We recently released an innovative new feature, Organizational Insights, that allows companies to gain insight into their organization's overall security score, fix identified vulnerabilities, and measure improvement over time.
Since security is a top priority for us, we decided to take this feature for a spin and "turn the lights on" for ourselves to assess and improve our organization's user security score.
Turn the Lights On
The Organizational Insights dashboard highlights your organization’s overall security score in three main categories:
- User Security
- Application Security
- Overall Compliance
Since we wanted insight into our organization’s password strength, we first reviewed the user security grade.
Note: We will cover Application Security and Overall Compliance in follow-up posts, so please subscribe to email updates.
Figure 1: Organizational Insights Dashboard
What is your Organization's Password G.P.A.?
The user security grade is a representation of all of your employees’ password strengths across all of their SaaS and web apps. If a user’s password does not meet certain criteria (length, mixed characters, etc.) or would not withstand a brute force attack, they will be given a low password grade.
Here was our initial User Security grade and password score breakdown:
Figure 2: Bitium's User Security Grade
The "B" grade is respectable, but it revealed way too many "C" grades for our standards. We wanted to get to the "A" grade.
We also wanted to assess what our password strength grade was for the apps we use. Here was ours:
Figure 3: Bitium's Overall Password Strength for Apps
Before tackling the “C” grade apps, we wanted to immediately fix the apps with “F” grades. The dashboard is not only designed to provide insight, but it also makes it easy for you to take action.
Turn the Underachiever into an Overachiever
We improved our apps password grade in a matter of minutes.
- We clicked the View Apps with Weak Password Strength button to get a list of apps with an F grade.
- From that list, we clicked on each app to identify the underachievers. In our case it happened to be the Tout app which had one employee with a weak password.
- As an administrator, we had three ways to fix this:
- Manually change the password.
- Click the password reset button to automatically update the weak password with a strong one.
- Email the employee to make them aware of the password issue and include instructions about how they could fix it from their end-user dashboard.
Figure 4: Administrative View of Employee Password Strength Grades
Total time spent: 5 minutes. (4 minutes, and 29 seconds to be exact, but we don't like to brag)
Tackle Top Offenders
The dashboard provides a list of your top weak password offenders, so you can quickly identify and update users’ passwords or have them fix them on their own.
Figure 5: Top Weak Password Offenders
Employee Self-Service in Action: Going from Detention to Teacher's Pet
The best part of this feature is that employees can improve password strength directly from their end-user dashboards. For example, one of our employees improved her password strength across quite a few apps without navigating to each app's website. Here's how:
- From her end-user dashboard, she quickly sorted her apps to identify which apps had a failing password score.
- For some apps, she clicked the password reset button, which automatically updated her weak password with a stronger password.
- For others, she manually entered a stronger password directly from her dashboard. The end-user dashboard includes a handy password generator, which makes it easy to generate strong passwords.
Figure 6: End-User Dashboard
Here is the before and after of an employee that fixed weak passwords from their end-user dashboard.
Figure 7: Employee password grades prior to using Organizational Insights
Figure 8: Employee password scores after using Organizational Insights
Results: Honor Roll
The results speak for themselves as we were able to quickly improve our user security score without the hassle:
Figure 9: Bitium's User Security score after fixing weak passwords
Organizational Insights delivers the following:
- Security insight into what was previously unknown.
- Enables IT admins and employees to quickly fix user security. A security initiative that could have taken weeks, from discovery to execution, was implemented and completed in a couple of minutes.
- Self-service for employees to easily improve their password strength from their own dashboards.