You’ve decided to search for a new single sign-on (SSO) vendor. How do you know which is right for you? More importantly, how can you avoid making a mistake? After all, choosing a poorly designed SSO product will harm your cybersecurity program.
On the other hand, you have limited time to make this decision. To balance these two factors, use this two-hour solution for organizing your vendor selection process. At the end of these two hours, you’ll be in good shape to speak with SSO vendors. Naturally, we hope that Avatier’s SSO solution makes it to your shortlist.
The First Hour of Choosing an SSO Vendor: Start Inside
Before you pick up the phone or visit an SSO vendor, you need to understand the lay of the land. Specifically, you need to understand if this is the right time to change your SSO vendor arrangements. If you’re currently going through a major corporate change such as an acquisition, this might not be the right time to make a change. During your first hour of work on SSO selection, work on these two activities: studying recent cybersecurity reports and meeting with your top stakeholder.
Phase 1: Read Recent Cybersecurity Reports for Issues and Strategic Opportunities
Refresh your memory of your organization’s status by reviewing a recent cybersecurity report. For example, you might seek out a copy of the quarterly cybersecurity report provided to the Board of Directors. If your company is small or you don’t have access to such reports, you’ll need to find alternatives. Look for recent reports from IT audit, external IT security reviews, and performance reports from your outsourced providers.
As you peruse these resources, look for the following issues and themes:
- Open issues: What are the main problems that hold IT security back from accomplishing its goals this year?
- Analysis of recent incidents: What’s the root cause common to security incidents suffered by the organization? Poor password practices tend to be a contributing factor to security failures.
- IT security operations challenges: Do you have a help desk or equivalent department that’s overwhelmed with inquiries?
- Quality of security systems: Do your security applications keep up with new threats?
- Employee experience: What’s the burden on employees to comply with the cybersecurity requirements? The higher the burden, the more struggles you’ll encounter.
Based on what you review in about 30 minutes, you’ll meet with your most important security management stakeholder in phase two.
Phase 2: Meet with the Most Important SSO Stakeholder
Based upon the reporting you receive, schedule a meeting with the manager or executive who’s most important in selecting an SSO vendor. The purpose of this meeting is to find out whether implementing a new SSO solution would help the individual reach goals. If the answer is no, you may need to postpone acting on selecting an SSO vendor.
During the meeting, ask a variety of questions to see if there’s management support for introducing an SSO improvement. Here are a few questions to get you started:
- What sign-on solution do we currently use?
- Do we rely upon manual employee effort to administer passwords?
- Has password management appeared as a weak point in reviews of our cybersecurity program?
- How many passwords do employees have to keep track of? The more passwords employees have to cope with, the more likely you are to suffer password reuse disease.
At the end of the meeting, you’ll have a high-level impression of whether an SSO solution is necessary. If managing passwords is a challenge, then you can benefit from looking at SSO vendors.
The Second Hour: Develop Your SSO Vendor Selection Criteria
By this point, you’ll know that your organization needs an SSO solution. Now, you need some criteria to help you put together a shortlist of SSO vendors. It’s best to use a combination of factors. Start with this list of factors and make adjustments as necessary:
- System compatibility: Look for an SSO solution that’s compatible with all your critical systems. You want to minimize or avoid incurring expensive customization work whenever possible.
- Industry experience: This selection criterion is especially important when you’re in a highly regulated industry such as healthcare, defense, or banking. To dive deeper into this area, find out how to assess a vendor’s industry experience.
- Pricing simplicity: Some software products have arcane pricing models that leave you scratching your head. Unless you have a procurement department to negotiate the details, it’s better to choose a vendor with a simple pricing approach.
- Software as a Service (SaaS) features: Does your company rely upon SaaS products such as Salesforce or Google Suite? If so, you need an SSO vendor capable of managing those services.
- Staff capabilities: In larger organizations, create an inventory of staff capabilities for SSO management. After the SSO solution is installed, you’ll need an ongoing solution to oversee SSO work.
- Implementation support: Do you need a consultant or other professional guidance to install your SSO solution? If so, include this factor in your selection criteria.
- Industry rankings: If you’re entirely new to SSO solutions, you may benefit from reviewing a ranking of top providers in the category. Check with major IT research firms such as Gartner to see what reports are available.
In about two hours, you’ll have an excellent starting point for your SSO solution process. Next, you need to start creating a list of SSO vendors to evaluate.
A Few Reasons to Add Avatier’s SSO Solution to Your Vendor Shortlist
Need help getting your list of SSO solutions started? You should include Avatier’s Single Sign-On solution on your list. It’s already used by Accenture, the American Bankers Association, AimBank, and the City of Santa Monica. Furthermore, Avatier has been recognized by Gartner as a leader in identity management. Avatier also has a track record of delivering cost savings to customers.