‘YubiKeys-as-a-Service’ delivered 203% ROI: new Forrester Consulting research and BeyondTrust case study

For organizations around the world, cybersecurity often boils down to a few important areas: high reliability, ease-of-use and cost. Forrester Consulting, in a Yubico- commissioned Total Economic Impact™ (TEI) study, examined these areas regarding the adoption and use of YubiKeys, including the potential return on investment (ROI) enterprises may realize by deploying YubiKeys. One of the study’s findings was that Yubico’s hardware security key subscription and delivery services contributed significantly to the ROI organizations can reap from their MFA investments. 

The Forrester analysis showed that a composite organization representative of interviewed customers, a 5,000-person organization leveraging Yubico’s YubiEnterprise Services, with YubiEnterprise Subscription paired with YubiEnterprise Delivery, achieved a 203% ROI over three years

The YubiEnterprise Subscription “Security Key-as-a-Service” model offers organizations a flexible purchasing model  to obtain YubiKey hardware authentication, providing flexibility, simplified procurement and peace of mind. YubiEnterprise Delivery, which is a turnkey program to manage the process of distributing hardware-based security keys directly to employees’ remote workplaces or physical offices, provides IT teams with powerful capabilities to manage the delivery of YubiKeys to users globally and accelerates the adoption of strong authentication.

Additionally, the study examined the impact of a smooth roll-out on ROI: “The subscription model provides budget predictability and control, shifting from capital expenditure-based (capex) to operating expenditure-based (opex) to lighten the blow  to initial budgets and adding agility for evolving business needs… The [key-a-service] subscription model also includes [hardware security] key replacements, which could simplify processes during employee turnover with just-in-time inventory and management.” 

In the Forrester study, an interviewed product owner of authentication in the manufacturing industry stated: “…We used to literally have [an employee] stuff an envelope full of [our previous solution], stick [an address label on an] envelope, and [bring it] down to our internal post office.” These new enterprise-ready authentication services have simplified matters for enterprises looking to enhance their security posture with speed, while staying focused on their core business.

The realized benefit and ROI of YubiKeys in action with BeyondTrust

BeyondTrust, a leader in Privileged Access Management (PAM) which works closely with Yubico, wanted to maximize ROI of its security products in a strategic plan. But leadership also wanted to future-proof the company’s aggressive growth plan, which predicted months of rapid onboarding for new employees. 

The company needed flexibility as well as an extra stock of hardware-based keys to support lost or misplaced devices, and Yubico’s YubiEnterprise Services – YubiEnterprise Subscription paired with YubiEnterprise Delivery – helped BeyondTrust effectively meet these goals.

Morey Haber, the chief security officer of BeyondTrust and also a well-known security blogger, speaker and author, said of YubiEnterprise Services: “It’s huge that we do not have to worry about inventory, shipping, tracking or delivery.” 

Subscription-based security key delivery services are in high demand after the move to remote work, which has now become a permanent feature of the workplace landscape. 

Companies that sign up for subscription-based YubiKeys-as-a-services want five essential benefits: 

  1. Flexibility to purchase keys as the business/user base evolves, rather than buying in bulk and having hundreds or thousands of keys sit in storage for long periods of time. 
  2. Cost savings by achieving lower spend per user per month.
  3. Ready access to the latest keys and additional entitlements that account for business churn. 
  4. Simplified access to turnkey delivery programs and support to reduce the burden to their helpdesk. Talented security employees, always hard to come by in tight job markets, are best used on perfecting your defenses rather than working on the help desk for employee activation questions.
  5. Savings in remote worker management (and productivity) by delivering ready-to-activate keys directly to users, wherever they are around the globe. 

BeyondTrust first rolled out the YubiKey 5 Series, including the 5C Nano, multi-protocol security keys as a pilot protecting the highest risk categories: sensitive assets and privileged accounts.

After Haber’s team measured, monitored and tested the effectiveness of the keys, a phased rollout began with the executive team, and ended with a full rollout to the remaining 1,500 BeyondTrust employees (most are remote or hybrid and previously using mobile devices) across multiple countries. The subscription and delivery services are helping BeyondTrust reach its ultimate security goal, which is to replace all legacy MFA technology that relies on passwords and push notifications with modern, secure passwordless login flows. Hardware authentication to the device is purposefully kept separate from authentication to applications or resources, a security control used to separate user identity from privileged account identity.

“The YubiKey complements our Zero Trust architecture,” said Haber. “(During rollout) it became a very strong case for the right way to do things to protect the organization.”


Estimate your potential cost savings through Yubico’s hardware authentication as a subscription service with the YubiEnterprise Subscription cost calculator here, and opt for greater flexibility with subscription compared to a one-time perpetual purchasing model.

Read the full Forrester TEI study here, and check out the BeyondTrust case study here.

Share this article: