IT security is on everyone’s lips today. But everyone understands something different about it: Pen-tests; secure coding or exploits; antivirus, antispam; data protection; still firewalls; security consulting; identity management; authentication. The subject of IT security is a broad spectrum. And that’s why everyone is also concerned with “IT security”. We deal with the special field of secure or strong authentication – multi-factor authentication.
The status quo of proprietary software and the market
IT security companies are often very specialized and therefore rather small companies. A few years ago this was even more true. Many important players in the market had fewer than a few hundred employees worldwide.
But because everyone was talking about IT security, the topic and thus these companies also became more attractive for larger companies and the merry-go-round of mergers and acquisitions picked up speed. Who still does know Safeword Tokens? Secure Computing, Aladdin, SafeNet, Gemalto, Thales gave and give themselves a lively change of company names and product labels. Aladdin, SafeNet and Gemalto once had their own smartcard products and portfolios. These have now finally merged into Gemalto.
In a merger, the company also grows its product portfolio. It is like after Christmas – new toys are coming, old ones have to leave the children’s room! And like this the grown company will also clean up its product portfolio. Products like SafeWord 2008, SAM Express and this year SafeNet Authentication Manager (the OTP part) will go end-of-life.
Death in a proprietary world
In the case of proprietary software, end-of-life often means the end of the software. If the manufacturer has licensed the software on a per-user basis, it is not possible for you as a customer to purchase even one additional user license for this software after End-of-Life! If you want to roll out second factors for new users in your company after the End-of-Life, then this is no longer possible. You have only licensed 1000 users? The 1000-and-first user can no longer receive a 2FA token in the old system! License exceeded!
Not only because of the missing support and the missing further development – No, even because of the missing functionality you are forced to migrate away from your existing system.
Manufacturers often offer supposedly attractive migration paths to the other proprietary product in their portfolio. But you know that migrations are expensive and time-consuming.
Pain point: Multi-Factor-Authentication
The migration of a multi-factor system comes with unwanted pain factors. Two-factor authentication usually means the combination of knowledge and some ownership. The ownership factor (Hardware token or a registered smartphone app…) is bound to the backend and simultaneously distributed to the user. Distributed in the field. Worldwide.
In extreme cases, the migration of an ownership factor can mean that the ownership factors distributed out there have to be collected and new ownership factors distributed.
Depending on the number of users, the structure of your company, the workflow of the users, this can be a lengthy, expensive and painful process – even if the new product comes from the same vendor. (It doesn’t come from the same manufacturer, but only from the same portfolio after the merger!)
privacyIDEA
Our employees have been working in the field of two-factor or multi-factor authentication since 2004 and therefore understand the pain of our customers. We have integrated this experience into privacyIDEA.
Already for some time privacyIDEA provides you with a smooth migration. Without any time pressure you run privacyIDEA and your old software in parallel, without the user having to notice anything about it. Step by step you roll out new tokens within privacyIDEA.
With the upcoming version 3.1 it will also be possible to import the seeds of old, existing tokens into privacyIDEA and automatically assign the tokens to the users and set the old token PIN automatically. No need to re-enroll tokens. Nothing to do for the users, minimal effort for the IT.
Many customers, such as Klinikum Hanau, already rely on privacyIDEA and have successfully migrated to privacyIDEA.
Look at the future
And if you want to migrate away from privacyIDEA? Why?
privacyIDEA is Open Source. With privacyIDEA you never meet the fate that you cannot roll out the 1000-and-first user. privacyIDEA is running. Will be running. Forever.
Invest in your future! Invest in Open Source! Invest in privacyIDEA!