What Does MFA Cost to Implement and Maintain?
Hint: MFA is always worth the cost to implement. MFA is the simplest, most effective way to make sure users are who they say they are. Your organization's security is not what it needs to be without it. Need us to help your team implement MFA? Get a Quote or Schedule a Call.
Watch our recorded webinar to learn even more about MFA, how hackers are bypassing it and implementing better MFA for your business for less than you think.
Several components combine to determine the cost of MFA and it's implementation
-
Does the service charge for it?
-
Basic vs advanced MFA
-
MFA setup costs
-
Training and maintenance costs
-
Additional Background on MFA Options
Does the service charge for MFA?
-
Almost every service offers some form of MFA for free. Basic multi-factor authentication features are available to Microsoft 365 and Azure Active Directory (Azure AD) users and global administrators for no extra cost.
-
Microsoft offers licenses with more advanced capabilities such as Azure Multi-Factor Authentication. It provides additional configuration options via the Azure portal, advanced reporting, and support for a range of on-premises and cloud applications.
-
A number of Microsoft licenses include Conditional Access capabilities. A conditional access policy allows you to use other factors when determining whether or not to prompt with MFA for example an MFA prompt may be forced when working from home or out of the office but not when working inside of the office. Conditional access policies also allow you to use a domain-joined PC as a factor (since the device itself is authenticated with Azure Active Directory).
-
Some businesses use an identity provider like Otka or a third-party MFA application like Cisco DUO. These licenses can cost in the $3 to $10 per month per person range. These products typically pay for themselves by lowering support costs. You can imagine the nightmare that would be helping 100 different people each with their own Google account attempt to recover a lost Google authenticator install. With centralized management, IT can reset MFA on devices in seconds rather than hours.
Examples of basic vs advanced MFA
- Hardware tokens like a yubikey
- SMS messages
- Google Authenticator
- Microsoft Authenticator
Advanced forms of MFA offer either greater security or greater convenience. It's common for high-profile users such as CEOs, CFOs, etc to have advanced forms of MFA. These licenses typically add $10 -$15 per month per user account.
For example, a conditional access policy may allow you to bypass MFA if you are working on a corporate-owned device that is connecting from inside a corporate network.
An Azure Active Directory P2 license uses machine learning to allow or deny access based on the risk of the sign-on. If an account typically signs on at 8 AM from Columbus OH and one-day logs on at 1 AM from California more MFA prompts are warranted.
MFA setup costs
Basic MFA implementation projects can cost as little as a few hundred dollars to several thousand. Cloud-only applications such as Office 365 are easy to protect with MFA. Most advanced licenses or configuring for executive convenience add slightly to the cost. Older applications running on servers at the office are more time-consuming to configure if they support MFA at all.
Some companies can send out a series of emails and reach 95% of employees self registering for MFA. Some companies require 30-60 minutes per person to walk people through configuration.
Training and maintenance costs
-
Training and support costs after the initial setup are minimal.
MFA products and information
Here's a reading list of some of the more popular MFA concepts and products. Otka and Azure AD SSO are more than just MFA but are included here as the next leap forward from MFA.