Step One
In the initial phase, an organisation must ask:
- Why are we considering a 2FA solution?
- What type of technology will suit my organisation?
- What are the risks?
- Do the benefits outweigh the risks?
- Don’t take anything for granted.
- How will we measure results and whether the solution is working as expected?
- How scalable is the service? (What will happen if I we need to expand the number of users?)
- How resilient is the system? (What will happen if there is a major problem and we can’t access the network or systems?)
Step Two
Analyse your business needs in the areas that you are considering to use 2FA
Determine risks
- Conduct a thorough analysis of what the solution is supposed to protect.
- If the likelihood of losing data is marginal, low or perhaps the data has little value, then a 2FA solution might not be necessary.
- Create a data classification standard. This should be part of every company’s security policy (regardless of size or type) and needs to include at least a minimum of three levels of risk: low, medium and high. This method of classifying information will determine which data fits into which category.
Types of Information Classification
- Low Risk. Publicly available information, such as marketing materials and other similar collateral that is readily available is low risk.
- Medium Risk. Any information that is important but loss might not necessarily cause the organisation to fail. Such data includes organisational strategy, tactics and processes, which in the wrong hands could put the company at a competitive disadvantage.
- High Risk. Customer data including personal information such as bank account details. The loss of this type of information could probably lead to identity theft and, as a result, litigation against the company.
What is the purpose of the 2FA system?
- Is it to protect against potential breaches?
- Is it for compliance purposes – are there rules, regulations and legislation in place that your organisation must meet? (e.g. The Data Protection Act)
- Is it for protecting transactions being carried on a web site?
- Is it to be for remote access for your employees that need to access systems remotely?
Step Three
Identify the Right Partners/Providers
- Use Powered by Conjungo’s ‘Find a Supplier’ search facility on the home page
- Look through magazine and online reviews.
- Talk to others who have a similar environment & use 2FA in the same area as you.
- Use forums, networks and personal contacts to obtain recommendations.
Find Out
- Who has the experience of working a company of the right size and profile as yours?
- Are any of those suppliers local to where you are located?
- How many similar installations have they made?
- Ask for references – ensure that the company is capable and reliable
- Talk to a couple of their customers in order to see what benefits have been gained and what pains those customers went through when installing the system.
- Obtain a credit check to ensure that they are financially stable
Step Four
Request a Proposal from three or four of your preferred suppliers
- Set a deadline for when you need the proposal back.
- Give out details in advance as necessary to ensure that the suppliers you have selected can give you the best proposal.
- Go and meet them in person – get a good feel for whether you will be able to work with them.
Step Five
Select a Supplier.
- Who best demonstrates that they understand your business and your requirements?
- Is it cost effective? Have they shown how and where you will save money?
- Does it clearly demonstrate the functional benefits – rather than just listing particular features? Does the proposal clearly show what the benefits are?
- Have you spoken to a couple of your preferred suppliers’ customers?
- Agree on financial terms – is better to purchase outright, rent or lease?
Step Six
Implementation
- Plan how the new system will be implemented
- Educate personnel how to use the solution
- Ensure that your supplier has a support plan in place in order that they can address any issues or problems that users may have.