Townsend Security Data Privacy Blog

Managed Single Sign-On Services – A Clear Return on Investment (ROI)

Posted by Patrick Townsend on Oct 23, 2013 1:16:00 PM

As a data security company, we talk to a lot of people concerned with keeping their systems and information safe.  Compliance regulations are often the driving force behind our conversations – and these discussions are with people who can be divided into two camps – as either being proactive or reactive.  The proactive group realizes that data breaches are not a matter of if, but when, and on average cost an organization over $7 million.  The reactive segment is often facing a failed security audit or has experienced worse – a data breach because the proper controls were not in place.

Practical Single Sign On Not very often do we have a conversation about the immediate return on investment (ROI) of deploying a security solution.  Patrick Botz of Botz and Associates tells us that not only has he been having plenty of these conversations, he is helping companies save thousands of dollars a year with his SSO stat! service.

If you are a security professional, his name may sound familiar.  Prior to starting his own consulting company, he was the Lead Security Architect at IBM and founder of the IBM Lab Services security consulting team.

By enabling single sign-on (SSO) with the technology that an organization already has, Patrick Botz helps businesses see a return on their investment of his services typically within 2-6 months.  Recently he authored a white paper titled “A Guide to Practical Single Sign-On – The Case for Managed SSO” that takes a real-world look at single sign-on technology and offers a straightforward, sensible approach to SSO.

Rather than SSO being a technology problem, Botz asserts that managing passwords is truly a business problem.  As he writes in his white paper, “The REAL purpose of SSO is to significantly reduce the high cost of managing passwords across the organization.” The ROI can be best illustrated by a story he likes to tell from when he was at IBM:

“At one point, I started tracking the time I spent changing passwords and “recovering” from those changes.  I was very surprised to learn that instead of the 10-15 minutes I thought I was spending, it really was taking, on average, closer to 35-40 minutes! And I was just one of about 300,000 employees! Assuming 30 minutes on average across all employees, four times a year — that equates to 600,000 hours of time! If the average hourly rate per employee is only $20, that’s $1.2 million dollars!  And that’s just for end users!

While the primary goal of SSO is to reduce the costs associated to managing multiple passwords, it also reduces the risk of a lost or stolen password due to employee negligence.  How often do we hear about confidential information “protected” with:

  • Easily guessed passwords
  • Written lists of passwords located under keyboards, desk drawers, etc.
  • Lists of passwords stored in files on workstations or network drives
  • Shared userIDs/passwords

So once an organization decides that they need an SSO solution, what should they consider before deploying one?  In the white paper, Botz discusses the pros and cons of the four technical approaches to SSO, but concludes that two technologies will ultimately do the lion’s share of work (60-80%) for most companies.  For these organizations, eliminating passwords with Kerberos and EIM ends up being the best starting point.

Typically, the extra cost involved in achieving 100% “Single Sign-On Nirvana” is simply not justified by the estimated costs.  Further, as Botz states in his white paper, “It turns out that most businesses get the best ROI by using technology that they already own to eliminate the high cost of managing passwords – over their entire multi-platform network.”  By not needing to invest in any additional technology, an organization is not responsible for any additional software licenses or maintenance fees.

After talking with Patrick Botz and reading his white paper, I am looking forward to using his SSO stat! service at Townsend Security!  For more information on Single Sign-On and how it can save your organization time and resources while increasing security, download his white paper “A Guide to Practical Single Sign-On – The Case for Managed SSO.”

A Guide to Practical Single Sign-On

Topics: Patrick Botz, Single Sign On (SSO)

IBM i Has Single Sign On (SSO) - You Just Have to Enable It

Posted by Patrick Townsend on Nov 27, 2012 8:30:00 AM

Download Podcast: IBM i Single Sign On (SSO) with Patrick Botz

university encryption

Listen to this podcast with Patrick Botz and Patrick Townsend to learn about Single Sign On (SSO) on the IBM i.

Click Here to Listen Now

Anyone active in the IBM i community knows Patrick Botz from his time as the Lead Security Architect for the IBM i group in Rochester, Minnesota. Patrick worked for years promoting security best practices, and worked diligently to solve one of the more perplexing and complex issues for large accounts – Single Sign On (SSO). Everyone with a large number of users has felt the pain of managing lots of user accounts and passwords across a lot of different types of systems. For any organization with more than a few users, managing user accounts and passwords has traditionally been an expensive proposition.

But it is one that you can now tackle very effectively.

Because of a lot of work that Patrick did during his stint at IBM, IBM i customers now have the technology they need for Single Sign On (SSO). Yes, you have the technology you need, you just didn’t know it.

Patrick is now in private life providing services to customers who want to reduce their help desk costs for managing user accounts and passwords. You can actually get to an SSO solution without purchasing additional software, and Patrick can help you achieve this. His company, Botz and Associates, has an affordable, packaged services solution called SSO stat! that will get you up and running with SSO very quickly. And this is not a drive-by engagement. He focuses on knowledge transfer during the engagement so that you can make it on your own, and he provides a support offering in case you want to have his expertise on demand.

Password management continues to be a challenge for all organizations. Poor management leads to insecure passwords and inconsistent policies – and these lead to more data breaches. We can do better. And Patrick Botz can help you get there.

By the way, Patrick worked for years at IBM, but before that he was a UNIX kind of guy. Today his expertise spans UNIX, Linux, Windows, Mac, and IBM servers. We all have multiple technologies in our organizations and he can help you stitch them all together.

We just did a podcast together with Patrick on Single Sign On (SSO) that I am sure you will find interesting and I encourage you to listen to it now.

Disclaimer: Neither I nor Townsend Security has a financial relationship to Botz and Associates. We’ve hoisted a beer together, and I’ve seen his work at mutual clients. He’s someone I think you should get to know.


IBM i Single Sign On (SSO) with Patrick Botz

Topics: Patrick Botz, IBM i, password, Single Sign On (SSO)