The Ultimate User Security Case Study: Ourselves

admin-overview_01-904237-edited

We recently released an innovative new feature, Organizational Insights, that allows companies to gain insight into their organization's overall security score, fix identified vulnerabilities, and measure improvement over time.  

Since security is a top priority for us, we decided to take this feature for a spin and "turn the lights on" for ourselves to assess and improve our organization's user security score.

Turn the Lights On

The Organizational Insights dashboard highlights your organization’s overall security score in three main categories:

  • User Security
  • Application Security
  • Overall Compliance

Since we wanted insight into our organization’s password strength, we first reviewed the user security grade.

Note: We will cover Application Security and Overall Compliance in follow-up posts, so please subscribe to email updates. 

Organizational Insights dashboard

 Figure 1: Organizational Insights Dashboard

 

What is your Organization's Password G.P.A.?

The user security grade is a representation of all of your employees’ password strengths across all of their SaaS and web apps. If a user’s password does not meet certain criteria (length, mixed characters, etc.) or would not withstand a brute force attack, they will be given a low password grade.

Here was our initial User Security grade and password score breakdown:


Bitium's user security score

Figure 2: Bitium's User Security Grade

 


The "B" grade is respectable, but it revealed way too many "C" grades for our standards.  We wanted to get to the "A" grade.

We also wanted to assess what our password strength grade was for the apps we use. Here was ours:


Bitium's password score breakdown

Figure 3: Bitium's Overall Password Strength for Apps

 


Before tackling the “C” grade apps, we wanted to immediately fix the apps with  “F” grades. The dashboard is not only designed to provide insight, but it also makes it easy for you to take action.

Turn the Underachiever into an Overachiever

We improved our apps password grade in a matter of minutes.

  1. We clicked the View Apps with Weak Password Strength button to get a list of apps with an F grade.
     
  2. From that list, we clicked on each app to identify the underachievers. In our case it happened to be the Tout app which had one employee with a weak password. 
     
  3. As an administrator, we had three ways to fix this:
     
    1. Manually change the password. 
       
    2. Click the password reset button to automatically update the weak password with a strong one.
       
    3. Email the employee to make them aware of the password issue and include instructions about how they could fix it from their end-user dashboard.
        
Tout_1resized

Figure 4: Administrative View of Employee Password Strength Grades


Total time spent: 5 minutes.
 (4 minutes, and 29 seconds to be exact, but we don't like to brag)

Tackle Top Offenders

The dashboard provides a list of your top weak password offenders, so you can quickly identify and update users’ passwords or have them fix them on their own. 

 

Weak password offenders

 Figure 5: Top Weak Password Offenders

Employee Self-Service in Action: Going from Detention to Teacher's Pet

The best part of this feature is that employees can improve password strength directly from their end-user dashboards. For example, one of our employees improved her password strength across quite a few apps without navigating to each app's website.  Here's how:

  1. From her end-user dashboard, she quickly sorted her apps to identify which apps had a failing password score. 
  2. For some apps, she clicked the password reset button, which automatically updated her weak password with a stronger password.
  3. For others, she  manually entered a stronger password directly from her dashboard.  The end-user dashboard includes a handy password generator, which makes it easy to generate strong passwords.


End-user dashboard

Figure 6: End-User Dashboard

Administrative View

Here is the before and after of an employee that fixed weak passwords from their end-user dashboard.

Before:

End-user dashboard

Figure 7: Employee password grades prior to using Organizational Insights 

 After:

Employees improving password strength

Figure 8: Employee password scores after using Organizational Insights 

Results: Honor Roll

The results speak for themselves as we were able to quickly improve our user security score without the hassle:

Bitium's results

Figure 9: Bitium's User Security score after fixing weak passwords

Key Takeaways

Organizational Insights delivers the following:

  • Security insight into what was previously unknown.
     
  • Enables IT admins and employees to quickly fix user security. A security initiative that could have taken weeks, from discovery to execution, was implemented and completed in a couple of minutes. 
     
  • Self-service for employees to easily improve their password strength from their own dashboards.

 

{{cta('bb126516-793f-40e0-96d9-ca72b649a0d4')}}