Figuring out the figures!

What are the potential hidden costs of deploying multi-factor authentication? Adrian Jones, CEO, Swivel Secure, offers his thoughts

With the sharp rise in cybercrime, it is a growing concern that, irrelevant of size, geography or industry, businesses could be at risk of cybercrime, if they have not taken precautions to protect themselves. With technology constantly evolving, many organisations are choosing to deploy a multi-factor authentication (MFA) solution, rather than a two-factor authentication (2FA) solution, because of the increased protection it provides their business

For example, features such as risk-based authentication can be utilised dynamically into the business, so users can only authenticate with methods appropriate to the information they are trying to access; it also ensures efficiency is optimised, without compromising security. But how much does a business have to compromise when it comes to the investment?

There are initial upfront costs, including licences and hardware needs, plus professional services, depending on change control requirements, to reduce the burden on internal IT professionals. Businesses will also come up against help desk costs during deployment for end users and the shipping of the tokens, if an organisation chooses to purchase hardware tokens for authenticating their stakeholders.

Other upfront costs could be less tangible, such as training and a price attributed to the increased productivity to enrolling users to authenticate using the platform. However, whether the costs are tangible or not, the total cost of ownership (TCO) is sometimes overlooked with the initial enthusiasm to minimise disruption of network restructure or to switch authentication solution.

Once businesses have deployed their solution and the training has started to pay dividends, businesses then receive their invoices for the maintenance renewal costs. Maintenance renewal can be very expensive and the costs are not always transparent during initial discussions. With focus on the proof of concept (POC) and ease of deployment, it is easy to see why ongoing costs are not always discussed or explored.

Ongoing maintenance costs can include help desks costs for end users or IT admin time for administrators. Some suppliers will also charge for patches and upgrades, new connectors or integrations, and even data centre charges, such as utility costs. It sounds simple, but ensuring businesses perform due diligence before signing on the dotted line is essential, if they don't want any nasty surprises after surviving the first twelve months.

Everybody wants an easy life, especially when it comes to deploying something like MFA within their organisation, but it's easy to get wrapped up in the 'plug and play' selling point, without realising the hefty invoices that will follow.

To help businesses ask the right questions when they start exploring MFA solutions, here are some recommendations that should be considered at the outset.

Ongoing maintenance costs for administrators:

• Are there any costs associated with the support for hardware and software?
• What are the costs for patches and upgrades?
• Is there a cost for additional connections or integrations?
• Are there any data centre charges?
• What is the charge for IT admin time?

Ongoing maintenance costs for users:

• Is there a cost for lost or damaged tokens?
• What are the costs for token licence renewals?
• Are there any shipping costs involved?
• What are the costs for help desk for users?

If you have the answers to all of these questions, you will at least be going in with your eyes wide open.