UNN embrace secure identification for remote accessSESadmin 15/10/2013 Archive
Provider of press services UNITED NEWS NETWORK uses tokenless two-factor authentication via mobile phones. Originally UNN utilised a token-based authentication method that the call centre team used to log into the internal terminal server. To secure their remote working team and to make it possible for them to identify easier, UNN now makes use of what they already have: mobile phones. Via the implemented SecurAccess tokenless two-factor authentication solution from SecurEnvoy they receive SMS messages containing numeric passcodes, which can be used together with personal login details in order to uniquely identify users.
Founded in 2002, UNN GmbH specialises in providing services relating to corporate communications in German-speaking countries. Its core channels are the press service PresseBox, which focuses on information technology and industry, and LifePR, which caters primarily for lifestyle issues. Both portals can be used by journalists to make targeted searches relating to corporate press releases. In addition to users from the field of media and relevant industry sectors, a total of approximately 800,000 visitors access the websites every month (source: IVW).
Token too expensive?
For internal cooperation, UNN makes use of, among other things, a terminal server catering for call-centre agents who work remotely. In order to ensure that these staff could identify themselves when logging in, the company previously used a token-based solution from RSA. This involved the staff using a dedicated, physical token in order to generate a numeric code, which was then used together with personal details such as a username to log in. Although the company management was reasonably satisfied with this system, it resulted in significant costs over time. This was partly due to the costly purchase of tokens as well as the cost of associated maintenance and administrative tasks.
To reduce costs, the company scoured the market for two-factor authentication solutions in order to identify a suitable alternative. These systems work by providing two layers of security – as the name suggests, multiple factors are queried during the identification process. These can include:
• Something known only to the user (e.g. PIN);
• A tangible item that the user alone possesses (e.g. a token in the form of a USB stick or a mobile phone);
• Something that is intrinsically connected to the user (e.g. iris of the eye).
Use what’s already there: Flow7 implements SecurAccess
When reviewing the various two-factor authentication solutions on the market, SecurAccess from the developer SecurEnvoy soon aroused particular interest, as it provides one major advantage in particular: it uses a tokenless approach. Rather than requiring the use of an additional, dedicated appliance to provide the second authentication component, this software makes use of already existing terminal devices such as mobile phones, smartphones, tablets, laptops and netbooks. This makes it possible to avoid incurring costs related to the procurement and management of tokens.
Flow7 GmbH, a provider of IT services with a particular focus on Microsoft environments, therefore installed SecurAccess at UNN GmbH. The switch was prepared in parallel with the phase-out of the RSA system and the migration took place on a pre-selected date. The technical migration only took about eight hours. SecurAccess is used in conjunction with a Windows login agent, i.e. employees log in to the terminal server desktop using two-factor authentication. For this purpose, they need personal access details as well as the six-digit passcode that they receive on their mobile phones via SMS. This allows remotely-working staff to unambiguously identify themselves and thereby access the network. Once a passcode has been entered, it automatically becomes unusable; this is a one time passcode. UNN chose to use a Flash update which ensures numeric codes don’t remain on the device.
“We are very pleased with SecurAccess, as the solution is easy to use and contributes significantly to reducing costs,” comments Rainer Kölmel, CEO UNN GmbH. “Instead of having to make additional investments in dedicated tokens, we use existing devices in the form of mobile phones, which staff usually have with them anyway and which make logging in very easy. In addition, the model is sustainable in the long-term and can be scaled to suit requirements, as only the time-based licensing sets any limits. We paid a very competitive fee for our three-year licence, which is considerably less than a token-based solution would have cost.”
Mainzer Landstrasse 27-31
D-60329 Frankfurt a.M.