‘YubiKeys-as-a-Service’ delivered 203% ROI: new Forrester Consulting research and BeyondTrust case study

Abby Guha

Abby Guha

5 minute read

For organizations around the world, cybersecurity often boils down to a few important areas: high reliability, ease-of-use and cost. Forrester Consulting, in a Yubico- commissioned Total Economic Impact™ (TEI) study, examined these areas regarding the adoption and use of YubiKeys, including the potential return on investment (ROI) enterprises may realize by deploying YubiKeys. One of the study’s findings was that Yubico’s hardware security key subscription and delivery services contributed significantly to the ROI organizations can reap from their MFA investments. 

The Forrester analysis showed that a composite organization representative of interviewed customers, a 5,000-person organization leveraging Yubico’s YubiEnterprise Services, with YubiEnterprise Subscription paired with YubiEnterprise Delivery, achieved a 203% ROI over three years

The YubiEnterprise Subscription “Security Key-as-a-Service” model offers organizations a flexible purchasing model  to obtain YubiKey hardware authentication, providing flexibility, simplified procurement and peace of mind. YubiEnterprise Delivery, which is a turnkey program to manage the process of distributing hardware-based security keys directly to employees’ remote workplaces or physical offices, provides IT teams with powerful capabilities to manage the delivery of YubiKeys to users globally and accelerates the adoption of strong authentication.

Additionally, the study examined the impact of a smooth roll-out on ROI: “The subscription model provides budget predictability and control, shifting from capital expenditure-based (capex) to operating expenditure-based (opex) to lighten the blow  to initial budgets and adding agility for evolving business needs… The [key-a-service] subscription model also includes [hardware security] key replacements, which could simplify processes during employee turnover with just-in-time inventory and management.” 

In the Forrester study, an interviewed product owner of authentication in the manufacturing industry stated: “…We used to literally have [an employee] stuff an envelope full of [our previous solution], stick [an address label on an] envelope, and [bring it] down to our internal post office.” These new enterprise-ready authentication services have simplified matters for enterprises looking to enhance their security posture with speed, while staying focused on their core business.

The realized benefit and ROI of YubiKeys in action with BeyondTrust

BeyondTrust, a leader in Privileged Access Management (PAM) which works closely with Yubico, wanted to maximize ROI of its security products in a strategic plan. But leadership also wanted to future-proof the company’s aggressive growth plan, which predicted months of rapid onboarding for new employees. 

The company needed flexibility as well as an extra stock of hardware-based keys to support lost or misplaced devices, and Yubico’s YubiEnterprise Services – YubiEnterprise Subscription paired with YubiEnterprise Delivery – helped BeyondTrust effectively meet these goals.

Morey Haber, the chief security officer of BeyondTrust and also a well-known security blogger, speaker and author, said of YubiEnterprise Services: “It’s huge that we do not have to worry about inventory, shipping, tracking or delivery.” 

Subscription-based security key delivery services are in high demand after the move to remote work, which has now become a permanent feature of the workplace landscape. 

Companies that sign up for subscription-based YubiKeys-as-a-services want five essential benefits: 

  1. Flexibility to purchase keys as the business/user base evolves, rather than buying in bulk and having hundreds or thousands of keys sit in storage for long periods of time. 
  2. Cost savings by achieving lower spend per user per month.
  3. Ready access to the latest keys and additional entitlements that account for business churn. 
  4. Simplified access to turnkey delivery programs and support to reduce the burden to their helpdesk. Talented security employees, always hard to come by in tight job markets, are best used on perfecting your defenses rather than working on the help desk for employee activation questions.
  5. Savings in remote worker management (and productivity) by delivering ready-to-activate keys directly to users, wherever they are around the globe. 

BeyondTrust first rolled out the YubiKey 5 Series, including the 5C Nano, multi-protocol security keys as a pilot protecting the highest risk categories: sensitive assets and privileged accounts.

After Haber’s team measured, monitored and tested the effectiveness of the keys, a phased rollout began with the executive team, and ended with a full rollout to the remaining 1,500 BeyondTrust employees (most are remote or hybrid and previously using mobile devices) across multiple countries. The subscription and delivery services are helping BeyondTrust reach its ultimate security goal, which is to replace all legacy MFA technology that relies on passwords and push notifications with modern, secure passwordless login flows. Hardware authentication to the device is purposefully kept separate from authentication to applications or resources, a security control used to separate user identity from privileged account identity.

“The YubiKey complements our Zero Trust architecture,” said Haber. “(During rollout) it became a very strong case for the right way to do things to protect the organization.”

——

Estimate your potential cost savings through Yubico’s hardware authentication as a subscription service with the YubiEnterprise Subscription cost calculator here, and opt for greater flexibility with subscription compared to a one-time perpetual purchasing model.

Read the full Forrester TEI study here, and check out the BeyondTrust case study here.

, , , ,
Talk to our teamTalk to our team

Share this article:
  • Securing the skies with YubiKeys: Insights on cyber resilience in the aviation industry and beyondIn an increasingly interconnected world, the landscape of cybersecurity is constantly evolving. Bad actors are becoming more sophisticated, leveraging tactics like phishing and ransomware to exploit human error and weak credentials. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises – especially those in high-stakes sectors like commercial […]Read morecyber resilienceEUmanufacturingQ&A
  • Future-proofing authentication: A look at the future of post-quantum cryptographyThe path from passwords to passkeys and beyond In a previous blog I talked about the end of passwords and the rise of passkeys, which promise stronger security and less frustration for both individuals and businesses. The global momentum behind passkeys represents one of the most exciting shifts in authentication history, but realizing their full […]Read more
  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet