- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Page 7 of 9
The cost for a 100-token configuration is $1,950 per year, the lowest cost product reviewed. This includes all the software and support. And the per-token cost could be lower still at higher quantities. We applaud their simple pricing model. Given the price and extensive feature set, IdP should be on anyone's short list.
Symantec has been in the two-factor authentication space for quite some time and it shows by the number of different ways that you can deploy and integrate their service. VIP has a wide selection of tokens, including desktop and smartphone apps for the majority of phones, using both the SMS service and voice calls, and various hardware tokens. VIP has more than 30 integration methods for common apps, such as Sharepoint, Cisco, Juniper and SonicWall VPNs, and others.
VIP is cloud-based with various software agents, which is both convenient and frustrating, as there is a lot of software to download, install and configure. You sign on to the cloud-based service and start reading multiple manuals for each component. The first stop is the VIP Enterprise Gateway, which acts as a bridge between the cloud service and your on-premises network and AD user store. It requires the 64-bit version of Windows Server 2008 R2, and you'll also need Active Directory Federation Services v2, Visual C++ 2010 SP1, and IIS v7 to make the connection between VIP and AD. While that may seem like a lot of underlying software, you probably have most of it already in-house. Once this is working, you can synchronize your users in AD with the VIP service.
VIP has two weaknesses: First is its reports, which are fewer than its competitors and not very customizable, although they can be exported. Second is the lack of policies for granular or group access: each user has to be set up with particular token credentials.
Three years of VIP service for 100 users is $9,500. Additional years are $1,500 per year, and volume discounts are available. These prices include an initial setup fee and some support and they are just for soft tokens: hardware tokens are extra. One downside is that Symantec charges 7 cents apiece for SMS messages and 25 cents for voice calls.
Even though it is more of a tool kit than a product, we wanted to include TextPower in this review because of a very innovative method of handling the second factor authentication. Most phone-based systems call your phone and you acknowledge by copying the information into your browser.
But TextPower does this in reverse: It displays a one-time password code on the browser and asks that you text the code back to their servers from your phone. This serves two functions: first, you completely avoid any man-in-the-middle attacks because there is literally nothing in between you and the login server. Second, their system captures the originating phone number. If somehow a hacker had gotten your phone and if they attempt an intrusion, TextPower records the text message that is received. They then analyze the text to make sure it is coming from the phone associated with a particular user ID before access is granted.