RSA Customer Profiles: RSA SecurID - tech. · PDF fileRSA SecurID case studies by region Click...
-
Upload
vuongxuyen -
Category
Documents
-
view
228 -
download
2
Transcript of RSA Customer Profiles: RSA SecurID - tech. · PDF fileRSA SecurID case studies by region Click...
RSA Customer Profiles:RSA® SecurID®
Asia PacificNTT Com Asia
Virgin Blue
EMEABank of Uganda
EMEA Telecommunications Company
LAit (Lazio Innovazione Tecnologica)
NyNet
OTP Bank
Red Bull Racing
Rupert House School
Signify
UK Local Authority
Latin AmericaBancolombia
Banco Popular de Puerto Rico (BPPR)
TIVIT
North AmericaArray Services
EMC
International Computerware
KPMG LLP
Moffitt Cancer Center
RSA SecurID case studies by region Click for industry index
BankingBancolombia
Banco Popular de Puerto Rico (BPPR)
Bank of Uganda
OTP Bank
EducationRupert House School
GovernmentLAit (Lazio Innovazione Tecnologica)
UK Local Authority
HealthcareMoffitt Cancer Center
ManufacturingTIVIT
ServicesArray Services
TechnologyInternational Computerware
NTT Com Asia
Signify
EMC
KPMG LLP
NyNet
Red Bull Racing
TelecommunicationsEMEA Telecommunications Company
TravelVirgin Blue
RSA SecurID case studies by industry Click for region index
C U S T O M E R P R O F I L E
ARRAY SERVICES
Professional Services Firm Boosts Security with RSA Technologies
AT-A-GLANCE
Key Requirements
– One security platform for monitoring and reporting of all SSAE 16 controls to support PCI DSS and HIPAA
– Flexibility to cope with heterogeneous technical infrastructure
– Ability to identify and mitigate risks and threats in real time
Solution
– RSA enVision® SIEM collects, analyzes, and prioritizes security events from across the enterprise IT infrastructure
– RSA® Data Loss Prevention (DLP) Suite automatically identifies, monitors, and blocks sensitive information from leaving the organization
– RSA Professional Services provided customization services
Results
– Able to prove continuous compliance with industry regulations
– Automated security practices enable the Security Operations Center to focus on higher-valued tasks
– Improved security posture positions Array Services more competitively
Array Services Group Inc. comprises four separate companies, all based on a single campus in central Minnesota. CareCall, ProSource, JCC Medical, and JCC Financial offer solutions focused on customer service, revenue cycle management, and debt recovery and collections, respectively. The Group’s customer base is spread across a wide range of industries, including healthcare and financial services.
KEY REQUIREMENTS
As a provider of critical professional services that touch upon a number of business areas
and processes for its customers, Array Services Group Inc. often handles sensitive data. This
includes personally identifiable information (PII) and credit card information that are
covered by strict industry regulations like the Healthcare Information Portability and
Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS).
In order to provide its customers with additional peace of mind, Array Services also
wanted to demonstrate its alignment with Statement on Standards for Attestation
Engagements (SSAE 16) attestation requirements. This required the organization to show
it could aggregate logs and correlate events across its entire IT environment – a
significant undertaking given that these systems include a heterogeneous mix of Linux
and Windows systems.
“We needed a solution that could handle the diversity of our technical ecosystem and
create a centralized point of reference for all our security and compliance obligations,”
summarizes Keith Swingle, Director of Information Technology, Array Services. “By
implementing such a solution, we hoped to attract new customers as well as provide
our existing client base with an added layer of protection against risk.”
“ If our customers can’t trust us they won’t do business with us – so having security systems that we can place our own trust in is essential. This is where RSA’s technologies, and the insightful support from its team, have been so important. We have total confidence in the security technologies we have deployed.”
KEITH SWINGLE, IT DIRECTOR, ARRAY SERVICES
page 2
SOLUTION
Having successfully used RSA® SecurID® hardware tokens to provide approximately 100
employees with remote access to its VPN for over seven years, Array Services Group naturally
considered RSA – The Security Division of EMC – to provide its new SIEM and DLP capabilities.
“We investigated the RSA enVision security information and event management (SIEM)
platform, and compared it against a number of other options,” says Swingle. “It proved to
be the best fit for our organization, as it met our requirements around functionality and
ease-of-use. The fact that it integrated smoothly with our heterogeneous infrastructure
was also a crucial factor that made the RSA solution stand out from the competition.”
Implementation of the RSA enVision platform was undertaken with support from RSA
Professional Services. The teams worked together to configure the technology in line with
the organization’s specific needs. This meant not only creating a centralized repository
for all log and event information from across the three corporate environments, but also
developing a specially tailored and intuitive interface from which each business
environment can be viewed.
Once the solution was installed and configured, the Array Services Group team was
interested to see how RSA could help them better meet some of their other security
responsibilities.
Brent Benson, Senior System Administrator, Array Services Group Inc. explains: “We
operate in the collections and recovery space, which means we handle a lot of PII on
behalf of our clients. As well as stopping unauthorized individuals from accessing this
data, it’s equally important that we don’t allow it to leave our network unsecured – for
example in an email or on a USB stick. This is where RSA’s DLP solution came in.”
It was with this in mind that Array Services ran a proof of concept of the RSA Data Loss
Prevention (DLP) Suite, covering Array’s network egress points and approximately 300 end
points. “We created our own set of policies to determine how potential breaches are dealt
with,” says Benson. “For example, if someone sends an email containing sensitive
information, we can either stop it immediately, re-route it to the individual’s manager, or let
it go through while notifying the individual so they can modify their behavior next time.”
The team also uses RSA DLP Datacenter to identify where sensitive data is located across
the organization. “Often knowledge of where documents are kept is lost as people move
on, so without spending many man-hours physically searching for it, it’s hard for us to
know where sensitive information might be held,” reflects Benson.
The outcome of the 30-day RSA DLP proof of concept was eye-opening, as Keith Swingle, IT
Director, Array Services, recalls: “I still remember the reaction we received when we reported
the risk areas that the DLP solution had brought to light. It made us aware of the scale of the
risk we faced, but at the same time it gave us the tools we needed to mitigate it.”
RESULTS
Since deploying the RSA enVision platform, Array Services Group is able to show that it
has significant and meaningful controls in place to align with PCI DSS, HIPAA, and many
other government and industry requirements as documented by their current SSAE 16
attestation. “Some regulations require an organization to prove compliance at the time of
audit and then may not be checked again. However, we can now show our customers at
any time that we have strong measures in place to protect their business-critical data,”
says Swingle. “This peace of mind is important to ensure that existing customers stay
with us and that new ones feel they can depend on us.”
“ The RSA enVision platform proved to be the best fit for our organization, as it met our requirements around functionality and ease-of-use. The fact that it integrated smoothly with our heterogeneous infrastructure was also a crucial factor that made the RSA solution stand out from the competition.”
BRENT BENSON, SENIOR SYSTEM ADMINISTRATOR, ARRAY SERVICES GROUP INC.
www.rsa.com
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com
The addition of the RSA DLP Suite has also made a significant impact. The team is now
able to gain detailed insight into the location and flow of sensitive data across its
business units, at the push of a button. “We used to rely on time-consuming manual
scanning for at-risk PII data,” Swingle continues. “Now we can deploy our grid-computing
network of up to 300 PCs to carry out DLP activities on a massive scale, covering
terabytes of data automatically.”
Swingle and Benson sum up the benefits of the two solutions as being able to offer the
strongest available security for their customers’ data along with enhanced auditing and
reporting for management.
They conclude: “At the end of the day, if our customers can’t trust us they won’t do
business with us – so having security technology that we can place our own trust in is
essential. This is where RSA’s technologies, and the reliable and insightful support from
its team, have been so important. We have total confidence in the technologies we have
deployed and are already considering adding more complementary RSA solutions – such
as the RSA Archer™ GRC Platform – to our environment.”
©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, Archer, enVision, and SecurID
are trademarks or registered trademarks of EMC Corporation in the United States and/or other countries. All other
trademarks referenced are the property of their respective owners. ARRAY CP 0212
C U S T O M E R P R O F I L E
BANCOLOMBIA
Colombia’s largest bank cuts fraud attempts by 90 percent with RSA
Key Requirements
– Combat rising fraud levels on online-banking portal
– Minimize impact on the end user experience while maintaining effective levels of security
– Boost security profile with 24x7 monitoring of online activity and tools to support an effective response when attacks occur
Solution
– RSA® Adaptive Authentication identifies unauthorized log-in attempts using RSA Risk Engine, without affecting end user experience
– RSA SecurID® hardware authenticators for Bancolombia’s corporate-banking clients enhance access security with two-factor authentication
– RSA FraudAction™ service provides constant monitoring of online threats, helping track and neutralize attacks on Bancolombia and its customers
Results
– Fraud incidents reduced by 90 percent
– Simplified user experience for retail-banking customers, with Adaptive Authentication working in the background to determine risk of unauthorized access attempts
– Bancolombia is better equipped to prevent and respond to online attacks
Bancolombia is the largest commercial bank in Colombia and one of the largest in the Latin America region. It offers both retail and corporate financial services, including saving and current accounts, debit and credit cards, pension plans, mortgages, and personal and business loans. Headquartered in Medellín, Colombia, it also has operations in the U.S., Peru, El Salvador, Panama, Puerto Rico, and the Cayman Islands.
KEY REQUIREMENTS
Bancolombia is a leading name in the world of finance, both in its native Colombia and
across many other Latin American markets. Since starting out in 1945, it has established
an extensive customer base that includes both corporate and retail customers, providing
banking services to around 60,000 organizations and over 1.5 million individuals.
Bancolombia provides an online-banking portal that makes it easier for customers to manage
their financial activity. This is used by around 90,000 contacts within the institutions it serves
and over a million of its retail customers. The transactional platform that supports the service
is hosted and operated on behalf of Bancolombia by TODO1, a company that specializes in
providing IT services to financial organizations across Latin America.
In 2008, Bancolombia began to experience a large rise in attempts to fraudulently gain
access to its online platform. “We knew we needed to respond quickly and effectively,
both for the sake of our customers and to preserve the integrity of our offering,” says
Carlos Rodriguez, Internet Manager, Bancolombia. “Until that point, we had relied on
applications we had developed in-house to prevent attacks. However, the severity of the
fraud activity we were starting to see highlighted the need to strengthen our defenses
with dedicated security solutions.”
“ Incorporating RSA solutions into our online-banking portal has helped us offer a safer experience that customers can trust to be secure against fraud and phishing attempts. The statistics speak for themselves: We have seen a 90 percent reduction in fraud since deploying the technology. Both our retail and corporate customers have benefitted, and we are in a stronger position to meet our regulatory requirements.”
CARLOS RODRIGUEZ, INTERNET MANAGER, BANCOLOMBIA
page 2
A priority for Bancolombia was improving the security of its online-banking platform
without detrimentally affecting customers’ experience of using the service. For corporate
accounts, the local regulatory authority required it to also offer hardware-token-based
authentication security to protect high-value business transactions.
