaS - OpenShift vs Google App Engine for Java
- Challenges and Solutions for the Health Care Industry in Cloud Computing