GlobalSign Blog

28 Apr 2014

Four Questions for Comparing Authentication Solutions

There are a lot of authentication solutions available, so to help you decide which is the best fit for you, we've created a list of considerations based on our conversations with customers like you.

If you're still in the early stages of the purchasing process, you may benefit more from these articles about the need for two-factor authentication and two-factor authentication options.

1. What is the total cost of ownership?

Don't overlook the hidden costs of supporting the solution internally. There's more to TCO than the price tag.

More key questions:

  • Will maintaining this solution create an administrative burden on your internal resources?
  • Will you need to hire additional resources to help manage it?
  • What type of and how much training will be needed for both administrative staff as well as end users?
  • Do you have the holiday and after-hours coverage needed to maintain the services?

2. What are your specific use cases?

Figure out your specific needs and use them as criteria for comparing providers. Need smart card logon and machine authentication? Find providers that can do both and forget the rest.

More key questions:

  • Can the solution support graduated levels of assurance (i.e., higher assurance levels needed for privileged users requiring access to high-risk information and applications)
  • Who/what do you need to authenticate - users, servers, computers?
  • Do you have employees working remotely?
  • Are there any third party applications (e.g., Salesforce, Google Apps) that you need to support?

3. How will you manage the life cycle?

With employee turnover, mergers and acquisitions, and evolving employee roles, it is essential that you consider not only how you will deploy the solution, but also how you will manage other stages of the authentication life cycle, such as revocation and changes in access rights.

More key questions:

  • How will the solution be rolled out to end users?
  • Do you need to dispense tokens or smart cards?
  • How easy is it to change access rights for a given individual?
  • What about replacing lost credentials?
  • Are you able to simply and effectively terminate access when necessary?
  • Does the solution offer any integrations with Active Directory, which can help automate some of the life cycle steps?

4. What will your end users need to do?

In order for an authentication solution to be effective, people need to actually use it. Don't underestimate a user's desire to take the easy road. If there's a way to bypass a cumbersome process, they'll find it...and generally with little regard for security.

It's also easy to see how a poor user experience can also affect your TCO. If the solution is difficult for your end users, you can expect additional burden on your IT resources in the way of increased support calls, additional training sessions, etc.

More key questions:

  • Will the new solution require extensive training?
  • How easy will it be for users to actually use?
  • Will they need to use separate software or interact with a new interface?
  • In the case of token-based solutions, what will happen if they misplace or forget their token?

The bottom line is there are a lot of factors to consider as you research authentication solutions. Every organization is going to have their own requirements and priorities, but we hope the questions above help frame your evaluation.

Okay, your turn. What questions do you ask yourself while comparing solution providers?

Certificate based authentication for access control

Share this Post

Subscribe to our Blog