In addition to improving access security, Bancolombia also wanted to enhance its awareness
of the online-fraud landscape and activity on its own systems. It needed a set of security tools
to monitor activity, track threats, and provide support when a response was necessary.
SOLUTION
Preserving the ease-of-use of its online-banking portal was a priority, so Bancolombia
decided to deploy RSA Adaptive Authentication for its enterprise and retail customers.
This provides an effective but unobtrusive means of authenticating access attempts. The
solution seamlessly integrates into browser-based log-in processes, without requiring
users to install any additional software or hardware.
For its corporate clients, Bancolombia also offers RSA SecurID hardware authenticators to
provide two-factor authentication when users attempt to access its online-banking
platform, in accordance with the requirements of the regulatory authorities. It distributed
these to approximately 90,000 users of its systems.
Bancolombia relied on the support of TODO1 during the deployment. TODO1 liaised with
RSA Professional Services to provide full support throughout the implementation of
Adaptive Authentication, from sharing examples of best practices during the planning
stages, through overseeing the integration of the technology into Bancolombia’s existing
online-banking portal, and managing the service on an ongoing basis. When deploying
RSA SecurID authenticators to its corporate customers, Bancolombia worked directly with
RSA, with additional support provided by TODO1 once the solution was in place.
To enhance its ability to track and respond to fraudulent activity against its online-
banking platform, Bancolombia implemented RSA FraudAction service. Managed by RSA
security experts, this provides 24x7 monitoring of the online-fraud environment and of
phishing and Trojan threats specifically against Bancolombia and its customers, as well
as tools to investigate and neutralize attacks. As the service is managed externally, only
minimal work was required to integrate it with Bancolombia’s systems, with the
deployment taking only a week. TODO1 oversees its operation on an ongoing basis and
feeds back the insights gathered into online-fraud trends to executives at Bancolombia.
RESULTS
Once the RSA solutions were in place, Bancolombia soon saw a dramatic reduction in the
level of fraudulent activity against its online platform: “Fraud fell by around 90 percent
after we added the technology and has remained consistent since,” says Rodriguez.
With RSA Adaptive Authentication, Bancolombia’s online-banking portal benefits from the
addition of secure but subtle authentication when customers attempt to access the service.
To log in, users are only required to enter a user name and password. Despite the apparent
simplicity of this process, in reality Adaptive Authentication works in the background to
evaluate the risk of an unauthorized-access attempt. It can respond by requiring the user to
input further identifying information to confirm the attempt is genuine if the level of risk is
deemed to be too high, as determined by Bancolombia’s security protocols.
RSA SecurID is now used by Bancolombia’s corporate customers when accessing their
online-banking services. “Each of the professional users who access our platform on
behalf of their organization now has a hardware authenticator that is unique to them. In
order to gain entry to the system, they use this to generate a one-time access code that
cannot be produced by any other means, but which is recognized by our systems. This
adds a powerful extra layer of security to the log-in process and means that anyone trying
to access our banking portal must have the relevant token in hand,” explains Rodriguez.
“ The combination of RSA Adaptive Authentication, RSA SecurID, and RSA FraudAction service with the support of TODO1 helps protect our online-banking portal from fraud attempts both at the point of access and on a continuous basis. We are now less likely to suffer from an attack and are better prepared to respond if an incident does occur.”
CARLOS RODRIGUEZ, INTERNET MANAGER, BANCOLOMBIA
www.emc.com/rsa
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa.
RSA’s FraudAction service reinforces the security these solutions provide at the point of
access by enhancing Bancolombia’s overall ability to detect and respond to fraud
attempts. A dedicated team of RSA experts constantly monitors for signs of fraudulent
activity, allowing the bank to respond quickly in the event of an incident. The service also
provides Bancolombia with a powerful range of tools to support a security response,
including those needed to forensically investigate an incident.
©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, FraudAction, and SecurID are
trademarks or registered trademarks of EMC Corporation in the United States and/or other countries. All other
trademarks referenced are the property of their respective owners. BANCOL CP 0512
C U S T O M E R P R O F I L E
BANCO POPULAR DE PUERTO RICO (BPPR)
Security technology combats phishing attacks and provides strong authentication
AT-A-GLANCE
Key Requirements
– Required by Federal Financial Institutions Examination Council (FFIEC) to introduce multi-factor authentication (MFA) for user access into online banking services
– Risk assessment showed that its existing in-house security system was not adequate to meet these new demands
Solution
– Deployed RSA® Adaptive Authentication MFA for online banking access
– RSA FraudAction™ anti-phishing rolled out to combat an increase in phishing attacks
– RSA SecurID® authentication deployed to secure employee remote access to the corporate intranet
Results
– A dramatic reduction in the number of phishing attacks, with customers now benefitting from peace of mind, knowing that their assets are fully protected
– Time and costs associated with shutting down fraudulent sites have been reduced, meaning BPPR can take a more proactive approach to combating phishing scams
Banco Popular de Puerto Rico is Popular, Inc.’s main subsidiary and the largest commercial bank in Puerto Rico. It provides the most extensive and complete distribution network in Puerto Rico, with 196 branches, over 620 ATMs, more than 27,162 point-of-sale terminals, a 24/7 call center, and an advanced Internet banking service. To find out more, visit www.popular.com.
KEY REQUIREMENTS
As Puerto Rico’s largest commercial bank, Banco Popular de Puerto Rico (BPPR) takes the
security of its customers’ assets extremely seriously. To authenticate users of its online
banking services, BPPR had in place a three-step password system based on its own in-house
technology. Customers were asked to answer one of three rotating questions (all previously
chosen by them), as well as one set question, before finally being asked to enter a PIN.
While this existing system was effective in preventing phishing attacks on BPPR’s existing
customers, it was required by FFIEC to introduce MFA. An extensive risk assessment
carried out by the bank showed that its existing in-house system was not sufficient to
meet these latest compliance demands.
“ Multi-factor authentication and anti-fraud technologies have enabled us to accelerate the speed at which we can identify and prevent phishing attacks in the online channel. Rather than a reactive approach, we are now able to proactively identify fraudsters and shut down fraudulent sites.”
CAMILLE BURCKHART, SENIOR VICE-PRESIDENT, TECHNOLOGY MANAGEMENT DIVISION AT BPPR
“ We have implemented a risk-based authentication process for our Internet service channel. The system has proved to be very effective. Anti-fraud technology has provided us with a more efficient and proactive way to detect and monitor potential phishing attacks or fraudulent websites which might have a direct impact on our brand and services.”
MIGUEL MERCADO TORRES, CISO, VICE-PRESIDENT, OPERATIONAL RISK MANAGEMENT AT BPPR
page 2
As a result, BPPR searched for a brand new alternative, an MFA solution that would
enable it to meet FFIEC requirements. What’s more, it had to find this solution quickly
as the FFIEC deadline was looming.
SOLUTION
RSA Adaptive Authentication
Initially BPPR decided to deploy an MFA solution from one of its existing vendors, but
found this vendor to be extremely unresponsive. BPPR then reached out to RSA – The
Security Division of EMC, and was immediately impressed by RSA’s MFA solution, as well
as RSA’s responsiveness.
RSA Adaptive Authentication leverages risk-based authentication (RBA) technology to
identify fraud and high-risk transactions. The system is supported by the RSA Risk Engine,
which tracks more than 100 fraud indicators in order to detect suspicious activity. The
Risk Engine assigns a unique risk score to each transaction: The higher the score, the
greater the likelihood that a transaction is fraudulent.
RSA Professional Services
RSA Professional Services helped with what was a very customized implementation,
providing ongoing consultation around how the solution could be adapted to fit the
bank’s requirements. During the implementation of RSA Adaptive Authentication, BPPR
saw a dramatic increase in phishing attacks so BPPR decided to bolster security further
by signing up to RSA FraudAction anti-phishing.
RSA FraudAction & Anti-Fraud Command Center (AFCC)
RSA FraudAction anti-phishing is a proven service geared toward stopping and preventing
phishing attacks that occur in the online channel. It includes 24x7 monitoring and
detection, real-time alerts and reporting, forensics and countermeasures, and site
blocking and shutdown.
At the core of the FraudAction service is RSA’s exclusive Anti-Fraud Command Center
(AFCC). RSA’s experienced team of fraud analysts work to shut down fraudulent sites,
deploy countermeasures, and conduct extensive forensic work to stop online criminals
and prevent future attacks.
RSA SecurID
BPPR has also deployed RSA SecurID two-factor authentication to secure employee
remote access into the corporate intranet; approximately 500 RSA SecurID hardware
tokens are in use.
RSA SecurID two-factor authentication is based on something the user knows (a
password or PIN) and something the user has (an authenticator). It provides a much more
reliable level of user authentication than a user name and password, which is what the
bank had previously relied on.
Miguel Mercado Torres, CISO, Vice President, Operational Risk Management at BPPR,
said: “We were keen to upgrade our solution in light of the increase in cyber threats and
cyber fraud activity. By adding in an extra layer of security for access into the corporate
intranet, RSA SecurID authentication enables us to increase the number of people who
are able to work from home, and also enables the sales team to complete more
transactions while out in the field.”
www.rsa.com
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com
©2011 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, FraudAction, and SecurID
are trademarks or registered trademarks of EMC Corporation in the United States and/or other countries. All other
trademarks referenced are the property of their respective owners. BPPR CP 0711
RESULTS
Since deploying RSA Adaptive Authentication, BPPR has seen a dramatic reduction in the
number of phishing attacks. As a result, customers benefit from peace of mind, knowing
that their assets are fully protected.
RSA FraudAction has greatly simplified the process of detecting, blocking, and shutting
down fraudulent sites. Previously BPPR’s internal staff handled this in-house and found
it to be a very time-consuming and costly process. What’s more, their approach was
reactive, relying on customers to inform them about issues. RSA FraudAction allows BPPR
to be more proactive, by enabling them to identify and shut down fraudulent sites before
they become a problem.
To further bolster security in the online channel, BPPR is also planning to roll out RSA
Transaction Monitoring. RSA Transaction Monitoring is typically integrated at various
points within online banking applications in order to monitor high-risk activities such
as money transfers, user profile changes, account modifications, and more.
To prevent fraudsters from setting up new customer accounts, in order to commit fraud,
BPPR is also looking to roll out RSA Identity Verification to verify the identity of callers
into its call center.
“ We were keen to upgrade our solution in light of the increase in cyber threats and fraud activity. By adding in an extra layer of security for access into the corporate intranet, RSA SecurID authentication enables us to increase the number of people who are able to work from home, and also enables the sales team to complete more transactions while out in the field.”
