Comparing in-house 2FA with managed services
Dave Abraham reckons up the real cost of doing 2FA in-house
An ever-expanding mobile and flexible workforce is driving demand for anywhere, anytime access to information, applications and resources. Security threats are becoming more sophisticated and few days go by without another headline about a damning data loss.
Companies increasingly want VARs to help them balance the provision of easy-to-use remote access with cost-effective network security.
Passwords may be easily compromised, so two-factor authentication (2FA) is fast becoming the de facto standard for securing remote access.
However, resellers may struggle to decide whether to offer an in-house system or a managed service. But many rarely look properly at the total cost of ownership.
Do not ignore the cost of implementation, ongoing management, control and administration. The business and technology benefits to the end user of both options are also important.
With token-based 2FA, it is common to consider the cost of the tokens, authentication server and software, and compare those directly to the costs of a managed service of the same scale.
But consider the internal man-hours it takes to roll out the technology, administer and manage users, provision tokens, patch and upgrade hardware and software, maintain users 24/7, and support high availability. All these may be included as part of a managed services package and offer an ongoing revenue stream.
Some of these functions and services are difficult to price, but it has to be done to make a true comparison.
For example, every single call to the internal IT department or helpdesk costs money and takes staff away from doing other things. It all adds up.
List everything that is needed to keep 2FA up and running in house, with no service disruption and with a level of support that keeps employees productive. Weighing all factors in order of importance to the organisation can also prove useful.
There will certainly be investment in a resilient network infrastructure, security and monitoring or diagnostic tools, as well as skilled people. In-house 2FA can only be as effective as the IT delivery model that supports it. And you have to compare like with like.
Flexibility is hard to value. No organisation is the same, no user is the same, and authentication must suit individual users. Regular users may benefit from using a physical token that produces a new one-time passcode every 60 seconds.
Occasional users or users who require temporary access may be better to get it via SMS to their handheld. With in-house, a one-size-fits-all approach to authentication is only an option for the biggest players.
It is only by taking all of the potential physical, support, management and administration costs of 2FA into account that a reseller can help organisations decide.
Dave Abraham is chief executive officer of Signify