Invensys on Track with Soft Token Remote Access

Invensys is a FTSE100 engineering conglomerate made up principally of three companies: Invensys Rail, Invensys Controls and Invensys Operations Management. Historically each of these businesses ran independently and, within them, there were additional separate companies. Today that has changed with the introduction of a global infrastructure services division, across all of the Invensys businesses, with everything managed from a universal perspective.

Remote access is one aspect that it is looking at, as a lay function, with the

ideal that everyone will one day utilise a single solution and architecture.

Derailed by Physical Tokens

Three years ago Invensys’ rail division, while it was operating independently,

relied on a physical token based system to remotely authenticate its workforce.

Even as an outsourced service, it was time consuming and expensive to

operate, with the recurring issue of users not always having the physical token

with them when remotely connecting. The decision was taken to replace the

incumbent system. The key criteria were to reduce the cost of physical tokens

and condense the amount of time it took to deliver them to the users.

Fast Track To Remote Authentication

Having experienced the pain of physical tokens, Invensys Rail wanted a

completely different approach while remaining secure. Having evaluated the

alternatives available, it chose SecurAccess – the remote access solution, from SecurEnvoy. This allows Invensys to provide its remote staff with industry standard two factor

authentication without the pain and cost of deploying legacy hardware tokens.

Each user’s phone, capable of receiving SMS texts – which today is virtually

all mobile phones, is instantly turned into their authentication token – creating

tokenless® two factor authentication.

This removes the cumbersome onus of deploying and managing physical

tokens. David van Rooyen, principal solutions architect responsible globally

for all Invensys’ telecommunications based infrastructure strategy – including

its remote access strategy, explains, “SecurAccess ticked all the right boxes

– it was inexpensive, simple and secure.” In addition to the experience gained

when SecurAccess was first deployed at Invensys Rail, a further 100 users

were piloted as part of this new migration stage. Using the feedback from this

pilot, Invensys has been able to effortlessly and successfully extend the service

to 150 users at Invensys Controls, another 550 users at Invensys Operations

Management, with further roll-outs planned in the near future.

David adds, “By rolling out SecurAccess in phases, it has helped us develop

greater understanding of the process, how our users react to the change in

working practice and, as importantly, identify sticking points that keep recurring.

In our experience it’s been more about user education and communication as

apposed to the challenge of actually migrating users across.”

As software is not required on the users’ phones it eliminates complex testing,

support and training issues. This is particularly relevant as phone interfaces

are constantly changing with each new model. As well as saving Invensys

time managing physical tokens, it is also realising substantial cost savings

too. David confirms, “Provisioning a physical token for one of our users takes

around ten days compared with five minutes provisioning a soft token, so the

man hours are vastly reduced as well as the costs of shipping them out. I’ve

completed a full business analysis and found that $8 per person per month is

what it was costing for a physical token versus $2 per person per month for a

soft token. When you replicate that across 15-20,000 users, the savings are in

the millions.”

Down the Track

In April 2011 the ‘Global Soft Token VPN Solution’ was authorised by Invensys’

IT council to be deployed across all of its business groups and SecureAccess

rolled out across Invensys as part of the single remote access solution,

replacing all of its hardware tokens and moving all remote access across to

tokenless® two-factor authentication. David concludes, “I can’t recommend

SecurEnvoy highly enough for its simplicity, seamless integration, unbelievable

customer service, keen interest in what their potential customers are doing,

future developments and price position. With cost savings in the millions for a

hassle free solution – it’s one less thing to keep me awake at night.”

Category: Industry News

Remote Working

Multi-Factor Authentication



Any user. Any device.

For companies that take authentication seriously.

Learn more about SecurEnvoy MFA
Cyber Security Blog

Hear more from
our security

Sign-up today

What to read next...