The tool highlights an ongoing change in the market. Despite the terror of Sept. 11 and cries of imminent cyberattack, companies aren't interested in security for its sake alone; they want to be able to cut their bottom line as well.
"Every customer that we are talking to says, 'We want to save money; we want fewer suppliers; and we want someone to put themselves on the line and do it for us,'" said Steve Lesem, vice president of the security business unit for corporate application maker BMC Software, one of two companies that partnered with PricewaterhouseCoopers for the Tuesday event.
With clients more watchful of their purse strings, security-software makers are arming themselves with return-on-investment calculators and trying to emulate the success of the early explorers of the "virtual private network" sector. In that market, corporations save money by buying technology to split a single Internet connection into many secure channels rather than paying hefty fees to telecommunications providers for dedicated lines. The result is not just more secured connections, but cheaper ones as well. The focus has paid off for VPN sellers: The companies should rake in $46 billion in 2006, according to market watcher Infonetics Research.
Now other security sectors are borrowing the "savings over security" mantra.
"There is real money being saved by these solutions," Lesem said. And for BMC Software--a player in the up-and-coming, and somewhat obscure, market of identity management--and single sign-on Web service partner Oblix, the calculator and other such methods are important ways to help potential customers quantify the benefits.
Identity-management software attempts to provide a single system for managing all the accounts on every server and service on a network. When new people need to be registered, a single administrator can easily set them up with the proper access to databases, Web servers and other network resources.
Problems involving user accounts are widespread, said Chris Pick, vice president of product strategy for security software maker PentaSafe Security Technologies. As a security consultant for a Big 4 consulting firm, Pick would regularly find valid accounts belonging to old users who had been laid off or had left the company.
"About 70 percent of the people on the separated user list still had active accounts," Pick said. "Worse, about 10 percent of those accounts had been accessed within the last 30 days."
While companies tend to activate user accounts quickly out of necessity, deactivating the accounts tends to take far longer, sometimes not until a company has reorganized, said a report by analyst firm the Meta Group.
"Our data suggests that a company has to delete the average user from 30 different accounts," said Chris King, program director for Meta. King believes that less than 25 percent of all people who leave a company have all their accounts deleted by the technical staff.
Catching such slipups is key to corporate security, but lowering the cost of supporting employees and improving service have gained in importance.
"Essentially, what we are saying here is that the first justification is security, the second is cost, and the third is increased level of service," King said. "But those get shifted around a lot."
The Meta Group survey found that more than 5 percent of all information-technology spending at companies can be cut by using an identity-management system. In a large company, that could easily mean savings of hundreds of thousands of dollars every year.
However, such savings aren't guaranteed, King warned.
"The thing is, the cost benefits assume a successful project," King said. "But these things are hard to pull off. Some organizations are not going to be able to make the shift in mindset needed to be successful."
"It's not as simple as a VPN, where you are going to plunk down a box," King added. "But from a customer's perspective, if you think you can pull this off, you would be foolish not to."