MIGUEL MERCADO TORRES, CISO, VICE-PRESIDENT, OPERATIONAL RISK MANAGEMENT AT BPPR
C U S T O M E R P R O F I L E
BANK OF UGANDA
Uganda’s Central Bank delivers world-class security with RSA® SecurID®
AT-A-GLANCE
Key Requirements
– Limit internal network access to authorized employees
– Secure transactions on the bank’s online payments and financial system by ensuring only trusted partners can gain access
– Ensure the bank’s IT systems comply with international financial-security standards
Solution
– RSA SecurID hardware tokens provide two-factor authentication to verify the identity of users accessing the bank’s network or online platform
– Ongoing training on the new system provided by RSA systems integrator 2MN to both internal users and banking partners in Uganda
Results
– Secure, world-class IT systems that are protected against unauthorized access attempts
– Minimal disruption to users
– Demonstrates Bank of Uganda’s commitment to ensuring its systems comply with international standards
Bank of Uganda (BoU) is the Central Bank of the Republic of Uganda. The primary purpose of the Bank is to foster price stability and a sound financial system. Together with other institutions, it also plays a pivotal role as a center of excellence in upholding macroeconomic stability.
KEY REQUIREMENTSThe Bank of Uganda is the country’s Central Bank, providing financial services to the Government and financial institutions that operate within Uganda.
As befits an institution that plays a crucial role in supporting Uganda’s economic infrastructure, securing the Bank of Uganda’s systems is a primary concern to its management team. In recent years, there has been an internal drive to enhance the security of the IT resources that underpin its operations. This has been supported by its international partners, such as the World Bank, which has worked with the Bank of Uganda to deliver a number of projects within the country.
One issue that was of particular importance to the bank was ensuring that files on its internal network could only be accessed by authorized employees. Another focal point for enhancing access security was its online payments and financial system, which is used by internal employees as well as representatives from external financial institutions to process financial transactions.
Hubert Kiyimba, an IT Security Administrator at the Bank of Uganda, said: “The bank’s online payments and financial system platform is an important part of the banking system within Uganda, and it was a priority for us to ensure it could only be accessed by the right people. As the system is used to conduct transactions by a number of external contacts, in addition to our own employees, we needed to ensure that the process of
gaining access was secure but also easy-to-follow and reliable.”
“ With RSA SecurID in place we can be confident that only authorized employees and partners are able to gain access to the Bank of Uganda’s network and online payments and financial system. Our experience with the technology over the past few years has proven it to be a reliable, trustworthy solution, and one that plays a key part in ensuring that the bank’s IT infrastructure meets the standards of the international finance community.”
HUBERT KIYIMBA, IT SECURITY ADMINISTRATOR, BANK OF UGANDA
www.emc.com/rsa
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa.
©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, and SecurID are trademarks
or registered trademarks of EMC Corporation in the United States and/or other countries. All other trademarks
referenced are the property of their respective owners. BOU CP 0312
SOLUTIONThe Bank of Uganda assessed different technologies that could help secure local and remote access to important systems and decided that a token-based system that uses two-factor authentication to provide an extra layer of security during the verification process was best-suited to its requirements.
Kiyimba said: “After evaluating the different options available and consulting independent recommendations we identified RSA SecurID as the market leader. We scheduled a meeting with 2MN, one of RSA’s integrator partners within the East Africa region, to discuss the details of the technology and how it could be integrated within our operations.
“As well as its superior security performance, another aspect of the SecurID technology that especially appealed was its compatibility with our existing financial-software environment. It was important that we found a solution that could integrate fluidly to augment our existing resources.”
After setting up a trial of the SecurID solution to determine how it would perform within its IT environment, the Bank of Uganda enlisted 2MN to oversee a roll-out involving 1,700 SecurID hardware tokens, split between internal users and those at external institutions who use the bank’s online payments and financial system.
2MN supported the deployment from start to finish, employing a holistic approach that involved it overseeing the technical logistics of integrating the SecurID solution, supporting the bank’s strategic decision-making around its efforts to enhance its security, and training users as they began to use the technology.
As the project progressed, the flexibility of the SecurID solution provided invaluable, with the bank using its API to integrate the two-factor authentication process into the proprietary software environment powering its online payments and financial system. This ensured that the introduction of the new access-control processes was seamless, minimizing disruption to users.
RESULTSSince deployment, the SecurID technology has preformed reliably for the Bank of Uganda, ensuring consistent access protection across its network and online-banking platform. One of the key features of the solution is its ability to “heal itself” in the event of any issues arising with the authentication server. If any problems are experienced, SecurID automatically deploys a back-up server, ensuring that access to the bank’s systems is not interrupted.
The process of transitioning internal and external users to the new access procedures proved problem-free. The easy-to-use nature of the SecurID token system and the training 2MN provided to Bank of Uganda employees and its partner organizations on using the technology helped ensure that their use of the bank’s platforms was unimpeded.
The implementation has helped the Bank of Uganda ensure its IT systems meet the standards of the international financial community and demonstrate its commitment to developing a world-class banking infrastructure, which could result in increased support from international finance institutions.
With the SecurID solution in place, the Bank of Uganda can be confident its systems are secured against unauthorized access. Kiyimba concluded: “SecurID provides an ideal combination of powerful, reliable protection in a package that is simple and intuitive for users. It has enabled us to significantly improve our security position without impacting the quality of the service we deliver.”
“ SecurID provides an ideal combination of powerful, reliable protection in a package that is simple and intuitive for users. It has enabled us to significantly improve our security position without impacting the quality of the service we deliver.”
HUBERT KIYIMBA, IT SECURITY ADMINISTRATOR, BANK OF UGANDA
C U S T O M E R P R O F I L E
EMC CORPORATION
Authentication solution strengtheningand centralizing security at EMC
AT-A-GLANCE
Key Requirements
– Reduce the cost and complexity of managing authentication of employees and external users of enterprise portals and business-critical IT systems
– Improve the end-user experience by minimizing the number of passwords and PINs needed
Solution
– Strong authentication software provides centrally administered access to enterprise portals with single sign-on (SSO) to multiple applications
– Two-factor authentication system offers additional layer of security
Results
– Thanks to SSO, IT security and the user experience have improved, while calls to the help desk have been reduced
– Centralized authentication is less costly and less time-consuming, improving employee productivity
EMC is one of the world’s leading providers of infrastructure information systems, software, and services, employing approximately 40,000 people around the world. Its clients range from Fortune Global 500 enterprises to start ups, across all industry sectors, including financial services, manufacturing, transportation, public services, telecommunications, and life sciences. To learn more, please visit: www.emc.com.
KEY REQUIREMENTS
EMC relies on a number of enterprise portals to share information and business processes
across its global, organizational boundaries. Online resources provide employees, partners, customers, and suppliers with 24x7 access to technical support, product information, sales resources, training services, and security updates, among other things.
The cost and complexity of managing these portals were enormous. EMC Powerlink, for example, is the front-end for over 30 applications, each of which required users to enter a separate user name and password. This was hugely inconvenient for users, who had to remember multiple passwords and often found themselves locked out of the system through the entry of incorrect information.
With over 300,000 registered users it also meant that the volume of calls to the help desk regarding password resets was very high. Given that the average help desk labor cost for a single password reset is about $70 (source: Forrester Research), the cost to the business was very high. Administration was made even more complicated by the fact that users had different levels of access and privileges.
EMC was eager to find an information-centric security solution that would centralize
authentication management to its IT systems and portals and improve the user experience.
“ Technology from our own security division, RSA, has enabled us to bolster secure access to business-critical systems and improve the sharing of information among employees, customers, partners, and suppliers across the globe. Centralized management, web single sign-on, and two-factor authentication improve productivity, as well as user experience, helping us accelerate innovation and increase competitiveness.”
HOWARD HANTMAN, STRATEGIC ARCHITECT, EMC GLOBAL SECURITY ORGANIZATION
www.rsa.com
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com
©2003-2011 EMC Corporation. EMC, RSA, the RSA logo, and SecurID are trademarks or registered trademarks of
EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their
respective owners. EMCAUTH CP 1210
SOLUTION
To provide secure access to each of the web applications within its intranets and external
portals, EMC deployed RSA® Access Manager. This solution enables EMC to manage large
numbers of users while enforcing a centralized security policy that protects enterprise
resources from unauthorized access and makes it easier for legitimate users to do their
jobs. Rather than having to remember multiple user names and passwords, internal and
external users are now able to enter single sign-on to multiple resources.
EMC has also issued RSA SecurID® tokens to all employees and select contractors to add
an additional layer of security for access to enterprise portals as well as other corporate
applications such as SAP Enterprise Resource Planning, Microsoft Outlook Web Access, and
access into the DMZ – the zone that provides an extra layer of security between EMC’s
network and the Internet. The company has 45,000 active RSA SecurID users worldwide.
RSA SecurID offers authentication based on two factors: something the user knows,
a personally selected PIN, and something the user has, an RSA SecurID hardware or
software token. An RSA SecurID token automatically generates a new six-digit one-time
password every 60 seconds. Entering the PIN and one-time password provides a much
more reliable level of user authentication than static passwords and user names.
RSA Authentication Manager is the software engine behind the RSA SecurID system and
is used to verify authentication requests and centrally administer authentication policies
for enterprise networks. Ideal for EMC’s use, it scales to support millions of users and
protects multiple applications and resources across numerous physical sites.
RESULTS
SSO has made the EMC users’ experience more efficient and enjoyable. It has improved
employee productivity, strengthened partner relationships, and reduced the number of
incidents referred to the help desk.
Centralized administration is less time-consuming and, as a result, the process of user
authentication is less costly to the business. The overall security of the company’s IT
systems has improved, since access attempts from unauthorized users are easier to spot
and investigate. New users can be given access to multiple systems at the touch of a
button, and orphan accounts can be easily deleted.
EMC is also evaluating the benefits of RSA Federated Identity Manager, which extends
SSO beyond the enterprise to important applications, such as payroll, hosted outside the
organization.
Finally, EMC is testing various RSA SecurID software token form factors among its employees
including the RSA SecurID Toolbar, RSA SecurID Token for BlackBerry, and software tokens
that support wireless devices running the Microsoft Windows Mobile platform. Embedded
into a wireless device or laptop, RSA SecurID software tokens provide convenience by
eliminating the need for a user to carry a second device to perform two-factor authentication
and also provide efficiencies-of-scale for deployment to the global workforce.
“ The next generation of RSA Authentication Manager will make it possible to send RSA SecurID users an emergency SMS (short message service) to their registered mobile phone, should they leave their hardware token at home. This is particularly useful to improve the productivity of frequent business travelers.”
HOWARD HANTMAN, STRATEGIC ARCHITECT, EMC GLOBAL SECURITY ORGANIZATION
c u s t o m e r p r o f i l e
EMEA TElEcoMMunicATions coMpAny
EMEA Telecommunications Company uses SMS tokens to improve flexibility of two-factor authentication
At-A-GlAnce
Key Requirements
– cost-effective two-factor authentication, enabling global access to corporate network
– Highest standards of security to block unauthorized access
– rapid token distribution with high confidence in who is using the tokens
Solution
– rsA® securiD® on-demand Authenticator offers the market-leading one-time-password (otp) strong-authentication solution by sms
– 2,000 on-demand (sms) tokens issued to employees and partners
– integration with microsoft Active Directory to ensure phones used for authentication are always current
Results
– expanded two-factor authentication to partner organizations
– cut capital expenditure on tokens by 45 percent
This EMEA telecommunications company is a leading mobile service operator.
