Article

Build or Buy: Multi-Factor Authentication Software for IBM i

What's the most cost-effective—and secure—option for your organization?
IBM i
Posted:
April 24, 2017

 

IT budgets are tight and most organizations are looking to reduce costs anywhere they can. At the same time, securing critical data is a top priority for many C-level executives—especially as compliance mandates like PCI add new requirements, like multi-factor authentication (MFA).

PCI DSS now requires multi-factor authentication even when accessing cardholder data from within your organization’s network. IBM i might have been outside the scope of PCI’s MFA requirements in the past, but that’s no longer the case. There are two choices: purchase MFA software that’s designed for IBM i or write your own program to link your existing MFA solution to IBM i.

To balance budget concerns and security needs, IT managers look for creative solutions. If you have a team of skilled IBM i professionals on staff, you might consider handling some of your cybersecurity needs in-house.

After all, is it really worth purchasing a multi-factor authentication product like Access Authenticator when you could simply have your own people develop a custom MFA solution for IBM i (AS/400, iSeries)?

It’s a valid question, but before you assign resources to a major project, investigate all the facts. You might find that building your own IBM i MFA solution isn’t as easy or cost-effective as purchasing software that’s reliable and full-featured.

What’s the Value of Your Team’s Time?

Time is money. It’s an old cliché, but it’s never been truer than in today’s business climate. Most organizations aim to simultaneously reduce costs and increase productivity.

Building your own MFA solution does eliminate the up-front cost of software, but what happens to productivity if your developers are tied up on this project? Building your own IBM i program will won’t be quick or easy, pulling staff away from other critical projects. Can your organization afford those delays?  

Even In-House Solutions Need Maintenance

Once your custom IBM i multi-factor authentication program is complete, staff will still need to maintain the code and make improvements whenever errors occur. Purchasing MFA software, such as Access Authenticator from HelpSystems, gives you access to regular updates and support teams that are ready to assist with troubleshooting.

Meetings PCI’s MFA Requirements

Currently, using MFA for in-network access is a best practice, but not a PCI DSS requirement. That changes on February 1, 2018, when the new requirements are enforceable. Can your team meet this deadline?

On the other hand, implementing a solution like Access Authenticator can easily be accomplished in this timeframe.

Even if your team can build a multi-factor authentication solution, remember that you’ll still need to show auditors that it’s working as intended. Most commercial MFA solutions have built-in auditing and reporting functionality, so that you’re not just meeting PCI’s requirements—you can prove it, too.

Staying Current

Investing in a third-party MFA solution gives you access to future updates. These updates can include new features that make the software easier to use and keep pace with current user needs, like authenticating from a mobile device.

If PCI DSS, HIPAA, or any other compliance mandate changes the requirements for MFA, software updates can respond to those changes, too. With a home-grown solution, your team has no choice but to make the updates themselves.

And security requirements and regulations aren’t the only things that change. Cyberthreats evolve, too. A program that was once very secure could later be vulnerable to all kinds of malicious actors. Does your team have the time and the expertise to stay up to date with the latest security issues?

Adding features to a code base in production will require testing and implementation planning, which drains even more time and money. A home-grown solution isn’t just a one-time expense.

Personnel Changes Affect Your Home-Grown Solution

Retaining the person in charge of developing your MFA program can be difficult and expensive. There’s no guarantee that person will still be with your organization in the next few years. And when they do leave, the rest of the team will be left scrambling to fill the shoes of a key employee.

These concerns aren’t an issue with a commercial product.

In Summary

Developing a home-grown MFA program for IBM i might sound like a cost-effective way to meet PCI’s new requirements. But consider all the long-term costs and problems that are likely to arise, like the need for routine maintenance, new security threats, evolving compliance requirements, and personnel changes.

When all these factors are accounted for, a solution like Access Authenticator is more affordable for most IBM i organizations. Access Authenticator is multi-factor authentication software that’s designed to work with IBM i, from a vendor that has reached an incomparable level of collective knowledge and experience with IBM i security.

Let’s Get Started

If you’re ready to MFA software for IBM i in action, request your live demo of Access Authenticator today.