Mr.

Hefley,
As you are aware, Hefley Hui has been growing rapidly, and we are now the fifth
largest accounting firm in the world. A crucial part of our recent success has been our
focus on technology. By aggressively expanding our digital capabilities, we have been
able to adapt to our evolving business environment. We believe that continued
innovation in our IT department is key to our continued growth.
Below is a summary of a new technology that I believe will improve operations at
a minimal cost. Analysts have identified this project as very low-risk, yet able to provide
a substantial ROI.
New Technology: Single Sign On (SSO) Employee Portal
SSO enablement is a key feature that many modern companies are
implementing, and is one that will improve both our companys security and our
employees productivity. It accomplishes this by providing a single employee portal
through which employees can access all the programs they need, and nothing more.
Employees of our firm use numerous different applications and programs, each
one having its own login credentials. For example, employees need to login first to their
work desktop or laptop. Hourly workers also need to login to our payroll processing
system to clock in. Then, they need to enter their passwords for Outlook, SharePoint,
Skype, and any other communication/collaboration programs they use. Finally, he
needs to login to all the many programs needed to perform his duties. A higher-level
employee may need to access dozens of programs.
This is highly inefficient and insecure. Employees are required to memorize
several different usernames and passwords for each of those programs. Although most
employees will try to keep this information consistent, there will always be times where
a username or password doesnt meet specifications. Plus, programs may have
different requirements as to how often passwords must be changed. Over time, this can
encourage employees to write down a master list of all their credentials, which poses a
compliance and security risk.
SSO completely changes the way employees access their programs. It provides
two major benefits: improving employee productivity while also improving security and
compliance. Upon logging into their work desktop or laptop, the Identity Management
program (IDM) will sync with all independent programs and automatically enter the
users credentials. That way, once a program (like Outlook) is launched, the employee
doesnt need to remember his username and password; the IDM will have that
information stored. Furthermore, the IDM will store login information for web
applications, like a built-in Remember function (but without the security risks that
function incurs).

The IDM will also ensure passwords are regularly changed and fulfill minimum
requirements, and then apply those changes to all applications at the same time. This
keeps all credential information consolidated and secure.
To migrate employees into the IDM, we must get a report of all programs needed
for each position. Information Systems will need to pull user credentials for those
programs, which will be loaded into the IDM. To properly map user accounts (the
desktop or laptop log in) to program accounts, Information Systems will coordinate with
Human Resources. Once an employee is properly mapped, we will create an account
within the IDM to store and manage all credential data.
For new employees, the IDM will serve as the focal point for onboarding.
Following the same process as for existing employees, the IDM owner will create a user
account and relevant program accounts to be mapped together.
IDM will also be the gateway for access to new programs. Employees will submit
a request for program access and, if approved by their manager and by Compliance,
the IDM owner will generate a program account and make sure it is mapped to the
appropriate user account. This helps improve employee productivity as it moves the
burden of registering new program accounts to Information Systems. This also helps
from a compliance standpoint, as it allows our Compliance team to view accesses for all
employees, make any necessary adjustments, and quickly generate reports for auditing
purposes.
SSO as a Technology Migration
Implementing single-sign-on for our organization will require technology
migration. As of now, users must sign into each application that they will need for the
day. However, migration to an Identity Management Program (IDM) will allow for a more
productive flow of daily activities. The technology migration would be broken up into two
types of service providers.
The first provider will migrate the multiple employee logins into one universal
login server provider. The second technology migration would be actual service
providers (Dropbox, Facebook, Amazon, etc.) being moved over to this common server
for business to business compatibility. The IDM supports the configuration of singlesign-on for users within the organization, and can be used with many cross-company
platforms and web services that support federated identifications systems.
Capabilities and Benefits
The SSO employee portal has several capabilities that can provide numerous
benefits to all departments, from Tax Services to IT Help Desk.

Currently, users need to memorize a long list of passwords for all of their
programs. Implementing SSO allows users to remember less passwords; they only
need to remember one single password to access their workstation. Once signed in,
users will have access to all necessary services. This capability will improve employee
performance since it makes logging in a quick and simple process.
Not only does this feature reduce the number of passwords users have to
remember, but it also encourages them to create a longer and more secure password.
In turn, this improves our companys overall security.
SSO will also reduce help desk costs. Security compliance dictates that repeated
failed attempts of logging in result in employees being locked out of their account.
Currently, almost 50% of our help desk calls are regarding password resets and lock
outs. With SSO, this number will certainly decrease, as employees will struggle less
with trying to remember their password(s). Less password resets means that our help
desk technicians will have more time to focus on other tasks.
Overall, we believe that the SSO capability is a great capability to implement, as
it will prevent credential loss and provide convenience to users.
Risks and Costs
While SSO provides several benefits, there are still some potential risks and
costs that we must minimize and address.
Generally, it is bad practice for employees to use the same password on all of
their various web services, since having a single username/password combination that
unlocks everything poses security concerns. Having separate passwords for different
services limits the amount of data that is compromised if an employees password is
stolen. With our current system, if a hacker obtains a partners password, he will only
have access to basic desktop programs. With SSO enabled, he will have access to
everything on a partner level.
Furthermore, the IDM program itself includes a degree of risk. If the IDM is
improperly secured, credential information for all employees may be compromised.
Because of these potential security problems, we have included a risk management
protocol than will minimize impact. The protocol includes multi-factor authentication,
periodic password resets, and strong password requirements.
Another drawback occurs when an employee forgets his password. Under our
current system, this only prevents access to a single program. But with SSO, he will not
be able to access any resources, which completely halts productivity until help desk is
able to resolve his ticket.