Key RequiRements The company’s data includes sensitive customer information and its systems enable mobile telephone lines to be activated or deactivated, and new services to be added on, so it is important that these systems are well protected. “security is essential to us,” said the security operations Manager. “i need to protect my customers’ data so that nobody can access it without permission or tamper with it. i have to demonstrate to my employees that they are using a secure channel. A security incident could have a huge negative impact on our company’s image.”
The company had introduced two-factor authentication to protect staff access to its network from over the internet. it was based on RsA securiD hardware tokens and software tokens, which use the computing device itself (such as a laptop) as the second authentication factor. RsA securiD is the market-leading one-time-password (oTp) strong-authentication solution, which is interoperable with over 350 third-party applications. RsA securiD is used by over 30,000 organizations, and offers software, hardware, and sMs authentication options.
“We had difficulties because people would forget their hardware tokens or misplace them,” said the security operations Manager. “The software tokens gave people the flexibility to work from anywhere, but caused problems when people forgot their laptops and wanted to work on a different machine.”
if somebody lost or forgot their token, they would have to go to the nearest company office to get access to the corporate iT infrastructure, which resulted in lost productivity. “Distributing hardware tokens was a challenge,” said the security operations Manager. “How do you quickly get a token to someone who is 700km away?”
There was also a significant investment associated with hardware tokens. The security operations Manager estimates that between 15 percent and 20 percent of tokens were lost each year, and all the tokens needed to be replaced every few years.
“ rsA made my dream come true. they reduced the risks i had with the tokens, enabled me to get better usage of my internal resources, and cut my cApex. i trust rsA because they have never let me down.”
sEcuRiTy opERATions MAnAgER, EMEA TElEcoMMunicATions coMpAny
www.emc.com/rsa
contAct usTo learn more about how RsA products, services, and solutions help solve your business and iT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa.
©2012 EMc corporation. All rights reserved. EMc, the EMc logo, RsA, the RsA logo, and securiD are the property of
EMc corporation in the united states and/or other countries. EMEA TEl cp 1012
“it was hard to be confident in the identity of somebody using a hardware token,” said the security operations Manager. “people could give their token and username to a friend. With hardware tokens, we couldn’t quite be sure whether it might be the authorized user, someone else in the company, or a hacker who was using a stolen token.”
The company required a more cost-effective two-factor authentication solution, which enabled rapid distribution of tokens and provided the highest standards of security for its valuable corporate data. it also needed a solution that would give it greater confidence in who was using the token.
solutionThe company deployed the RsA securiD on-demand Authenticator and 2,000 on-demand tokens, issued using an sMs message sent to the user’s mobile phone. The solution was integrated with Microsoft Active Directory, so that it can use the mobile phone number the company has on file for the user. As a result, the authentication system is always up-to-date with the latest mobile phone numbers. The solution has solved the problem of distributing tokens, because they can be instantly sent to the user’s mobile phone.
if the user loses his or her mobile phone, the company can reallocate the sMs token to the replacement phone without incurring additional licensing or purchase costs.
“With mobile, i can be sure about who has received the message,” said the security operations Manager. “i know who the mobile phone belongs to, and have a high degree of confidence in who is using it. With hardware tokens, somebody might leave the company and give their token to a colleague. That doesn’t happen with phones.”
RsA professional services deployed the solution and integrated it with the company’s sMs gateway for issuing the on-demand tokens. “The RsA professional services team completed the deployment quickly and on time,” said the security operations Manager. “We are the first mobile operator in the region to use this solution and they made my dream come true. They reduced the risks i had with the tokens, enabled me to get better usage of my internal resources, and cut my cApEx. RsA has never let me down.”
ResultsThe ease of token distribution has enabled the company to expand the pool of users issued with a secure token. The company has technical support suppliers located in Europe and the u.s. and previously it was not viable to ship tokens or install software on their computers. now, the company has issued an sMs token to over 120 of its 200 support suppliers. “it enables our suppliers to support our company more flexibly,” said the security operations Manager. The company has also provided its retail partners with secure access to its systems using sMs tokens, something which was not viable before.
“The on-demand tokens have realized our vision for supporting more people,” said the security operations Manager. “We were limited before, because our partners would have to request a temporary username and password to access our systems, and they might need access at 2:00 A.M. our time. now i have resolved my administrative headache.”
The company has cut its capital expenditure on tokens by 45 percent without increasing its operating expenditure.
The company has also been able to increase productivity, because people do not need to use a particular computer to authenticate, and do not have a hardware token to lose. They can work from any computer, using their mobile phones to carry out a two-factor authentication.
“ the on-demand tokens have realized our vision for supporting more people. We were limited before, because our partners would have to request a temporary username and password to access our systems, and they might need access at 2:00 A.m. our time. now i have resolved my administrative headache.”
sEcuRiTy opERATions MAnAgER, EMEA TElEcoMMunicATions coMpAny
C U S T O M E R P R O F I L E
INTERNATIONAL COMPUTERWARE
IT Consultancy shows customers the way with secure desktop virtualization
AT-A-GLANCE
Key Requirements
– Set an example of IT innovation for customers
– Support mobile working flexibility and simplify PC fleet maintenance
– Prevent sensitive data leakage from virtual desktops
– Monitor and enforce access to virtual desktops while collecting logs and reports to ensure compliance
Solution
– Implement new VMware PC-over-IP virtual desktop protocol and VMware View
– Test and integrate with existing security resources to ensure user authentication for remote users
– Extend existing Data Loss Prevention (DLP) platform to virtual desktops to monitor and regulate user activity
– Collect and analyze security events from virtual desktop environment, and correlate with non-virtual infrastructure logs for compliance monitoring and reporting
Results
– Virtual desktops already rolled out to 60 most mobile workers
– Environment now fully compliant with security requirements
– Significant cost savings, such as $95,000 on resource allocation for desktop support
As a global IT consultancy, International Computerware Inc. (ICI) combines industry knowledge, functional experience and technology skills to help its clients grow and create extraordinary value. It has delivered innovative, high quality IT expertise and services to its customers for over 20 years.
KEY REQUIREMENTS For IT consultancies, knowing about the best technology and being able to make use of it in the most effective way, is essential in driving customer satisfaction and business success. ICI recognizes this, and is dedicated to making sure the company itself is an example of IT best practice in action.
The company uses industry-leading technologies such as the RSA enVision® platform, RSA SecurID® soft tokens, and RSA® Data Loss Prevention Suite from RSA, The Security Division of EMC, and VMware virtualization software to ensure it stays at the forefront of technological expertise.
However, there are always opportunities for further innovation, and for ICI, this came in the form of desktop virtualization. Jamie Shepard, Executive Vice President, Technology Solutions, ICI, explains: “We already had a strong virtual platform for our datacenter, supporting SQL and Sharepoint environments. The next step was to virtualize our desktop PCs as well to enable mobile employees to log on to their virtual desktops securely from any location, even if their own laptop is broken.”
ICI also wanted to monitor and enforce access to virtual desktops while preventing leakage of sensitive data to ensure compliance with Massachusetts directives. In this way, it planned to make administration of its PC fleet simpler for the IT team, as well as
making life easier for remote workers.
“ Being able to securely access any machine from anywhere and at any time with virtualization significantly accelerates the resolution of any issues and helps keep employees productive. At the same time we know we can immediately pinpoint and block any suspicious activity around sensitive data on our network and we’re saving about $95,000 on resource allocation for desktop support per year.”
JAMIE SHEPARD, EXECUTIVE VICE PRESIDENT, TECHNOLOGY SOLUTIONS, INTERNATIONAL COMPUTERWARE INC.
www.rsa.com
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com
©2010 EMC Corporation. All rights reserved. EMC, RSA, RSA Security, the RSA logo, RSA enVision and RSA Data
Loss Prevention Suite are the property of EMC Corporation in the United States and/or other countries. All other
trademarks referenced are the property of their respective owners. ICI CP 0910
SOLUTION
In order to meet this new challenge, ICI decided to build on its existing virtualization and
security resources. “We knew that the combination of VMware and RSA technologies we
had in place was a good one,” recalls Shepard. “So it was a case of extending those
resources to our PCs as well as our datacenter.”
Bringing these secure virtualized capabilities to its PCs meant ICI needed to deploy VMware’s
PC-over-IP protocol. It chose to run a proof of concept (PoC) of this new feature in order to
ensure the virtualized desktops would work effectively with its RSA security environment.
“We set up two users – one from sales and one from engineering – with virtual
desktops,” says Shepard. “Both were regular mobile workers, so they were part of the
group that we expect to benefit the most from this virtualization project. They have very
different use cases but both require reliable accessibility and availability.”
Feedback from the PoC users was positive, showing that the virtual desktop PC model
stops remote workers suffering from latency caused by physical PCs connecting to servers
in far-off datacenters.
Following the successful PoC, the virtual desktop environment was rolled out to all mobile
users in the first virtualization group. These employees use a variety of devices, from
laptops and desktop PCs to Apple iPads. The virtual environment was then integrated
with ICI’s existing DLP environment, which, Shepard found, was very simple: “The virtual
desktop, from the DLP solution’s point of view, is no different than any other virtual
machine, so it can discover sensitive information, detect inappropriate or unauthorized
activity, and lock it down in an instant.”
The company is now working on integrating additional security features such as RSA SecurID
for user authentication, to enforce secure access for virtual desktop infrastructure (VDI)
users in the VMware infrastructure. It also plans to integrate its RSA enVision platform with
the virtual desktop environment to monitor end user and administrator activities.
RESULTS
With the initial round of deployment complete, ICI now has 60 virtual desktop users
across the sales and engineering departments. It plans to extend its virtual user base
across the rest of the engineering team and administrators in the coming months. “Being
able to use virtual desktops for activities like training will make information sharing much
simpler and more efficient for us,” comments Shepard.
He continues: “The biggest saving for us is the reduction in administrative headaches
that the virtual fleet enables. Being able to securely access any machine from anywhere
and at any time significantly accelerates the resolution of any issues and helps keep
employees productive. At the same time we know we can immediately pinpoint and block
any suspicious activity around sensitive data on our network.” For example, a user
logging onto his virtual desktop from a customer site will still be covered by the DLP
platform and alerted should he attempt any unauthorized action, such as saving
protected data onto a USB stick.
In addition to setting the standard for its customers with this initiative, ICI is seeing an
impact on its bottom line. “We’re saving about $45,000 per year in desktop PC refreshes
through virtualization,” says Shepard, “and about $95,000 on resource allocation for
desktop support. On top of that we are now fully compliant.”
