Last updated: 24 May 2017
Often when an organization chooses to go for a cloud authentication service, their decision is driven by a desire to minimize investments in technical resources and lower total cost of ownership. If enterprises are moving away from integration and support overhead to SaaS model solutions to only get their benefits, cloud authentication services might not all be equal in terms of fully managed services. With solutions being 100% cloud based to ones proposing a more hybrid model, the authentication market might have the good one for your needs. Before making your decision, you probably want to take a deeper look at some key elements for a successful roll-out of your strong authentication service.
1. Protecting which applications?
First thing to think about when choosing a cloud model for your strong authentication solution is what kind of applications you want to protect. You should consider where the data is located and the type of services you want to protect the access to. Are they cloud based or on-premises? Another factor to consider is what extra internal effort would be required by your IT team in terms of integration and setup. In this regard, you should assess whether the authentication service you are considering supports standard communication protocols such as RADIUS or SAML? Does it offer dedicated agents and APIs? You need to make sure that you can actually secure your entire IT ecosystem as it is today including cloud-based services, on-premises apps, VPNs, local networks, virtual desktops… You may also want to understand what it would cost your internal IT team to integrate future apps with a proposed authentication solution. So a good start can be to list down the applications you want to protect the access to today but also question your organization on ones you might need to address in the future.
2. Host or do not host?
As mentioned earlier, you may want to choose a cloud based solution but you probably also need to know that many solutions in the market would still require you to host some local components to enable the whole service to operate. Active Directory connectors, local SAML or RADIUS servers and proxies, IDPs…these are some common examples of elements customers might be asked to install and manage locally by vendors. It is first important to know which ones you’ll have to handle and manage but moreover what it will exactly require you to do so. The extent of the components that would require on-premises implementation will affect the time and overhead that your IT teams will need to invest in the overall solution.
3. Convenience for your users?
A high level of adoption of strong authentication by your end-users can be facilitated by ease of use and convenience. Flexibility is key to adoption and it translates into many ways for your users. Frequently, being able to offer a variety of different authentication methods will increase end user buy in and lower barriers to adoption. Another factor to consider is the scope of self-service offered by the solution. Effective self-service provides end-users with a greater level of control over their authentication experience and relieves the IT team of many mundane management tasks.
4. Enabling growth and scalability
Today your need for strong authentication might be driven by a unique factor – such as compliancy with industry standards for example, but a move to wider access management capabilities are likely to evolve over time. It is worthwhile checking out what additional capabilities your vendor can provide to accommodate potential future needs without requiring you to change your current 2FA implementation. Organizational circumstances change: for example internal re-organization or company growth, or mergers and acquisitions may affect your IT and security environment over time. You may want to centrally manage the authentication service but also rely on admins to manage the service locally and separately. This could be supported, for example, through shared services. Another example of evolving needs could be related to offering end-users more convenience in handling dozens of login/password combinations. In this case, a solution that also offers Single Sign On would be beneficial.
To sum, when looking into the type of authentication solution that would meet your needs, start off by asking yourself:
- What applications do I want to protect?
- Where do they reside: in the cloud, or on-premises
- How many internal resources do I want to dedicate to ongoing management tasks? Do I want to invest in, and maintain, on-premises components?
- How can I lower barriers to adoption and make it easy for my end users to authenticate?
- And finally: What are my future needs and will my solution accommodate them?
You’ve been thinking about choosing a hosted solution, the next step is to discover more about remote access authentication solutions, check out the Mobile Workforce Security infographic to learn more.