A Total Cost of Ownership Analysis of Wave Virtual Smart Card 2.0 Executive Summary Existing authentication schemes such as passwords, tokens, and smart cards have failed to prevent the unabated rise in data breaches. Adoption of complex authentication products has led to fragmented deployment and very high cost of ownership. In response to these on-going industry challenges, Wave Systems introduced Wave Virtual Smart Card 2.0, which empowers enterprise IT to deploy a standards-based, strong, twofactor user authentication solution. By using Wave Virtual Smart Card 2.0, enterprises can for the first time adopt a standardsbased, strong authentication solution that is not only easy to use and deploy but also offers a low total cost of ownership (TCO) 50% or more lower than comparable two-factor authentication solutions. This piece provides CISOs, CIOs and IT decision makers with an overview of the economic advantage of Wave Systems new strong authentication solution, Wave Virtual Smart Card 2.0, enabling them to make an informed investment.
Introduction Enterprises seeking to upgrade or replace their authentication solutions have an array of options, with numerous vendors offering more than 100 authentication products. Despite the large number of products available, organizations often struggle to find solutions that simultaneously meet their needs for security, ease of management and cost effectiveness. Many of the available authentication products provide single-factor authentication (password-only) and are easy to hack into or break. Other products that address security concerns by offering two-factor authentication tend to be hard to use, and expensive to acquire, deploy and manage. Some two-factor authentication products are not enterpriseready, and require additional customization and integration, leading to expensive deployment and maintenance. Knowing the TCO provides IT buyers a comprehensive view of the direct and indirect costs involved in acquiring and deploying a product or a service. For complex purchase decisions, the TCO analysis gives a full financial picture. This solution brief provides a TCO comparison of Wave Systems new strong authentication solution, Wave Virtual Smart Card 2.0, with a generic USB token solution. Wave s Value Proposition Wave Virtual Smart Card 2.0 empowers enterprise IT to deploy a user authentication solution without compromising on cost, security or usability: Wave s solution provides standards-based, strong, two-factor authentication with complete enterprise management, while using pre-deployed hardware to minimize costs. Unlike other authentication products, Wave Virtual Smart Card 2.0 is easy to use, easy to manage and offers low TCO. Page 2
Strong Authentication Password authentication, although commonly used, is easy to break and does not offer the strong authentication required to protect enterprise resources. Wave Virtual Smart Card 2.0 is two-factor authentication: a combination of something you have (the Trusted Platform Module embedded in your PC or tablet see below) and something you know (a unique PIN) offering the strong authentication needed to prevent unauthorized users from accessing enterprise resources. Standards-Based Unlike existing authentication products, Wave VSC uses a proven industry security standard, the Trusted Platform Module (TPM). TPMs are hardware security modules embedded into a computer s motherboard or firmware. Developed by the Trusted Computing Group, an industry consortium consisting of Microsoft, Intel, Cisco, Seagate, Wave and others, TPMs are built into most business-class PCs and tablets shipping today. Supports Windows 7, 8 and 8.1 Wave Virtual Smart Card 2.0 is available on Windows 7, 8 and 8.1. Enterprises can support the operating system they have deployed now, while ensuring smooth transition as they upgrade. Easy to Manage Wave Virtual Smart Card 2.0 leverages tools and systems that are friendly to enterprise IT. By using an intuitive, point-and-click interface or command line, IT can manage virtual smart cards throughout their lifecycle, and scale to manage hundreds of thousands of endpoints. Enables a Wide Range of Applications Wave Virtual Smart Card 2.0 provides user authentication for a wide range of popular enterprise applications, such as: Virtual Private Network (VPN), logon, remote logon, and Intranet/Extranet and Cloud applications. IT can adapt existing enterprise applications to use the Wave virtual smart card solution in minutes. Page 3
TCO Model There are two primary cost categories in the TCO model: One-time (software and hardware) costs, and operational costs. Other categories such as procurement, policy, server installation and training costs may be included in a TCO model, but are similar for the authentication solutions discussed and are therefore not included in this analysis. One-time Costs The one-time cost category includes costs incurred when buying the authentication token (if applicable), management hardware, and management software license required for strong authentication. Item Token Management server hardware Management server software Provisioning cost/token Shipping/token Explanation Cost of the authentication device Appliance or Server Software to provision the token or VSC User provisioning cost per token/vsc Cost to ship token/vsc to user Operational Costs This category includes server support, software support, PIN reset and other costs over a specific duration, which in this model is 3 years. Item Token maintenance Management server hardware and software support PIN reset support Lost/Damaged token support Lost/Damaged token replacement and shipping Explanation Token maintenance cost Recurring cost Support cost to reset PIN Support cost to handle lost/damaged token Cost to replace lost token As the installation cost for Wave Virtual Smart Card 2.0 and the USB authentication tokens are comparable, it has not been considered in this analysis. Page 4
TCO Comparison The TCO comparison shown in Figure 1 considers three deployment sizes, viz.: 1,000 users 10,000 users 50,000 users These numbers are typical of a mid-size organization and a large enterprise with two phased rollouts. FIGURE 1 : WAVE TCO ADVANTAGE FOR 3 DEPLOYMENTS The one-time costs and operational costs for the USB token are based on the publicly published price list of a USB token vendor. For details on Wave costs, please contact sales@wave.com. A three-year period was used for the operational cost calculation - which is typical for large enterprise deployments. Page 5
Figure 2 compares the one-time and operational costs for an authentication project involving 1,000 users over a 3-year period. FIGURE 2 : TCO COST CATEGORY COMPARISON Wave Virtual Smart Card 2.0 has a much lower TCO due to lower operational costs and shipping costs. With Wave Virtual Smart Card, there is no physical token to lose or misplace. Helpdesk costs to replace lost tokens and the cost of replacement tokens are not applicable to Wave Virtual Smart Card. In both the examples, the analysis considers new deployments. However, Wave VSC provides the same low TCO even for selective replacement and phased rollouts. Page 6
Summary As shown in Figures 1 and 2, Wave Virtual Smart Card 2.0 has significantly lower TCO 50% or more than existing USB two-factor authentication solutions. The Wave VSC solution has superior TCO across all deployment sizes considered here. For details on how your organization can benefit from lower TCO and the strong security posture of Wave Virtual Smart Card 2.0, please contact us at sales@wave.com. About Wave Wave Systems Corp. (NASDAQ: WAVX) reduces the complexity, cost and uncertainty of data protection by starting with the device. Wave leverages the hardware security capabilities built directly into endpoint computing platforms themselves. Wave has been among the foremost experts on this growing trend, leading the way with first-to-market solutions and helping shape standards through its work as a board member of the Trusted Computing Group. 03-000390/ version 1.00 Release Date: 07-22-2014 Copyright 2014 Wave Systems Corp. All rights reserved. Wave logo is trademark of Wave Systems Corp. All other brands are the property of their respective owners. Distributed by Wave Systems Corp. Specifications are subject to change without notice. Wave Systems Corp. 480 Pleasant Street, Lee, MA 01238 (877) 228-WAVE fax (413) 243-0045 www.wave.com Page 7