Speakers
Synopsis
This presentation will examine the genesis, evolution, and persistence of the much-maligned, yet seemingly universal "SSO Tax".
If you've ever had to compare the features of different tiered pricing plans from cloud services or online platforms, one thing you're bound to have noticed is that Single Sign On, or "SSO", is only available on the most expensive tier.
Often this tier is clearly labelled as the "Enterprise" plan, and can only be accessed by contacting their sales team, rather than going through the much simpler online sign up process of cheaper plans. The message from the vendors is clear - SSO is an Enterprise-only features, small and medium businesses need not apply.
In SMB land, we talk about this as the "SSO tax", often followed by a roll of the eyes. Vendors gatekeeping security features for larger, more profitable customers is nothing new, but the generational shift to cloud-centric IT service delivery has changed the landscape when it comes to securing IT systems.
For SMBs now dependent on a myriad of cloud-based platforms and applications, features previously of little interest or value, such as SSO, audit logs, and third party integrations are suddenly central to their cybersecurity posture. Business owners and IT service providers alike are expressing growing frustration at being locked out of what they see as fundamental security capabilities.
In this presentation, I will delve into how the SSO tax came about, the justifications put forth by vendors for it's continued existence, and explore the impacts to modern cybersecurity for both SMBs, and the economy as a whole. Finally, I will propose some alternative approaches to make SSO and other fundamental security features more accessible to all businesses, regardless of size.