8 Ways to Select the Right Solution
Selecting a solid, affordable solution for addressing single sign-on and password reset issues in higher education isn't easy. As with any security solution, it requires ample research to make sure the solution fits.
Here are eight general issues to consider:
1. Solutions based on industry standards and protocols are nearly always more desirable, since they are more easily extensible and can help prevent vendor lock-in. For single sign-on, look for a solution that can work with security standards such as SAML, Shibboleth, CAS and OAuth.
2. Look for a mature product, with functionality that meets current needs yet offers advanced functions and features you can grow into. Future-proofing yourself will save money in the long term. On the other hand, don't get caught up in considering too many opinions and trying to peer too far into the future – that can lead to inaction and excessive scope-creep. Set reasonable parameters for what you need and stick with them.
3. No matter who you choose to work with, adopt a methodical approach to the evaluation process. First, group users by their different needs and use patterns – perhaps faculty, staff, alumni and students, with further divisions for students such as new, existing, graduate, and so forth.
4. It's important to determine how each group's needs will differ. Map out usage scenarios for each – this will help you understand how a solution can integrate with your environment.
5. Work with your IT staff and with potential vendors to understand how users and hackers can misuse or subvert the system. It is a truism on college campuses that not everyone follows the rules.
6. Finally, weigh how difficult the solution will be to deploy and implement. Consider whether you'll need additional staff or consulting expertise. Be sure to ask potential vendors what sort of support they offer during installation – and avoid excessive complexity. Implementing any security solution is not trivial. Look for a vendor who will partner with you to fully understand your requirements before recommending anything.
7. To be seriously considered, any reputable solution should include ample logging and auditing, clearly showing user activity at any point in time, along with return on investment over time, break-even points, and even reporting based around risk.
8. Finally, any solution should be independently tested and certified on a regular basis.