Single Sign-On authentication can eliminate user and administrator headaches.
Chew on this statistic: Spending on identity and access management will grow from about $2.6 billion in 2006 to more than $12.3 billion by 2014 (including revenues from both products and implementation services) according to a 2008 Forrester study on the identity management market. That’s $12.3 billion to bridge securely the Internet Age moats around our castles, but it does not include the cost of aspirin for headaches that password issues cause network administrators and users alike.
There is, however, an emerging set of solutions that can reduce the pain of password management: “single sign-on” (SSO) technology allows a user to have one password that provides entry to a system and then manages all of the application authentications seamlessly and transparently. Better yet, SSO offers some relief – even some advantage – to network administrators who support multiple password-protected applications.
The SSO effect on money and time
As small and medium-size businesses (SMBs) grow, so do the number of applications that require user authentication. This is usually driven by sensible concerns about confidentiality and protection of sensitive data, such as customer information or company financial information. In highly regulated industries, such as financial services and insurance, CDW has seen organizations with as many as 30 applications that require user authentication.
Information Technology (IT) help desks can potentially spend hours on password resets. In fact, according to IDC, 40 percent of help desk calls are for password resets, and the price of password reset calls can accrue to astronomical sums, costing up to $50 per reset. To put the costs in perspective, if each user in a 500-person enterprise makes four reset calls each year, the company may spend $100,000 annually on resets – and they may avoid all or most of that by implementing a secure single sign-on solution. In many companies, that is at least the cost (in salary and benefits) of one experienced IT professional.
The objective of SSO is to avoid the hidden costs of flawed “human software.” It is simply easier for any user to remember one password instead of several. If users forget passwords, not only does the help desk have the burden and expense of a password reset, but there can be a substantial period of time where users will not have access to the application they need, wasting still more time and money.
Auditing and Compliance
In addition to reducing end user and network administrator frustration, SSO solutions can help alleviate the increasing challenges of compliance with corporate governance or regulatory compliance measures such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and Sarbanes-Oxley (SOX). With SSO authentication, organizations can easily identify and catalog security breaches, and fewer passwords mean fewer records to keep, reducing the manpower that companies spend on regulatory compliance each year. This is becoming an important consideration, as Gartner predicts that the number of regulatory requirements directly affecting IT operations is expected to double in the next few years.
Does SSO decrease IT security?
Any new technology meets healthy skepticism in the market. We often hear customers expressing their anxieties that SSO may compromise network security. However, this is a misconception. SSO is not a shortcut that end-runs authentication processes; it is itself an application that admits the user to other applications only by validating their identity through a secure internal protocol. Administrators are able to monitor user log-ins more easily. For example, if a user is logging in many more times than usual, the help desk will see a red flag and be able to act accordingly. With multiple user passwords, that would be much more difficult to detect.
In fact, there is nothing less secure than burdening users with responsibility for multiple passwords. Let’s face it: with everything going on during the work day, who has the time to memorize five or more passwords? Those passwords are being jotted on sticky notes and attached to monitors or slid under mouse pads – which is practically begging for a security breach. Having “one key to the castle” also makes it easier for IT managers to fix security problems. For example, if there is a problem with a password on a network that employs SSO technology, IT professionals can easily identify and shut down the account. With multiple passwords, it would be difficult to know which caused the breach.
SSO is also helpful when an employee leaves a company. The IT department can easily terminate the user’s access to all applications simultaneously and watch for subsequent attempts to log in.
Things to consider
While there are good reasons for SMBs to consider single sign-on technology, it isn’t for everyone. Here are some things to consider before jumping in.
- Within your business, look at the number and types of applications that require user authentication. Consider the frequency of password reset requests. The cost/benefit calculation of SSO technology should be fairly straight forward.
- If you decide that SSO deserves consideration, evaluate a range of prospective providers. There are several vendors that provide SSO solutions, including IBM, Oracle, Novell, Citrix, and Imprivata, among others. The licensing, costs, and operations vary, so research each solution to determine the best fit for your organization.
If implemented wisely in the right situation, SSO can help small and medium-size businesses save money, maintain productivity and monitor for compliance more easily. SSO is an investment, but it will pay off with improved protection for your network, more satisfied users, long-run cost savings — and (at least in this regard) your own sanity.
Fore more informaiton on products and services you can visit www.cdw.com