Call us at 507.319.5206 or This email address is being protected from spambots. You need JavaScript enabled to view it.
Follow us on LinkedIn and Twitter

Things Change: The Case for Managed SSO.

Posted on 11/05/2014 by Patrick Botz

I didn’t come up with the idea for a managed single sign-on (SSO) service. A customer did.

When Botz & Associates started security consulting, only infrequently would companies request help implementing SSO. I always wondered why more companies weren’t using it.

After working with a number of customers over time, the reasons started becoming more apparent. But it still required a customer to ask for ongoing SSO support — or “managed” SSO — before I realized that there were lots of organizations who needed exactly the same service.

Complex Technologies

Even before I left IBM, I knew that many customers found the technologies involved to be a bit intimidating; but I always thought that was due to a fear of the unknown. To help overcome this issue, we’ve always included hands-on training for administrators so they can confidently add new users and perform other routine tasks.

Yet, many customers remained leery of implementing SSO, even with our help.

Lack of Cross-Platform Experience

The very nature of SSO was also an inhibitor.  SSO is inherently cross-platform. IT shops, on the other hand, tend to be organized around individual platforms.  One department (or team) is responsible for Windows, one for Linux, one for IBM i, etc.

Because SSO is, by nature, cross-platform, administrators not only need to understand the technologies, but they also have to know how they are implemented on each platform in order to efficiently provide a high level of support. Customers were concerned about the finger pointing that could occur if SSO stopped working.

For administrators who are already overloaded, figuring out how to develop the required knowledge and finding time to do so is incredibly daunting.

Inevitable Changes to the Environment

Yet another road block, especially apparent to seasoned administrators, is change — as in changes to the environment.

Seasoned administrators know that stuff happens. Things change. The thinking here is, “Sure. We can understand and implement SSO in our environment as it is today. But what happens when we get a new release of Windows? When we implement web-based benefits administration? Or when a new encryption algorithm must be introduced?” And these are people that typically know there stuff.

In short, the concern is that change is inevitable and will happen sooner rather than later in the IT shop. Will administrators have the time and resources to understand SSO well enough to know — without a doubt — that it will continue to work after one or more parts of their computing environment changes?

More importantly, if a change did happen to affect SSO, could the organization acquire the skills necessary to make it work?

Cost of Employing In-house Expertise

Probably the biggest concern was the cost. Not the cost of implementing  SSO; especially if accomplished with outside help. No, the great unknown was how much it would cost to acquire and maintain the skills necessary to support SSO at required service levels?

Hiring these somewhat unique skills would be expensive and an ongoing cost. Developing these skills in house would also be costly and take a long time to accomplish. And it’s expensive to maintain specialized skills, used infrequently, yet vital when needed.

These issues all conspired to make a lot of organizations choose not to implement SSO.

The Solution: Managed SSO

Then one day, a potential customer called asking about getting help implementing SSO.  We discussed their environment. It was pretty straight forward. I told them how much we would have to charge and the first response was “You can’t possibly do it for that little” followed by “is there some way that we can pay you a monthly fee or something so that if we have any questions or problems we can call you?”  This was first time someone made that request, and it surprised me.  We agreed to do it.

Embarrassingly, it took almost another year to recognize the broader appeal of a “Managed SSO” service.

The more I thought about it, though, the more it became obvious that a managed SSO service made good business sense for both customers and for Botz & Associates.

  • Our deep understanding of both the technologies and SSO in general means that we can handle most questions and problems in a matter of minutes.
  • Because we spend most of our time working in the SSO world, we are typically aware of how new PTFs, fixes, patches, and releases of various components in your network may affect SSO. We also know how to fix or work our way around them.
  • We have experience with most of the workstations, servers, and devices in your network.

Because of this focus, Botz & Associates can retain and grow its high level of expertise far more efficiently than most IT shops can.  Furthermore, that cost is shared among a number of companies. This ultimately means that our SSO stat! customers pay literally a fraction of what it would cost them to provide a lower level of support in-house.

Does it work?

After a little more than three years offering SSO stat!, we’ve seen many companies embrace the managed SSO model. The number of companies moving to SSO each year has quadrupled.

Even more telling is that, to date, not a single customer has decided to discontinue the service—not even the very first one who gave us the idea!

 

facebooktwittergoogle_pluspinterestlinkedinmail
This entry was posted in Botz Blog, IBM i Security, Information Security, Single Sign-On (SSO) and tagged , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>