“ We’re saving about $45,000 per year in desktop PC refreshes through virtualization. On top of that we are now fully compliant.”
JAMIE SHEPARD, EXECUTIVE VICE PRESIDENT, TECHNOLOGY SOLUTIONS, INTERNATIONAL COMPUTERWARE INC.
C U S T O M E R P R O F I L E
KPMG LLP
Firm drives compliance with RSA® Archer™ eGRC Suite
AT-A-GLANCE
Key Requirements
– Common platform for all eGRC activities to enhance accuracy and efficiency of compliance efforts
– Easily deployable solution for fast time to value and rapid response to own and client demands
– Clear, flexible management and reporting capabilities to satisfy business unit and other stakeholders
Solution
– RSA Archer eGRC Suite modules provide single platform for ITS (Information Technology Services) policy development, management, and monitoring
– Automated tracking of remediation activities streamlines and solidifies compliance stature
– Flexible dashboard and reports deliver information to management in digestible format
Results
– Quick, comprehensive response to requirement to comply with NIST 800-53 directive won new business
– Business and clients are reassured by ability to provide fast and comprehensive responses to their requests using online policy center
– Risk of inadvertent regulation breaches is minimized with tighter, automated compliance controls
Formed in 1987, KPMG LLP provides audit, tax, and advisory services and industry insight to help organizations negotiate risks and perform in dynamic and challenging business environments. KPMG LLP is the U.S. member firm of KPMG International whose firms have a total of 140,000 professionals, including more than 7,900 partners, in 146 countries.
KEY REQUIREMENTS
The services that KPMG offers vary hugely, with each project tailored to the specific needs
of the client in question to deliver impactful results. Despite this variety of activity, the
organization’s focus on quality remains constant. Part of providing high-quality service
means anticipating and meeting its legal, regulatory, and client requirements.
With many clients in highly regulated industries such as finance and healthcare, a key
priority for any business initiative or IT project is ensuring compliance with relevant
industry regulations – from Sarbanes-Oxley (SOX) to the Health Insurance Portability and
Accountability Act (HIPAA). KPMG must therefore demonstrate its ability to easily and
rapidly meet these and other enterprise Governance, Risk, and Compliance (eGRC)
demands when undertaking client projects.
This challenge is not a new one, and the company has long had policies in place to meet
its own and clients’ requirements. However, these policies were stored in various
repositories across the ITS organization, meaning it was difficult to map policies to new
standards. Irina Giller, Director, ITS Policy and Governance, KPMG, heads up the team
responsible for ITS policies and compliance. She explains: “We were unable to easily
confirm whether or not we could comply with a new client request using an existing
policy, so there was a lot of manual work involved every time – even after we created a
more centralized repository using available tools.”
“ To enable our IT governance program, we decided that investment in the GRC platform was needed in addition to defining necessary processes. The GRC technology helps us to achieve alignment of controls with policies. It accelerates the definition, management, measurement, and reporting of IT-related controls through the mapping to regulatory mandates, managing remediation tracking and policy exceptions, and reporting on them to our ITS executive management.”
IRINA GILLER, DIRECTOR, ITS POLICY AND GOVERNANCE, KPMG
page 2
KPMG needed a common eGRC platform with a fully centralized policy repository to
both publish policies and map them to authoritative sources while maintaining a
comprehensive overview of its eGRC capabilities. Flexibility was also important to
ensure that KPMG could set, operate, and report on its own policies and processes
where required to satisfy a variety of legal, regulatory, and client requirements.
SOLUTION
KPMG considered leading GRC platforms against its IT governance requirements and
selected the eGRC solutions from RSA Archer. It also received feedback from KPMG’s
Client Delivery team on RSA Archer capabilities as they worked with RSA Archer on
various client projects.
“We needed a solution that would enable us to publish and search all policies from a
central point,” says Giller. “It was also important to have granular access controls to
make sure that policies and control standards could be accessed by all KPMG partners,
employees, and other authorized parties while baseline technical controls and
specifications could only be accessed by the central ITS organization. Lastly, we
needed the ability to map policies based on authoritative sources.”
Giller and her team addressed these requirements by deploying the Policy Management
and Compliance Management modules of the RSA Archer eGRC Suite. These solutions
enable KPMG to ensure comprehensive management of its policies, and any exceptions,
as well as remediation tracking for compliance.
“With this solution, which includes a number of internal processes and the eGRC tool, we
can carry out self-assessments to identify any gaps in our compliance stance, then easily
work in amends to our policies to ensure we’re covered,” comments Giller. “Likewise, if a
client has a new compliance requirement or wants to review our capabilities, it’s easy for
us to show them online how our processes measure up against their expectations and
make any necessary enhancements in an efficient manner.”
Implementation was carried out by KPMG’s ITS Policy and Governance team, following
brainstorming sessions with KPMG’s Advisory team to develop a roadmap for rollout of
RSA Archer modules. A consultant from RSA Archer was on site to help manage the
implementation of both modules, and RSA also provided training to KPMG’s development
and support groups. This equipped them with the knowledge necessary to manage the
new eGRC platform themselves.
RSA provided Professional Services support by assisting KPMG in deploying the solutions
out of the box and then customizing the Policy Management module to build in the
required notification processes. It also helped customize and map the compliance and
remediation-tracking aspects of the Compliance Management module to fit with KPMG’s
planned usage model.
RESULTS
The first test for the new platform came shortly after deployment, when a new client
project required KPMG to affirm and where necessary enhance its policies and
procedures in alignment with the National Institute of Standards (NIST) 800-53 directive,
which impacts data hosting for government organizations. KPMG won this new client’s
business by building a hosting environment in compliance with the directive. Enabled
by RSA Archer, KPMG mapped the requirements to its internal policies and procedures,
performed gap analysis, and, where necessary, developed and published additional
policies, procedures, and technical baselines, all in a reasonable timeframe.
Having a centralized and automated online eGRC solution has simplified many tasks
for Giller’s small team. “Previously, client audits necessitated the printing out and
processing of reams of paper documentation,” says Giller, “which was time-consuming
and unscalable. Now all the information we need is there on the system, so it’s much
“ Clients are reassured by our commitment to meeting their needs, especially when they come in to conduct on-site reviews and we navigate them through our online policy center.”
IRINA GILLER, DIRECTOR, ITS POLICY AND GOVERNANCE, KPMG
www.rsa.com
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com
easier and quicker for us to find the policy or control standard we’re looking for. Not only
has this accelerated our own ability to meet requests for information, but clients are
reassured by our commitment to meeting their needs, especially when they come in
to conduct on-site reviews and we navigate them through our online policy center.”
Managing IT policy exceptions is another area where the team has seen a marked
improvement. The RSA Archer solution issues automatic alerts to KPMG’s ITS Policy
Review Board whenever an exception is submitted for review and approval, or is due to
expire. The board can then notify the individual of its decision to allow a time-limited
exception where business justification warrants it and adequate compensating controls
are in place, or direct individuals to either take the necessary steps to become compliant
or remove the incompliant situation from the network. “This model means we have
tighter control over our compliance capabilities and are able to reduce the risk of any
inadvertent breaches of regulations,” says Giller.
©2011 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, and Archer are trademarks or registered trademarks
of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their
respective owners. KPMG CP 1011
C U S T O M E R P R O F I L E
LAIT (LAZIO INNOVAZIONE TECNOLOGICA)
Secure remote access enables Lazio’s regional health authority to implement a new Web-based booking service
AT-A-GLANCE
Key Requirements
– Provide end-user self service for convenience and reduced administrative time
– Guarantee all the pharmacies in Regione Lazio total secure access to the booking system for specialised medical services
– Protect sensitive data, while keeping costs down
Solution
– Two-factor authentication used to manage secure assess into the medical service booking system
– A Virtual Private Network Secure Socket Layer (VPN SSL) implementation allows secure connection to LAit’s data centre across the Internet
Results
– Provides secure access to the outpatient booking service supplied by National Health Service
– Thanks to strong authentication, the Recup System has reduced management costs by 70%
– Unifies password management, consolidates authentication management, and collects logs to aid compliance
Since 2001 LAit has worked closely with Regione Lazio in Italy to govern the automation of regional public services. LAit designs, develops and manages Regione Lazio’s IT systems to spur the development of the Information Society, and lay the foundations for the growth of digital administration. To find out more, visit www.laitspa.it/laitweb/
KEY REQUIREMENTS
A number of solutions (Firewall, Proxy and VPN) from some of the leading vendors in the
market guarantee Regione Lazio’s data centre perimeter information security. These
solutions are able to provide IT system protection as they grant access only to authorised
users, under conditions well profiled, predefined, and in a controlled manner.
Using this process LAit securely publishes Web sites and Web portals for public services
(such as the regional Web site, health system portal, agriculture portal and tender
process system); email services; and data transfer systems. For special technical/
operational purposes it allows privileged access using Virtual Private Networks controlled
by strong authentication devices.
The Farmarecup project is a great example of this. Farmarecup was promoted by the
regional department for the protection of consumers’ interests to simplify public
administration. Currently it connects more than 170 pharmacies in Lazio to Recup — the
booking system for specialised medical services. LAit plans to extend Farmarecup to all
pharmacies in the region, providing end user self service for convenience and reduced
administrative time.
This Web-based application, through Recup, gives access to the outpatient booking
service supplied by National Health Service. Thanks to two-factor authentication, the
Recup System has reduced management costs by 70%.
“ Secure remote access and collaboration has enabled us to accelerate the process for booking medical appointments and exams, providing more efficient public services to Regione Lazio’s citizens. What’s more, thanks to two-factor authentication we have reduced management costs by 70%.”
REGINO BRACHETTI, PRESIDENT OF LAIT S.P.A.
www.rsa.com
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com
RSA and the RSA logo are registered trademarks or trademarks of RSA Security Inc. in the U.S. and/or other
countries. EMC is a trademark of EMC Corporation All other trademarks mentioned herein are the property of their
respective owners. ©2003-2010 RSA Security Inc. All rights reserved. LAIT CP 1010
SOLUTION
LAit professionals faced two challenges: guarantee a total secure access to the
application, and, at the same time, keep costs as low as possible. This is the reason
why they rejected a dedicated connection in favour of an Internet-based solution.
LAit evaluated the different solutions available on the market.
“We evaluated the performance of the systems in real-life scenarios,” explained Vittorio
Gallinella, Technical Director of LAit S.p.a. “This was necessary to verify the compatibility
and integration with LAit’s systems, as well as ease of installation. Moreover, it was
important to evaluate the software features for managing the solutions, in order to select
the one that is easy to configure and manage, so we can keep down daily management
operating costs.”
In the end, LAit chose to deploy a two-factor authentication solution from RSA, the
Security Division of EMC. RSA SecurID® two-factor authentication is based on something
the user knows (a password or PIN) and something the user has (an authenticator
displaying a password that changes every 60 seconds), providing a much more reliable
level of user authentication than reusable passwords.
