Why charging extra for basic security features like SSO is a bad practice

In today’s digital landscape, security isn’t just a feature, it’s a necessity. Yet, some major companies continue to place essential security features like Single Sign-On (SSO) behind higher-tier pricing plans. This practice not only undermines user safety by exploiting organisations need for basic security measures but also creates unnecessary barriers to efficient workflow, potentially leaving them more vulnerable to hackers and breaches.

Some of the main culprits: Companies that charge extra for SSO

Several well-known companies have adopted this model, and here are just a few that I have seen in the last few months:

  • Adobe: Restricts SSO features to their Enterprise plans, which are often out of reach for small to medium-sized businesses.
  • Atlassian: Only offers SSO integration if you purchase their Atlassian Access service, leaving users of Jira, Confluence etc without this level of security, unless they pay for another service.
  • DocuSign: Offers SSO only in their Advanced Solutions plans, limiting access for users on standard subscriptions.
  • GitHub: Provides SSO capabilities exclusively for Enterprise Cloud and Server plans, leaving out those on Team or Free plans.
  • Lansweeper: Reserves SSO functionality for their higher-priced plans, forcing users to upgrade solely for better security.
  • Monday.com: Includes SSO only in their Pro and Enterprise plans, making it unavailable for Basic or Standard users.
  • Postman: Only offers SSO capabilities to users on their enterprise plans, leaving smaller teams without this essential security feature.
  • TeamViewer: Provides advanced security features like SSO only in their Tensor plan, which is designed for large enterprises.
  • Zapier: Restricts SSO to their Company plan, excluding users on Professional or Team plans.
  • Zoom: Offers SSO integration starting from their Business plan, not available in the Free or Pro tiers.

These companies are not the only ones, there are many others follow a similar pricing strategy, effectively monetising basic security needs.

The importance of SSO

Single Sign-On simplifies the authentication process by allowing users to access multiple applications with a single set of credentials. This not only enhances user experience but also significantly improves security:

  • Reduced password fatigue: Users manage fewer passwords, decreasing the likelihood of weak or reused passwords.
  • Centralised access control: Administrators can easily manage user access across multiple platforms, simplifying on-boarding and off-boarding processes.
  • Improved compliance: SSO aids in meeting regulatory requirements by providing better control over user authentication and access.

The hidden costs

Charging extra for SSO can have several negative consequences:

  • Security Risks: Smaller organisations may forgo essential security features due to cost, increasing the risk of data breaches.
  • Inefficiency: Without SSO, companies spend more time on password resets and access management, diverting resources from core activities.
  • Inequality: This practice widens the security gap between large enterprises and smaller organisations or individual users.

Security should be standard, not a luxury

By placing basic security features behind a paywall, companies send the message that security is a premium commodity rather than a fundamental responsibility. This approach can erode trust and may prompt users to seek alternatives that prioritise security without additional costs.

A call for change

It’s time for companies to rethink their pricing strategies regarding security features. Making SSO and similar functionalities accessible to all users not only promotes better security practices but also enhances the company’s reputation as a responsible and customer-centric organisation.

Conclusion

Security is a shared responsibility. Companies should lead by example by integrating essential security features like SSO into their standard offerings. Charging extra for these features is not just bad practice, it’s a disservice to the very people they aim to serve.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.