A Business Case for Using Single Sign On
April 16, 2012
This weekend I was especially busy using on-line applications. I verified my daughter’s college registration, paid bills, bought movie tickets, sent out invitations, checked retirement accounts, chatted on social sites, checked emails, booked flights, purchased a gift, and well I could go on but I’m sure you get the idea. While I love doing things on-line, I don’t love signing on to the various websites. To be more accurate I don’t love having to remember all my different passwords, and the truth is that I don’t. Instead, I have four typed pages of passwords for system that I access. While this is helpful, it is a security risk and logging on remains a time consuming effort – I have to find my list (why is it always in the room that I’m not?), look up the website or application I’m trying to access, and type in the user ID and password (usually incorrectly). This weekend’s excessive online activities were the straw that broke the camel’s back and prompted me to investigate single sign on (SSO) applications for my personal use. SSO is a system in which a user logs on to all of their software systems without being prompted to enter a new password or provide authentication for each individual system.
Which lead me to think about my customers; how frustrated their clinicians and physicians must be with the amount of precious time that is wasted signing on to multiple systems and how IT managers lose sleep at night thinking about all those passwords that are stored on Post-it notes, in spreadsheets, on scratch paper under telephones. While many organizations think about implementing a SSO solution, it is costly and can be difficult to deploy. This causes many to question whether a SSO solution is worth the cost and effort. So I did some research and found some surprising information based on survey’s performed by the Gartner Group in 2002 and Ponemon Institute in 2011.
The report by Gartner indicated that in the year 2000 a full 30% of helpdesk calls were password related. The report suggested that each password reset cost the average company about $32 and it was also estimated that on average a user will need four password resets per year. Therefore, in 2000 an organization of 3000 users would have spent $384,000 per year on password resets alone! Knowing that costs have increased and there are more applications in use since 2000 this means that the same organization would be paying much more in 2011.
The Ponemon Institute study indicated that there are additional costs savings based on minutes of time clinicians save by using a SSO solution. Their study showed that clinicians have an average of 6.4 passwords to access critical applications and patient data and a SSO solution can save 9.51 minutes of time a day leading to a cost savings of $2,675 per year per clinician. An organization with 700 clinicians can see a total cost savings of over $1.87 million per year with a SSO solution in place.
While an SSO does have a high initial start-up cost, research shows that it saves time, reduces help desk call, improves security and saves money. I’m sold! A few things to remember; Not every application can be configured to allow a single-sign on, so make sure that the most commonly used applications can support this before starting an SSO project. Having a business case for SSO can go a long way in getting the budget needed for the SSO.