“Two-factor authentication was both highly secure and reliable, while the RSA solution is
a proven one-time password technology protecting over 30,000 organisations. Lazio
prides itself by applying innovative systems to provide more efficient public services to
its citizens,” added president Brachetti. The integration between the LAit network and the
security infrastructure has been delivered quickly and without issues, as well as the
integration with the booking application.
RESULTS
“The solution is very intuitive, particularly from user’s point of view. Token utilisation is
widespread in Italy, therefore many end users can immediately take advantage of this
solution. The application is very easy to use although for those who may need some
support LAit has set up a customer care service,” said Alessandro Cimalacqua,
responsible for network operations at LAit.
Thanks to two-factor authentication, LAit has succeeded in giving access across the
Internet to the medical appointments and exams booking service, ensuring the high
security level needed for sensitive data confidentiality. The use of the VPN SSL and strong
authentication enables LAit to utilise connectivity that pharmacies already have, so there
are no additional costs for Regione Lazio.
“We above all recognise the versatility of RSA SecurID, besides the simplicity of
installation, management and use. Because of these characteristics we have adopted this
solution for other purposes too, in particular providing remote access to a number of
services for some Directorates and Departments, for system management, and to give
access to some resources. The solution enables us to unify password management and
consolidate authentication management with a unique tool,” Gallinella stated.
“ Thanks to two-factor authentication, the Recup System reduces outpatient booking service management costs by 70%. Web application broadens the service, satisfying Regione Lazio’s policies that aim for health service enhancements. I believe that our technology choice demonstrates that LAit professionals are doing a very good job in modernising the Lazio IT system.”
REGINO BRACHETTI, PRESIDENT OF LAIT S.P.A.
C U S T O M E R P R O F I L E
MOFFITT CANCER CENTER
Moffitt Cancer Center enhances patient satisfaction and scientific research
AT-A-GLANCE
Key Requirements
– Reduce complexity for patients to securely access medical and treatment data
– Real-time fraud/threat detection with minimal impact to user experience
Solution
– Authentication solution enables easier and more secure patient and researcher access
– Simple login enables patients to access data at their convenience
Results
– 80 percent decrease in reported password-related issues
– Fewer issues allow IT staff to support other needs
– Researchers share patient information securely with colleagues anywhere
– Organization plans to expand use of security technologies
H. Lee Moffitt Cancer Center & Research Institute is internationally recognized for its translational research. Located in Tampa, Florida, it holds the distinction of being a National Cancer Institute-designated Comprehensive Cancer Center. It is one of the largest cancer centers in the U.S., recording more than 289,000 outpatient visits a year.
KEY REQUIREMENTS
Moffitt Cancer Center’s Total Cancer Care is a comprehensive approach that enables
caregivers and researchers to identify and meet all the needs of a patient and their family
during the patient’s lifetime and for future generations. To conduct successful research,
the Cancer Center needs access to as much data as possible about the disease and the
patient. The Total Cancer Care protocol solicits medical and treatment details from willing
patients for use by scientists and to match patients to appropriate clinical trials.
Historically, when registering for an appointment, participating patients were given a tablet
PC to input their details into the specially created portal. While many patients were willing
to take part in the initiative, it could sometimes take up to two hours to input their details.
Donald Wasylyna, Manager, Information Security, explains: “We needed to make it easier
for patients to sign up for Total Cancer Care and allow them to participate from home so
they could complete the questionnaires at their convenience.”
The center needed an accurate, real-time fraud/threat detection system that would
simplify user experience while increasing protection against emerging threats.
“ Moffitt Cancer Center patients have access to their medical records with a new patient portal, which also links to a database that collects information for Total Cancer Care™, a unique clinical trial aimed at personalizing treatment. Security and access issues are complex. RSA® Adaptive Authentication provides patients with appropriate access to information, while reducing user complaints by 80 percent.”
DONALD WASYLYNA, MANAGER, INFORMATION SECURITY, MOFFITT CANCER CENTER
www.rsa.com
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com
©2011 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, enVision, and SecurID are trademarks or registered
trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property
of their respective holders. MCC CP 0211
SOLUTION
The organization was already a customer of RSA – The Security Division of EMC – using
about 1,200 RSA SecurID® hardware and software tokens to provide select staff with
remote access to its VPN. The team decided to investigate solutions that RSA could
provide for the challenges that Total Cancer Care presented.
Moffitt needed a solution that would integrate seamlessly with its existing infrastructure
and be extremely user-friendly. “We looked at a number of vendors and carried out
extensive research over 18 months,” recalls Wasylyna. “In the end, though, it was clear
that the best fit for us was a risk-based user-authentication solution based on RSA
Adaptive Authentication. It provides the simple integration we sought and has excellent
usability, ensuring all of our patients would be able to work with it from home.”
Shortly after launching the portal, Moffitt Cancer Center incorporated a number of other
features, such as appointment scheduling and bill payment, to further enhance the
patient experience. It then extended use of RSA Adaptive Authentication to its
collaboration and research portal, which is used by scientists on-site to work on projects
with colleagues based across the country and abroad. “Users of this portal often need to
share confidential patient information as part of their research, and the strong protection
provided by the RSA solution means we can be sure that only the right people are able to
access it,” Wasylyna says.
RESULTS
Introducing the new remote access model for the portal had an immediate effect.
“Password-related issues reported by patients participating in Total Cancer Care went
down by more than 80 percent just by removing the password complexity requirements
and adding Adaptive Authentication,” says Wasylyna. “This has reduced our support
requirements so that we can support other endeavors contributing to the prevention and
cure of cancer.”
Impressed with the results it has seen from using Adaptive Authentication, Moffitt Cancer
Center is now deploying more of the technology suite. Wasylyna comments: “We will be
using RSA Certificate Manager to authenticate about 1,000 mobile devices that are used
around the hospital and also are planning to deploy RSA enVision® to provide security
information and event management across our entire network.”
“ It was clear that the best fit for us was a risk-based user authentication solution based on RSA Adaptive Authentication. It provides the simple integration we were seeking and has excellent usability, ensuring all of our patients are able to access it from home.”
DONALD WASYLYNA, MANAGER, INFORMATION SECURITY, MOFFITT CANCER CENTER
C U S T O M E R P R O F I L E
NTT COM ASIA
Leading ICT Services firm delivers more secure solutions to customers with RSA® SecurID®
AT-A-GLANCE
Key Requirements
– Deliver strong authentication system to protect confidential information
– Offer high availability to enable remote access, 24x7
Solution
– Two-step authentication with RSA SecurID solution
– Provides efficient, remote access to confidential information
Results
– Increased security
– Reliable solution increases customer confidence and builds trust
– Real-time technical support increases productivity
– Experienced support team provides the basis for a long-term partnership
Founded in Hong Kong in 1999, NTT Com Asia Limited is a wholly owned subsidiary of NTT Communications, the international and long distance arm of NTT (Nippon Telegraph and Telephone Corporation). NTT Com Asia serves as the key arm of NTT Communications’ Asia operations. Leveraging the NTT Communications Global infrastructure, NTT Com Asia delivers end-to-end global network & IT solutions for multinational corporations including IP connectivity, data center, cloud hosting, cloud applications, managed services and integrated solutions. Today NTT Com Asia and its affiliate HKNet Company Limited employ over 300 professionals to support global enterprises to accelerate growth in the Asian market. To learn more about NTT Com Asia visit www.ntt.com.hk.
KEY REQUIREMENTS
Information is a precious commodity in any business, and the sharing of information has
always represented a potential security risk. For large organizations it is essential that
only the right people have access to the information.
In order to meet stringent customer requirements in the financial-services industry, NTT
Com Asia needed to offer a strong authentication system to help protect confidential
customer information as well as ensure that customer organizations meet compliance
with local financial regulations. The solution also needed to offer high availability in
order for users to log in to their organizations’ systems remotely, 24x7.
Jonathan Wong, NTT Com Asia, says, “The goal of the project was to provide a system that
enabled mobile workers at our customer sites to access sensitive information stored on
their internal servers from a remote location, whenever they needed it. The process had
to be secure, but also needed to be simple enough to implement to a potential workforce
of hundreds or thousands.”
“ Since we deployed RSA SecurID, the feedback from our customers has been very positive. The key theme coming through is reliability. Our customers trust the solution to deliver against their security requirements.”
JONATHAN WONG, DIRECTOR SERVICE MANAGEMENT AND OPERATIONS, NTT COM ASIA
page 2
SOLUTION
NTT Com Asia deployed RSA SecurID – a security product from RSA, The Security Division
of EMC. The RSA solution offers customers a secure two-factor authentication process.
RSA SecurID two-factor authentication is based on something each user knows (a
password or PIN) and something they have, for example an authentication security token.
The token generates authentication codes at fixed intervals using a built-in clock and the
token’s encoded factory key. This key is different in every token and is loaded into the
corresponding RSA SecurID server known as RSA Authentication Manager. Using a two-
step authentication process, dramatically increases security.
As the developer of the RSA SecurID solution, RSA delivers regular solution upgrades and
ongoing improvements for customers. NTT Com Asia shared their user experience and
suggested areas of improvement with RSA; the development team at RSA took the
initiative and provided NTT Com Asia with an improved solution to meet their needs.
Furthermore, NTT Com Asia was given the opportunity to use a simulation environment
to test out RSA SecurID Service Pack 4–the latest edition of the solution. Wong was
impressed with the solution and the support he received. He says, “Throughout the
testing period, the RSA team were available to answer any queries we had with the
solution.” He adds, “Thanks to RSA we were able to test all of the functionality of the new
system before making any decisions about the upgrade. The results of the test period
were positive and we took the decision to roll out the RSA SecurID solution, with the
support of RSA Support Services.”
In terms of support services, NTT Com Asia takes advantage of a wide team of resources
including a Support Engineer, an Escalation Manager, and a Technical Account Manager.
The team, spearheaded by the Technical Account Manager, deliver the services as a
single function.
Wong comments, “RSA were one of the best solution providers in the region that could
deliver against the security requirements set by our customers. It was an easy decision
for us to select RSA as our partner in this project”.
RESULTS
Having chosen the RSA SecurID solution, NTT Com Asia is pleased to have successfully
rolled out the solution to its clients with a number of benefits.
Increased security of remote access with RSA SecurID two-step authentication method
Thanks to the trusted two-step authentication method, NTT Com Asia customers have the
peace of mind that important, confidential documentation and applications are secure
from outsider access, helping organizations meet compliance regulations set by local
authorities.
In addition, NTT Com Asia customers now have the freedom to access secure information
from any location and at any time. This enables staff to be more productive when working
remotely.
Reliable solution increases customer confidence and builds trust
According to Wong, the RSA solution enables NTT Com Asia to deliver best-of-breed
solutions to their customers and helps the business to further strengthen existing
relationships with their customers.
Wong comments, “Since we deployed RSA SecurID, the feedback from our customers has
been very positive. The key theme coming through is reliability. Our customers trust the
solution to deliver against their security requirements.”