To address this problem, we are rolling out an automated password reset

process for lower-level employees. This will reduce downtime and allow employees to
quickly reset their password by themselves, rather than having to wait for an available
help desk technician.
Measuring SSOs Success
To measure success of the implementation of single sign on, or SSO for short,
the current system in place needs to be recorded. By recording the efficiency of the
current system, the company can compare the efficiency results in terms of how much
help desk costs were reduced, the ease of business to business collaboration being
achieved, and how much more productive the employees became once SSO was
implemented. This is the way success of the new SSO system would be measured
through these percentage changes calculated.
To start, SSO saves employees from having to memorize a long list of
passwords. However, the immediate cost reductions from merely merging all the
passwords into one system may not be recognized by companies. The way that cost
reductions are realized is through help desk costs. Lots of calls to company front desks
are merely for password resets. Employees, or customers in a company, get locked out
of the company's system when forgetting a password and need the assistance of the
help desk to log them back in. The SSO system would be able to eliminate these calls
as users of the system only must memorize one password to logon. With passwords
having complex requirements today plus password resets costing upwards of seventy
dollars per reset. immediate benefits from SSO are required. These benefits bring down
help desk costs and allow these employees to use their time more efficiently.
The second metric to measure success of a SSO implementation is how well the
system facilitates business to business collaboration. The larger a company is, the more
companies they will be working with. These companies all collaborate to get business
done, meaning they must be highly interoperable. Their IT systems must be
interconnected and exchange data seamlessly, meaning that employees from one
company must log in to multiple other organization applications. With no SSO system is
place, this can be a nightmare for employees as they must remember authentication
requirements for various systems. A SSO would centralize the management of
authentication and allow users to login and gain access to all the participating
companies applications. The way this metric would be measured is how much more
efficient employees are in completing their duties as compared to before SSOs
implementation. Also, businesses can measure how production, delivery, and schedule
times are reduced.
The final metric for measuring SSO success is productivity boosts. With a
company that requires strict passwords, the process of a simple login may not be as
simple anymore. Employers that must login multiple times to different systems must
look over their password list and carefully type in the specific one. If they enter in the

incorrect password, they must carefully enter it in once more. The issue then arises of
too many failed passwords locking out users, and if the help desk is bogged down with
requests like previously mentioned, the user must put some tasks, however important,
on hold. Having to remember and key in one password significantly cuts down login
time and failed login in recovery time. Compare these results to employee time spent
logging into all their required systems on a day to day basis to give a time
measurement. SSO allows employees to get to work right away.
SSO can deliver immediate success for this company as mentioned by the
previous metrics. The IT productivity goes up as less time is spent managing
passwords, allowing IT employees to spend time on innovations and opportunities.
Passwords seem like such a miniscule aspect of companies, however the time saved
with SSO affects all fronts of the company in terms of how much more employees can
be efficient in their day to day tasks.
SSOs Impact On/By Process Frameworks
The SSO technology impacts the IT-CMF in place of Hefley Hui. As compared to
the previous macro capability of Managing IT like a Business, this technology
implementation now forces the company to Manage to IT Budget. This framework is
composed of capabilities such as budget oversight/performance analysis and funding
and financing. To be able to implement this new system, the company had to
strategically plan, manage, assess risks and benefits, and create an organizational
design to supplement the project.
Looking forward, the project will require a proactive and explicit strategy for
finding a sustainable economic model for this IT project. SSO draws negativity due to
cost and handling, so the approach of Managing the IT Budget is crucial. Budget
Oversight sees how much capital is devoted to implementing SSO, and if that amount is
in line with other operating costs. Meanwhile, the Performance Analysis compares its
allotted budget with its end results to justify the project. These results will be measured
against our previously-mentioned metrics to track the success of the projects
implementation. The company will have other projects running at the same time as
SSO, so Portfolio Management comes into play. How many funds, resources, and hours
devoted to SSO are determined here. As it is expected to increase employee
productivity, we put a higher portfolio weight on SSO.
SSO is also impacted by process frameworks, such as IT-CMF and ITIL, by the
value the two process frameworks provide. This is due to the categories and
dimensions the two frameworks consider, specifically how each framework computes
the feasibility of an IT project.
For example, when applying the IT-CMF framework to SSO, we first need to
understand its capabilities and competencies. Capability is measured through an
organizations ability to steadily mobilize resources towards achieving a specific

outcome. Competency is analyzed by the demonstrated ability of an individual to apply

knowledge, skills, and attitude for achieving the best results. This initial analysis allows
us to discuss SSOs potential and determine its necessity and feasibility. Once this is
done, IT-CMF gives us 35 Building Blocks that we use to assess the critical capability of
SSO under four main categories: Managing IT like a Business, Managing the IT Budget,
Manage the IT Capability, and Managing IT for Business Value. As SSO is implemented,
it will be constantly monitored and measured to assess its benefits and risks in relation
to its effect on IT efficiency and to the various systems SSO must eventually be
compatible with.
On the other hand, ITIL assess IT services under five core categories: Service
Strategy, Service Design, Service Transition, Service Operation, Continual Service
Improvement. Each core column focuses on how the IT project adds value to IT
operations and how they fulfill the business needs of the company.