8 Questions to Answer Before You Buy SSO Software

8 Questions to Answer Before You Buy SSO Software

Sitting through a software demo can be exciting or a complete waste of time. What makes the difference? The quality of the software and the enthusiasm of the presenter make an impact. Even more important is you — the potential customer. Do you have an idea of how single sign on software can help you? Before you agree to sit through another SSO software demo or accept a free trial, take some time to prepare yourself by using the following questions.

Questions to Discuss With Your Team Before Attending an SSO Software Demo

Once a quarter, take the time to reassess your technology and security. To inform your discussions, start with the following suggestions. We recommend going through every question. That said, small companies may not have any meaningful technology input from their auditors (question 5 below) so you may need to omit that question from your preparations.

  1. What were our cybersecurity results last year?

Specific points to cover include losses, number of incidents, extra costs incurred (e.g., buying fraud protection for customers, hiring consultants, etc.) and cybersecurity projects. Likewise, recognize your cybersecurity team’s professional development accomplishments like earning ISACA certifications. It is easy to focus on failure and breaches in cybersecurity, so remember to recognize the security team’s success.

  1. What cybersecurity goals are we pursuing this year?

Your cybersecurity goals may be owned by a security department or part of a broader IT division. The following cybersecurity goals may be supported by implementing an SSO software solution.

  • Productivity and efficiency goals. Your leadership may tell you to do more with less. In that case, efficiency improving software is well worth looking for.
  • Support for expansion. If your company is adding new staff, opening new locations, and using new apps, cybersecurity needs to keep up.
  • Employee experience goals. Die-hard security professionals might not like to admit it, but there is such a thing as too much security. If security measures become too extreme, staff will start to evade the measures to get work done. To address this situation, you may have an employee experience goal — to make cybersecurity protection less onerous and stay out of the way of your employees.
  1. What are the most critical cybersecurity risks to the organization?

Once you have reflected on your goals and successes, it is time to look beyond your organization’s walls. Brainstorm the security threats and challenges that may impact your organization in the coming year. Top risks include outsourcing/third party suppliers, patch management, and fraud. With fraud, remember that many loss events are in fact internal fraud — employees misbehaving one way or another.

  1. How many systems and applications do our employees use on a regular basis?

If you do not know what applications you have in your organization, your security process cannot function well. There are two ways to approach this question. If you do not have an inventory, start by creating a list of all the systems at your company with a focus on those with access to sensitive data (e.g. customer data). Second, if you already have an inventory, ask whether it is properly maintained and updated on a regular basis.

Tip: Remember to explore “shadow IT” — technology assets that connect to company systems without the knowledge or approval of the IT department.

  1. Have we received findings about our IT systems from internal or external auditors?

Auditor findings relating to IT controls and related topics are a significant issue for some companies. You might be tempted to ignore “observations” or “minor failures.” Our advice? Take those findings seriously and act on them. Many auditors will revisit their findings when they come back to your department. If they see an issue continuing to be a problem — such as poor password management — you may have a significant audit issue on your hands.

  1. What technology projects does the organization have planned this year?

Outside of cybersecurity specific projects, take the time to consult with managers in other groups. You may learn that another department is planning to use APIs in a new way. Alternatively, you may discover that your company’s mobile apps are going to be rebuilt from the ground up.

  1. Who will lead the implementation of SSO software?

By this stage, you may have found a few points that show a need for SSO software. In that case, look for someone in your organization to lead the effort. The ideal person would have project management experience and an understanding of technology projects. Without a specific person to coordinate the implementation process, the effort may take much longer than necessary.

Tip: Not sure how to make the final call on who leads the project? Consider appointing an experienced person as a project lead and a junior professional to provide project support. This approach has the added benefit of giving a growth opportunity to your new hires.

  1. Who is on the SSO software selection team?

Buying security software is an important choice. That’s why we recommend involving several stakeholders in the process. Ask procurement about company buying procedures. Ask internal audit about risks. Ask your users how you can make their lives easier. For the best results, your software selection team should include a mix of technical and business people. This mixed group will ensure you ask a variety of questions to vendors.

Take the Next Step In Improving Your Cybersecurity: Attend an SSO Software Demo

Great! You have now completed the fundamental preparation needed to make the most of SSO software vendor demos.

In our experience, there are two ways forward at this point. If your organization has strict purchasing rules, it makes sense to engage the procurement department and write key selection criteria. If you have a flexible organization, create a short list of SSO software solutions and start the research process. In either case, make sure you make progress. Every week, hackers and fraudsters find new ways to attack organizations. If you do not invest in your defenses, your organization will suffer.

Written by Nelson Cicchitto