Cybercriminals’ Make Budgets Exciting Again

IT budget planning in July? Yes. At this moment, it may seem too early to be IT budget planning for next year. Yet the challenge, especially, for IT spending is that tradition has placed the focus in the wrong place.  What follows is a reason to expand the scope of IT budget planning beyond the predictable software and hardware renewals and updates to include a focus on what might thwart cybercriminals’ success in our businesses. 

Why start IT budget planning now?

The reason to start now is that most of the recommendations for what to do to protect our companies from advances in cybercriminal attacks come from vendors trying to sell a product. But, a more important factor is to consider what IT actions you need to budget for (both in $$s and time) to minimize the impacts of potential cyber threats.

The importance of budgeting for a Single Sign-ON (SSO) project

Single Sign-on (SSO) is an authentication and access control measure that allows users to use the same sign-on credentials across multiple applications.  The benefit to users is streamlined and simplified identity management. The benefit for businesses is that SSO can support security measures by decreasing the frequency of login attempts and lowering the chances of credential leakage. If you haven’t already adopted SSO, an SSO project should definitely be part of your IT budget checklist.

Just recently the Cybersecurity and Infrastructure Security Agency (CISA) has published guidance on single sign-on (SSO) for small and medium businesses (SMB). You can check these out at Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses (cisa.gov) and Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: Identifying Challenges and Opportunities (cisa.gov) This is a powerful and detailed vendor-neutral resource.

Where to Start

The resource at Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: Identifying Challenges and Opportunities (cisa.gov) is nineteen pages long. On page thirteen is a good executive summary, enumerated this way:

“Implementing a systematic approach to SSO will facilitate SSO deployment in SMB environments. We recommend SMBs use an approach such as the following:

  1. Start by analyzing the organization’s needs, such as the number of users, applications, and security requirements. This assessment will help determine the most suitable SSO solution.
  2. Look for affordable options (e.g., cloud-based solutions that do not require extensive infrastructure). Compare the features and compatibility of different SSO solutions provided by the many vendors in the market.
  3. Evaluate how well the solutions integrate with existing infrastructure and applications.
  4. Conduct a pilot project to minimize risks and test the solution’s effectiveness before rolling it out to the entire organization.
  5. Train the staff and provide clear guidelines for password management and security practices.
  6. Continuously monitor the SSO solution to strengthen the overall security posture.”

Vendor Selection

This vendor-neutral resource, on page thirteen, goes beyond what should be done and presents what vendors need to do. It goes on to state, that “based on user feedback, vendors can significantly improve their service offerings by implementing the following recommendations.

Vendors should:

(a) gather customer requirements and offer tailored solutions that meet their needs, while eliminating unnecessary services;

(b) offer more flexible seat thresholds or requirements; and

(c) improve the accuracy and completeness of support materials for their essential set of services such as SSO.”

Summary

Planning The fact that this is a project, involves coordination with staff and planning is all the more reason to start planning now for this project and to add it to your budget plans.  Working with your IT department the education can start in advance of deployment, the needs of users understood, and the best time to begin ascertained.  Lead IT Consulting is always tailoring solutions to our customers so when the CISA recommends “…offer tailored solutions that meet their needs, while eliminating unnecessary services…” you can count on custom crafting and tailoring solutions being what we do.  One size does not fit all. If you’d like to discuss scoping an SSO adoption project as part of your IT budgeting readiness, reach out.  We’d love to work with you on this! Book a meeting to discuss or complete a contact form and let us know how we might help. 

Scroll to Top