Should you trust an SSO start-up?
That’s true for all products—but especially for single sign-on (SSO).
After all, your SSO service provider will have possession of every password in your company. You’re entrusting your entire business to the strength of their security team. Their engineering prowess. Their ability to maintain cash flow. Their likelihood to stay ahead of an entire globe’s worth of hackers, natural disasters and business maneuvers.
That’s a lot to ask of a start-up.
So what are the risks of an SSO johnny-come-lately?
1. They can’t keep the product running
This one happens a lot, and it comes out of nowhere: one day you wake up to a form letter informing you that your mission-critical product is being unglamorously retired. No more product updates. No more tech support. No more bug fixes or security patches.
This usually happens when a company gets acquired or when the cash runs out. In the fast-moving world of internet services, this is a common occurrence. And while the decision probably makes sense for the investors, it leaves you high and dry.
2. They can’t stay secure and up-to-date
In this day and age, it’s easy to build software. It’s much harder to keep that software secure against the thousands of bugs and exploits that are being uncovered every day. Your vendor has to keep pace with the market’s demand for features even as they protect against a world of bad guys who are trying to bust down the door. If your SSO provider lacks the resources, they may fall behind in one aspect or the other—either of which can really hurt your business.
3. They can’t provide 24/7 support
This is a shortcoming of small providers: they just don’t have the personnel or the money to maintain a full-time support center. So if you get stuck by a bug outside of “normal business hours”, you’re on your own. Their business may shut down for the evening, but what are you supposed to do?
4. They lack a professional services ecosystem
Your SSO tool should be simple to deploy. But to get the most out of it, you may want to customize it or leverage its API. The more established companies have a network of partners who can offer professional services to help you reach your goals. A smaller or newer provider probably doesn’t have this. Their solution may be generating headlines, but what good is it if there’s nobody to make their vision match your reailty?
Venture capital-backed SSO providers are especially questionable
In industry parlance, SSO is “sexy” right now. And many venture capital-backed start-ups have cropped up in the SSO space. Like all VC companies, their goals are to grow fast and get out before the problems appear. Is that the best business model for your most critical data?
Look for a proven track record
Here’s the problem you’re going to have: everyone will assure you their company is different. This includes Intermedia.
So you need to do three things: talk to reference customers, ask hard questions, and do your research. Look into the vendor’s legacy, its funding, its track record, its customer base, its partner base, and its finances. Make sure that they’re here for the long run. Here’s the rule of thumb: would you invest money in them? If not, then you certainly shouldn’t invest your business’s most critical data.
For reference: Intermedia’s track record
If you’re considering Intermedia AppID for SSO, here’s what you need to know about Intermedia: we’ve been in business since 1995. We have 1,000,000 users, 60,000 customers and 5,000 active partners.We have over 600 employees in three countries who manage 10 datacenters to power our Office in the Cloud. We provide 24/7 phone and chat support. And, most importantly—and most unusual for a cloud company—we’re significantly profitable. Which means we’re in it for the long haul.