Accessing the Security and Financial Advantages of Single Sign-On
When the IT team at breast cancer nonprofit Susan G. Komen topped two dozen cloud applications, it realized that users were struggling to keep track of their numerous passwords — and failing.
“This problem was increasing the cost of running our help desks, as our IT team was frequently called upon to reset passwords,” says Brim Basom, senior manager of IT programs and projects at Komen.
An internal review found that Komen’s 250 employees frequently lost or forgot the URLs, user names and passwords required for authentication and access to the nonprofit’s 28 cloud apps.
“Users wasted valuable time attempting to access applications when they could have been doing work,” Basom says. “Our goal was to improve productivity by giving users a central portal that would provide easy access to all their web-based applications.”
Getting Real Cost Savings
The solution was to deploy a single sign-on (SSO) app from OneLogin, a system that Basom says took about 30 minutes to initially test.
“Now, once a user is authorized in OneLogin, the system passes off a certificate and email address and the user can log in to the applications they are authorized to access,” he says.
Basom adds that Komen also likes the way OneLogin uses Security Assertion Markup Language to integrate with the organization’s cloud-based applications. SAML has become the industry standard for securely exchanging authentication and authorization data for web-based SSO.
The growth of SSO use has run parallel to the expanded number of cloud services adopted by businesses, along with the increased mobility of employees, says Frank Dickson, a research director at IDC who covers IT security and SSO technologies.
While password management and security are paramount drivers, SSO use is easy to justify, Dickson says. Beyond the savings in reduced service calls a company gets from moving to SSO, consider the savings in resets alone, he points out. IDC estimates that the average help desk call costs $40 per reset. Figuring that the typical user resets a password twice a year, that’s $80 per employee, per year, per password. For 250 users, that’s a $20,000 savings (assuming just a single password each).
At Komen, Basom says SSO use has recouped savings year over year. OneLogin has reduced spending on help desk calls by $35,000 annually and saves $82,000 in lost productivity per year, he says. “We’ve had a sustained level of savings every year since the system was deployed in 2012.”
Speeding Up Access to Apps
At Turville Bay MRI & Radiation Oncology Center in Madison, Wis., one of the main goals of deploying SSO for the company’s 75 employees was to reduce the time it took nurses and clinicians to log in to applications so they could focus on patient care.
“Our staff uses multiple electronic health records apps, as well as cloud apps for payroll and financials, so they really don’t have time to effectively and securely remember and store passwords, and then repeatedly log in and out of all those different applications,” says IT Director Renee Fiely Olson.
Turville Bay selected Imprivata OneSign SSO because of the tool’s widespread use within the medical field, Olson says. She says Imprivata supports the specialized EHR apps the company uses, and also meshes with the company’s Citrix remote access app.
Imprivata also offers a “tap and go” feature, so that Turville Bay’s employees can authenticate by swiping their badges on a card reader attached to each workstation. Users tap to authenticate and then tap again to lock down the system when they are done.
The Importance of Mobile Device Management
For app performance monitoring provider Dynatrace, the ability to deploy SSO integrated in a mobile device management (MDM) tool was an essential factor.
The company needed SSO technology to move to a single password so its employees across eight locations globally could more easily access the company’s 22 cloud apps, says IT Manager Joe Politi. Dynatrace runs cloud apps for customer relationship management, training, software development and human resources.
Dynatrace chose to deploy Centrify, primarily because MDM features are built into the main suite. In the past, it was hard to wipe a lost or stolen device with the company’s legacy technology, Politi says. Dynatrace also plans to pilot the multifactor authentication feature that Centrify offers so that the company can meet requirements on its projects for the federal government.
While the advent of biometrics raises the possibility that passwords might one day become obsolete, that time is far off, Dickson says. For now, SSO technologies offer a viable option that won’t bust the budget.