CISO Chats: Building the Case for a Centralized Password Management System

Desk with notes

When it comes to making investments to help improve the security of your company – it feels like every product needs to be a top priority. And even if you know a product will help protect your business, it can be hard to get buy in from decision makers in your organization.

For example, implementing a password management tool is a relatively low-cost way to improve your overall security posture and protect your business from a breach. But how should you build the case that it is essential and needs to be prioritized?

Quantify the risk

Thankfully there are plenty of good articles and data available on the risks of poor password behavior for businesses. For example, the 2017 Verizon Data Breach Investigations Report found that 81% of breaches were caused by weak or reused passwords. And the Breach Level Index website found the average total cost of a data breach totaled $3.62 million in 2017. And it’s not just big companies that are targets – SMBs are at risk too.

Highlight the human element

Security is always about people, process and technology. It would be an understatement to say that people are the most important part of your company’s security. Your employees need help managing their passwords – or they will put the company at risk, even though they would never intend to. Our Psychology of Passwords report shows that 59% of respondents mostly or always use the same password. This is because they feel overwhelmed by the thought of remembering unique passwords for all their accounts. They need processes and technology like LastPass that can make it easier for them to do the right thing. A password manager can help them create strong passwords with a password generator and save and autofill all their logins for them.

Discuss the time savings

Password management is a burden on the end users and your IT teams. A recent Ovum report showed 76% of users suffer regular password management problems. When these login problems occur, your IT team needs to take time away from more strategic and important responsibilities to deal with these.

Also, employees login 154 times a month – which takes 14 seconds each time. That translates to about 36 minutes a month is wasted on password activities.

Highlight the value to the whole company

Show that there is value across the company for this solution. If you only implement a password manager for some departments, your company is still at risk. Think about all the sensitive data that the HR and finance teams interact with daily. Or all the contractors and third-parties that the marketing team needs to share credentials with. Without a centralized password management solution, your teams have no secure way to keep track of and share their credentials.

Compare yourself to your peers and competition

A great reality check is to compare yourself to other companies in your industry. Our 2018 Global Password Security Report is out now – which looks at anonymized LastPass user data to see how companies in different industries and of different sizes perform when it comes to password security. Take a look to see how you compare.

I hope this summary helps you highlight the value of a password manager in your security stack. Take a look at my recent interview with ISMG which also covers the importance of the role of password management.

Gerald Beuchelt is the Chief Information Security Officer at LogMeIn. He is responsible for the company’s overall security, compliance, and technical privacy program. With more than 20 years of experience working in information security, he is a member of the Board of Directors and the IT Sector Chief for the Boston Chapter of Infragard. In his prior role, Gerald was the Chief Security Officer for Demandware, a Salesforce Company. He holds a Master of Science degree in theoretical physics.