As use of the cloud increases and BYOD takes root in corporate culture, it is more important than ever that users accurately authenticate themselves before being granted access to corporate data. How this authentication should be achieved is a hot issue and is discussed in two separate reports released today by Encap and SecurEnvoy.
Encap, a Norwegian authentication company, used data from RSA, Gartner and its own research to compare the cost of the six most popular methods for authenticating users. All of the methods analysed are two-factor systems based on an enterprise of 3000 users – but the study shows that software-based authentication is generally far cheaper than hardware-based authentication. In CapEx terms, deployment of hardware one time password (OTP) systems comes out at $202,000. Smart device-based OTP software is 95% lower at $9,000.
The annual cost per user for SMS-based OTP authentication is actually the most expensive option, at $35.12. Encap compares this to smart-device OTP costing just $15.10 per user per year.
“But this is about more than just cost,” said Encap’s CEO Thomas Bostrøm Jørgensen. “Employees – people - want simple access across a range of devices. Similarly, IT managers want to easily integrate authentication without painful provisioning and replacement issues. Hardware approaches are incompatible with today’s world of smart devices, remote access and cloud apps,” he concludes.
It should be noted, however, that within the Encap study, use of smart token authentication has a considerably lower cost per user than any other method – at just $0.89 per user per year. This is where the second study, by SecurEnvoy, takes over. It looked at the rate of lost physical tokens, and found that some companies were losing as many as 75% of their security devices. While using tokens is inexpensive, they still have a capital cost. Overall, declares SecurEnvoy, millions of pounds are lost every year in the recovery and replacement of lost physical authentication devices. “When you think each token has an overhead cost – averaged at £50 per token, that’s a lot of money to write off,” says the company.
“Organizations invest huge sums of money in out-dated technology that has stood still while the world has moved on,” concludes SecurEnvoy’s CTO and co-founder Andy Kemshall. “We advocate the use of mobile phones which can be turned into an authentication device eliminating many of the management costs associated with 2FA systems.”