“ The RSA Support team really go the extra mile for us – including working weekends or at odd hours of the day in order to help us achieve our goals.”
JONATHAN WONG, DIRECTOR SERVICE MANAGEMENT AND OPERATIONS, NTT COM ASIA
www.emc.com/rsa
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa.
Real-time technical support increases productivity
The RSA solution is supported by RSA Support Services, which is available 24 hours a
day, seven days a week. If at any point the NTT Com Asia team have a query or issue that
they need to resolve, they simply contact RSA Support for a resolution. Wong believes
that having one point of contact is key to this process. Wong says, “It is reassuring to
know that if we run into any issues we just need to make a single phone call and we
can resolve the issue immediately. It is a simple and effective support function.”
As a result, the IT team at NTT Com Asia spends very little time maintaining the system
and instead focuses their efforts on delivering IT solutions and services that meet the
needs of their customers.
Experienced, knowledgeable support team provides the basis for a long-term partnership
NTT Com Asia is pleased with the excellence of RSA’s service. Wong comments, “The RSA
Support team really go the extra mile for us – including working weekends or at odd
hours of the day in order to help us achieve our goals.” He adds, “Support services are
extremely important to us as a global ICT solution provider, as we demand high-quality
service upgrades with minimal inconvenience for our customers. RSA deliver against
these requirements.”
Prior to the upgrade from RSA SecurID Service Pack 2 to Service Pack 4, the RSA Support
team added value by meeting NTT Com Asia’s additional requirement to deliver a
simulation platform, which enables NTT Com Asia to experience and practise the upgrade
process. By simulating the upgrade, the NTT Com Asia team were able to ensure the
process was error-free.
Wong has been impressed with the expertise and professionalism shown by the Support
team during the post-sales process. Wong comments, “The RSA team are experienced,
knowledgeable, but more importantly they understand our business – this is key.”
Wong concludes, “RSA are a reliable and trusted security partner for NTT Com Asia, and
we value their continued support. We fully intend to build on this relationship moving
forwards as we seek to deliver new and innovative solutions to our customers.”
©2012 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, and SecurID are trademarks or registered
trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the
property of their respective owners. NTT CP 0512
C U S T O M E R P R O F I L E
NYNET
Helping North Yorkshire County Council (NYCC) Stay Connected
AT-A-GLANCE
Key Requirements
– Secure the authentication process for reliable remote access to services
– Ensure network availability across one of the country’s most remote rural regions
– Maintain business continuity to guarantee provision of services
– Enable employees to work flexibly across multiple sites and from home as necessary
Solution
– Sophisticated broadband solution
– Seamless deployment of one-time password (OTP) hardware authenticators
– Burst license arrangement guaranteeing high level of service while containing costs
Results
– Deployment of shared infrastructure services for public-sector bodies
– Maintain the highest levels of security for sensitive data
– Scalability of solution delivers substantial cost savings and efficiency gains
– Enablement of 200 employees to work from home through heavy snowfall
NYnet provides connectivity and managed services to the majority of public-sector organizations in North Yorkshire. Serving over 750 Public Sector and Health Service sites, NYnet’s high availability broadband network delivers fast, secure, and reliable access to data, applications, and Internet resources across England’s largest county.
KEY REQUIREMENTS
As a leading communications-network provider, NYnet provides connectivity to over 750
Public Sector sites and business parks across England’s largest county. One of its largest
customers, NYCC, is particularly dependent on online availability and NYnet was eager to
help it to maintain 24x7 services to the public.
NYCC had experienced serious problems with its previous remote access technology, both
with the availability of its authentication infrastructure and the quality of service provided
by the service desk in the event of authentication-token reset requests.
Business continuity was a top priority. The Council needed to guarantee critical services,
such as Children’s Services, all year round, even when facing challenges, such as adverse
weather conditions, that would prevent employees from getting to Council sites.
NYCC required secure remote authentication for users in isolated locations. This was
particularly important given the government’s emphasis on enabling home working
for employees, and the Council’s necessity to realize cost savings through reduction
of office space.
Increasing reliability was also important as NYCC workers rely upon authentication tokens
to be able to work consistently to deliver key services.
“ The secure remote-access solution accelerated the take-up of home working for NYCC enabling 200 Council employees to continue to provide much-needed frontline services to the community during unprecedented heavy snowfalls in the latter months of 2010.”
ANDREW FAWCETT, HEAD OF PRODUCT DEVELOPMENT, NYNET
www.rsa.com
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com
©2011 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, and SecurID are trademarks or registered
trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the
property of their respective holders. NYNET CP 0911
SOLUTION
NYnet turned to business solutions provider ANS Group; a solution was created that
combined technologies from Cisco and RSA to meet NYnet’s requirements.
Cisco ASA 45/40 access switches were used to create a VPN between the end-users
and the core network. These load-balanced switches, with intrusion protection, ensure
network availability. Working with NYnet, ANS set up radio masts to enable wireless
connectivity and better throughput for the region.
RSA® SecurID® two-factor authentication hardware authenticators were rolled out to over
800 users at NYCC. Forty percent of these users work in Children’s Services with the
remaining 60 percent split between Financial Services, Environment Services, Adult and
Community Services, and the Chief Executive’s office.
By providing a two-factor authentication solution using the combination of a user name
and password, and a once-only unique number, the RSA SecurID authenticators offered
NYCC both flexibility and security. The deployment of the authenticators was seamless
as they were closely integrated with the organization’s login system.
The new system allows all users to experience standardized access to their systems
regardless of the platform used.
NYnet opted for the ANS SysCare Managed Service, meaning that responsibility for
monitoring of the network, its security, and its upkeep has been outsourced to ANS
Group. This has produced both financial and time savings for NYnet, with SLAs that
guarantee an improvement in uptime and reliability.
The Managed Services package also provides the benefit of a burst license arrangement that
enables NYnet to rapidly increase the number of user licenses it has access to without
buying permanent licenses. This ensures that in the rare event that a major incident results
in employees not being able to get to the office, NYnet can still guarantee that security
policies requiring RSA SecurID strong authentication for remote access will still be enforced.
Feedback from all employees is that the authenticators are simple to use and fully
reliable. The solution is used to provide secure remote access for NYCC employees
working either from home, on the road, or across multiple sites.
RESULTS
The solution that ANS developed brought about significant cost savings for NYCC by
enabling cost-effective shared services across public-sector bodies in the region. By opting
for the Cisco and RSA solution, NYCC was able to realize a saving of £80,000 over five years.
The new solution has enabled NYnet to respond to the increasing public-sector demand
for shared-infrastructure solutions. The scalability of the authentication solution means
that NYnet can offer a cost-effective platform to meet all of its customers’ needs. The
potential to roll out the solution to other public-sector bodies in North Yorkshire, such as
Primary Care Trusts (PCTs) and North Yorkshire Police, thus generating additional revenue
streams, is a significant benefit to NYnet.
The flexible home working that the secure remote access enabled not only brought about
financial benefits, but also enabled NYCC to provide much-needed frontline services to
the community during heavy snowfalls in the latter months of 2010.
With the network now managed by ANS SysCare, NYCC benefits from improved reliability
and the cost and time savings of having outsourced the management of the network.
“ Without this solution, County workers would have been unable to work during the recent snows and this would have resulted in a huge loss of output for several days. I myself was unable to get into work during those days but was able to put in a full day of work.”
GAVIN BOOTH, TELECOMS SERVICE MANAGER, NYCC
C U S T O M E R P R O F I L E
OTP BANK
Retail bank delivers innovative customer service with RSA SecurID®
AT-A-GLANCE
Key Requirements
– Offer customers flexible, integrated banking services with full peace of mind
– Integrate easy-to-use authentication to create attractive banking services
– Minimize administration costs of managing customer accounts
Solution
– New bank account offering combines online and phone channels
– Market-leading one-time password authentication provided by RSA SecurID® hardware tokens
– Security features ensure customer data is protected regardless of operating system, browser, or device
Results
– Over 50,000 new customers have adopted new secure banking service
– Tokens enable users to access their accounts and carry out transactions anywhere, anytime
– Increased user independence reduces burden on bank for administrative tasks
OTP Group provides high-quality financial solutions to meet the needs of nearly 11.9 million customers across almost 1,500 branches, agent networks, and state-of-the-art electronic channels across Eastern Europe.
KEY REQUIREMENTS
Banking customers demand an increasingly sophisticated service from their financial-
service providers. In order to stand out in a fiercely competitive market, banks must
ensure that they not only offer compelling and innovative products and services, but also
that they can fully protect their customers’ precious savings and investments.
The Ukrainian subsidiary of OTP Bank faced exactly this challenge. Vladimir Shvedchenko,
Head of Electronic Business Development for the bank in the region, explains: “We
wanted to offer our customers integrated telephone and Internet banking support. At the
same time, in line with our commitment to providing only the best and most secure
services, we needed to ensure that access to our customers’ accounts was watertight but
simple so that even customers with no technology skills could participate.”
From an internal perspective, the bank needed to ensure that any user authentication
solution put in place to support the enhanced offering would also integrate smoothly with
its existing corporate infrastructure. It needed to offer single sign-on and as much user
self-service as possible to minimize its own administrative costs while boosting customer
satisfaction.
“ By offering our customers the ability to securely access their bank accounts either online or by phone using RSA SecurID® two-factor authentication, we have significantly enhanced the quality of their experience. At the same time we have accelerated growth of our customer base as we can offer highly attractive new services.”
VLADIMIR SHVEDCHENKO, HEAD OF ELECTRONIC BUSINESS DEVELOPMENT, OTP BANK UKRAINE
www.rsa.com
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com
©2011 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, and SecurID are trademarks or
registered trademarks of EMC Corporation in the United States and/or other countries. All other trademarks
referenced are the property of their respective owners. OTPBANK CP 0611
SOLUTION
OTP Bank Ukraine analyzed a wide range of solutions for authenticating its customers to
access their accounts both online and by phone. It focused on evaluating the three key
criteria of security, usability, and platform independence, the last being particularly
important so that customers could access their online accounts regardless of operating
system, browser, or device.
“We wanted to use the best available one-time password, strong authentication
solution,” says Shvedchenko, and for this reason the bank chose to deploy RSA SecurID®
two-factor authentication hardware tokens from RSA – The Security Division of EMC, to its
customers. The solution is based on something the customer knows (a password or PIN)
and something they have (an authenticator) to deliver two levels of user verification.
“We felt that the RSA solution offered the strongest authentication capabilities combined
with an easy-to-use token that would appeal to our customers,” Shvedchenko continues.
“This fits with our strategic vision of offering customers one contract and one
authentication solution to cover all channels of interaction.”
The tokens were introduced to the bank’s OTPdirekt account offering so any customer
that opens an account is now automatically issued an RSA SecurID authenticator for
anytime, anywhere use.
