|
The ROI Case for Smart Cards
By Jay Paterson
The investment in a smart card security solution to protect both physical and data access points may annually save an enterprise more than $2 million for every 2,000 employees covered by a smart-card-enabled identity and access management system, according to a new survey conducted by Datamonitor.
Commissioned by Siemens Communications, Inc., the survey measured the return on investment that can be expected from a smart card deployment. The findings were based on interviews of 53 enterprises in the fall of 2004. Datamonitor explored both current authentication practices and the potential benefits of converging logical and physical access solutions.
Authentication, the ability to verify a user’s identity, is used in the enterprise environment to protect both logical and physical access. Today, logical access solutions are typically used on site as well as off site to control employee access to personal computers, fixed and wireless local and wide area networks (LANs and WANs), virtual private networks (VPNs) and databases, as well as other logical information assets. Authentication mechanisms can also be used to restrict access to buildings and facilities. Card-based physical access solutions have been deployed by many organizations, especially large enterprises.
Increasingly, enterprises are looking to deploy a converged solution, whereby the authentication mechanism is used to control both logical and physical access. Enterprises are motivated by many factors to integrate logical and physical access control systems. Motivations include a need for stronger security measures, on the one hand, while at the same time needing to meet the expanded access needs of mobile and nomadic workers. Enterprises are also looking for ways to improve the experiences of employees who often complain that they are overburdened with passwords. Regulatory compliance is also a major factor.
Return on investment analysis is always a mitigating factor for an IT-related decision; however, little work has been done prior to the Datamonitor study to quantify the cost savings associated with an integrated smart card deployment.
Smart cards, which include a microchip for information storage and data modification, can help identify workers with static and dynamic passwords, digital certificates and private keys, biometrics and pictures. The clear technological advantage of the smart card is that the storing of the private key on the card makes an enterprise less vulnerable to access from unauthorized users than when private keys are stored on a desktop, for example. However, the deciding factor for smart cards may be the solution’s ability to host and protect multiple applications, providing cost savings and efficiencies throughout the organization. In short, smart card solutions typically involve less systems integration than a full public key infrastructure (PKI).
Datamonitor’s analysis of the survey results identified both hard dollar and soft dollar savings that may result when a secure access smart card solution is deployed. For example, the survey found that, for a 2,000 employee enterprise, an average of 23.5 password-related helpdesk queries are fulfilled by IT departments each day, with each query requiring nearly 2.5 minutes to fulfill. This equates, according to Datamonitor, to an average of nearly one hour of password-related helpdesk queries each day. Based on an IT staff cost of $70 per hour, this totals to a $17,420 cost for fulfillment each year.
This cost estimate does not include the fact that password queries also cause IT staff disruptions, according to the report. Disruptions due to password queries mean that an IT staff member is unable to fulfill other organizational IT tasks. Password systems also require IT staff time for general maintenance. According to the report, such costs can add up to more than $152,000 per year for an enterprise with 2,000 workers.
In another cost savings evaluated by Datamonitor, the study explored ways in which a smart card system could save employee time. Even with a relatively small amount of time savings – an average of one minute and 13 seconds per employee at an average of $70 per hour, according to the study – equates to a cost savings of $736,667 per year for an enterprise with 2,000 employees.
Datamonitor’s survey also collected anecdotal evidence for the management of PKI certificates through a smart card deployment. A prominent government department, for example, that deployed PKI as an authentication mechanism within the organization, estimated that between $101 and $500 per user was saved each year by managing PKI certificates through smart cards. Assuming a midpoint of $300 per user per year, this equates to an annual savings of $600,000 for an enterprise with 2,000 employees.
Several cost savings related to physical access were also studied when smart cards are used to authenticate employees and control facility access as well as for authenticating access to IT networks and systems. On average, according to the study, enterprises could save 25 percent of their facilities staff budget, as well as significant dollars related to more efficient building access procedures.
Such systems help simplify management processes involving card issuance, personalization, access rights, management and post-issuance. This translates into reduced staff costs, quicker building entry and other tangible savings such as reduced insurance premiums. In addition, soft dollar savings include reductions in theft and other costs associated with unwanted individuals gaining access to the enterprise and potentially conducting industrial espionage.
In total, the Datamonitor analysis illustrates a number of potential cost savings associated with integrated smart card deployments, including both IT and general employee cost savings:
1. Time savings from enhanced mechanism for user sign on ($736,667).
2. Cost savings by managing PKI certificates through smart cards ($600,000).
3. Time savings through quicker access to buildings and facilities ($347,569).
4. Cost of password-related queries for IT department ($152,620).
5. Reduction in staff costs through automation of physical access ($125,000).
6. Cost savings from issuing smart cards for temporary access ($45,335).
Datamonitor noted that such savings will scale for enterprises with greater number of employees. An enterprise with 10,000 employees, for example, could generate annual cost savings of more than $10 million. “Although these savings do not factor in the cost of deployment and operation, the information clearly illustrates that enterprises will generate significant cost savings over time by deploying a secure access smart card solution.”
When seeking an integrated smart card solution, the Datamonitor report suggests strategies for seeking an integrated smart card solution that to provide maximum return on investment for the enterprise. According to Datamonitor, a vendor’s solutions should ensure:
1. A comprehensive range of products and demonstrated flexibility in terms of solution offerings. Packaged solutions are available, Datamonitor warns, but packaged deals may also prohibit an enterprise from adapting best-of-breed solution components.
2. Simple migration, via standards-based identity management solutions, that support biometrics or alternative technologies as they become available or are practical to integrate.
3. Scalability if the enterprise needs to cover a greater number of users.
4. Integration with legacy systems and applications as well as with back-end mainframes and network configurations.
“Enterprises are now increasingly familiar with smart card technology, though knowledge of areas such as standards and an understanding of how smart cards can improve business processes is often lacking,” the Datamonitor report concluded. “Enterprises continue to need advice and guidance on managing smart cards through their life-cycle, including knowledge of how to make post-issuance cost effective.”
About the Author
Jay Paterson is an identity and access product manager with Siemens Communications, Inc.
<< Previous Page
|