RESULTS
In the first two years of operating the enhanced OTPdirekt service, the bank gained
50,000 new customers, all of whom were issued with an RSA SecurID hardware token.
The two-factor authentication solution has met with a positive response from users, who
are able to access their accounts and carry out transactions both online and by phone
very simply.
“This initiative has not only proven appealing to our customers but also cost-effective
and simple to manage for us,” concludes Shvedchenko. “By equipping our customers
with safe and controlled access to their account information using any device or browser,
we are also demonstrating to the industry that OTP Bank is taking the right steps to offer
new services without compromising customer security and satisfaction.”
“ We felt that the RSA solution offered the strongest authentication capabilities combined with an easy-to-use token that would appeal to our customers.”
VLADIMIR SHVEDCHENKO, HEAD OF ELECTRONIC BUSINESS DEVELOPMENTOTP BANK UKRAINE
C U S T O M E R P R O F I L E
RED BULL RACING
Red Bull Racing Wins Big with Two-factor Authentication from RSA® SecurID®
AT-A-GLANCE
Key Requirements
– Ability to authenticate access to critical applications and email over VPN, even under tough physical conditions
– Watertight protection for team data in highly competitive field
– Easy-to-manage model to optimize efficiency of IT and security teams
Solution
– Robust RSA SecurID hardware authenticators stand up to weather and hard work in the pit lane and on the move
– Easy-to-read tokens encourage user uptake and facilitate fast VPN access under pressure
– RSA Authentication Manager solution integrates smoothly with Cisco and Citrix platforms for a seamless virtual working environment
Results
– Reliability of new hardware tokens remains at 100 percent after one year in production
– Setting up a new token now takes two minutes instead of 30 with previous authentication model, and can be completed simply by IT help desk
– Overall management of authentication solution is less time-consuming, enhancing security team efficiency
The Red Bull Racing team, based in Milton Keynes, England, are double Formula 1 World Champions. The team is, along with Scuderia Toro Rosso, one of two teams owned by beverage company Red Bull GmbH. In both 2010 and 2011, the team won the Constructors’ Championship and team-member Sebastian Vettel won the world drivers Championship.
KEY REQUIREMENTS
A day in the life of a world-champion F1 company is far from office-based. The Red Bull
Racing team regularly competes in Grand Prix all over the world, meaning that many
employees are often on the move. Indeed, individuals frequently need to access the Red
Bull corporate network from challenging locations and under significant time pressure –
particularly those based in the pit lane on race day.
In a fiercely competitive field like F1 racing, however, providing employees with fast and
reliable access to critical applications and email is just half of the story. At the same time,
Red Bull must ensure that any unauthorized attempts to access its network are effectively
prevented to keep team secrets from being leaked.
To enforce a sufficiently high level of security, Red Bull implemented a company policy
demanding the use of two-factor authentication for its remote VPN. However, its existing
solution was not able to meet its usability requirements. Neil Bailey is IT Infrastructure
Manager at Red Bull Racing, and he outlines the issues: “The hardware tokens we were
using weren’t very user-friendly and we had a lot of feedback that people found them
hard to read. Login failures were an everyday occurrence, with many employees regularly
frustrated in their attempts to catch up on their email from their hotel after a day in the
field. The tokens were causing problems trackside as well, as they had a tendency to stop
working if they got wet. This isn’t acceptable when the team needs to access the VPN at a
moment’s notice and in all weather.”
With tokens failing so regularly, administering and replacing them was fast becoming a
costly and time-consuming burden for the IT team as well.
“ We couldn’t afford to lose any more time to ineffective authentication measures, so we wanted to go with the industry leader to ensure we got the high quality we needed. In the end, the fact that RSA is the leader in this field was only one of the many reasons we had to put our trust in its RSA SecurID hardware authenticators.”NEIL BAILEY, IT INFRASTRUCTURE MANAGER, RED BULL RACING
www.emc.com/rsa
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa.
©2012 EMC Corporation. All rights reserved. EMC, RSA, RSA Security, the RSA logo and RSA SecurID are the property
of EMC Corporation in the United States and/or other countries. All other trademarks referenced are the property of
their respective owners. RDBLL CP 0512
SOLUTION
Red Bull Racing had worked with communications services provider NextiraOne, on many
trackside infrastructure projects for a number of years. It therefore naturally turned to this
trusted partner to help identify and implement a new two-factor authentication solution
that would deliver the reliability and usability that the team needed.
“We couldn’t afford to lose any more time to ineffective authentication measures, so we
wanted to go with the industry leader to ensure we got the high quality we needed,” says
Bailey. “In the end though, the fact that RSA is the leader in this field was only one of the
many reasons we had to put our trust in its RSA SecurID hardware authenticators.”
Hardware tokens were issued to around 400 employees, who adopted the new
technology enthusiastically thanks to the user-friendly, easy-to-read design. In addition
to the robust, reliable hardware element, Red Bull Racing was impressed by the fact that
the power behind the tokens–RSA Authentication Manager–integrated smoothly with its
existing IT environment.
“We were pleasantly surprised by how well the solution integrated with our Citrix Access
Gateway VPN,” Bailey comments. “It also works very well with our Cisco Secure Remote
Access solution, enabling smooth delivery of applications. This effortless interoperability
meant that migrating our user base to the RSA platform was quick and hassle-free.”
RESULTS
A year after introducing the RSA SecurID-based authentication solution, Red Bull Racing
can see improvements across the board. The robust hardware tokens are able to
withstand exposure to the rigors of the pit lane while ensuring that users can always
access the VPN and its essential applications whenever and wherever they need to. “The
authenticators have had a reliability rate of 100 percent,” says Bailey. “We’ve not had a
single hardware failure.”
Where new tokens need to be allocated–for example to new employees–the process is
now much simpler and more efficient too. Previously, a skilled security expert would need
to spend about 30 minutes in the authentication-management console, setting up a new
user and allocating them a token. Using the RSA Authentication Manager console, new
users can now be set up in just a couple of minutes. The process is less complex now as
well, meaning Red Bull Racing is able to outsource management of its authentication
fleet to its IT help desk, freeing up the security team to focus on more innovative and
mission-critical projects.
Bailey comments: “The difference between our previous model and the RSA SecurID
authenticators is significant. With the new solution, we’re confident that our team can
perform to the best of their ability at all times, and when you’re striving to be the best in
the world, that’s very important.”
“ The RSA SecurID authenticators have had a reliability rate of 100 percent. We’ve not had a single hardware failure. With the new solution, we’re confident that our team can perform to the best of their ability at all times, and when you’re striving to be the best in the world, that’s very important.”
NEIL BAILEY, IT INFRASTRUCTURE MANAGER, RED BULL RACING
C U S T O M E R P R O F I L E
RUPERT HOUSE SCHOOL
Flexible system and authentication mechanismshelp school maintain the highest standards
AT-A-GLANCE
Key Requirements
– Users struggle with cumbersome security mechanisms
– Lack confidence in providing remote access to systems
– Public data disclosure would lead to damaging publicity
Solution
– Consult with trusted ICT provider Polar Computer Communications
– Safe and controlled access to network assets for any user
– Trust the identities of remote employees when they use network resources
Results
– Reduced risk by deploying strong authentication for workforce
– Sensitive personal data is protected
– Compliance with guidelines and mandatory security requirements
Rupert House School is a UK-based preparatory and pre-preparatory school that teaches approximately 230 pupils every year. Housed in a seventeenth century building in Henley-on-Thames, just west of London, the school was established as a trust over 50 years ago. Today, Rupert House has a reputation for providing an outstanding educational platform for children before they move to secondary education at the age of eleven. To find out more, visit: www.ruperthouse.org/index.html
KEY REQUIREMENTS
As a private educational establishment, Rupert House sets its own curriculum for students to follow. This permits the school to establish unique elements of learning for its children, for example, teaching the French language beginning at the age of six years old.
The school sets high achievement targets for its students and expects the same from the teaching staff. To meet the teacher objectives, the school recognized the need to offer flexible working options by allowing staff to access the school network remotely. This would enable them to carry out a range of tasks from pupil reports to assessments and marking from any location rather than just the school staff room.
However, the school’s network holds sensitive personal data such as pupil and parent information. If the network became compromised, resulting in the loss or theft of sensitive data, it could have potentially devastating consequences for both the school
and the security of its pupils, parents and staff.
As a result, before it could permit teachers remote access to the network, the school was
advised by Polar Computer Communications to ensure that security was watertight and
that it complied with data protection regulations, as set out by the UK Data Protection
Act and Becta guidelines.
The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK.
“ Providing our staff with remote and secure access to the school network has accelerated our aim to ensure best practice across all areas of endeavor within Rupert House School.”
HELEN MACKMAN, BURSAR, RUPERT HOUSE SCHOOL
www.rsa.com
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com
©2010 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, and SecurID are the property of
EMC Corporation in the United States and/or other countries. All other trademarks referenced are the property of
their respective owners. RHS CP 0910
Becta is a government agency that leads the national drive to ensure the effective and innovative use of technology throughout learning. It also helps ensure that the market develops products and services that meet the needs of the education and skills sector and provide value for money.
SOLUTIONRupert House’s long standing and trusted ICT network solutions provider is Polar Computer Communications (Polar) which has provided professional network services to the educational, retail, financial, telco and public sectors since its inception in 1997. Helen Mackman, Bursar, Rupert House School, said: “We have had a strong relationship with Polar for several years and it was natural to ask their advice.”
Simon Bird, Sales and Marketing Manager, Polar, said: “We didn’t want to introduce a cumbersome security mechanism that users might struggle with. A secure hardware token solution ticked all the necessary boxes.”
Polar recommended and deployed an SSL VPN solution incorporating RSA® SecurID® hardware tokens, a two-factor authentication solution from RSA, The Security Division of EMC. The security of two-factor authentication is based on something the user knows (a password or PIN) and something they have (an authenticator or token).
The same basic principle is applied in the everyday use of a bankcard at a cashpoint, however the key differentiator is that an RSA SecurID authenticator displays a 6-digit code that changes every 60 seconds creating a secure password when used in combination with the PIN.
When a user enters the code and PIN, the back-end server verifies the code and authenticates the user. This would ensure confidence that only legitimate users are accessing the school’s resources as well as provide the flexibility to enforce policy and apply controls as required.
RESULTS
Helen Mackman says: “The technology from the teacher side is the hardware tokens. A teacher simply accesses the school website, enters their name and the code that is being displayed on the key at that moment in time. They then enter through the school’s online portal into the school network.”
Users can access parts of the network that are relevant to them such as pupil information, educational assessment reports and reports for parents on their child’s progress. It has produced quite a change for the staff by effectively handing ownership back to the teachers, who are no longer constrained by school working hours and can log onto the network when it is convenient for them.
The school has reduced risk and cost by deploying strong authentication for its staff and also introduced flexibility for teachers in their working hours and more balance in their life. This promotes improved staff efficiency as they are better able to prepare pupil reports, teaching tools and lessons from home, and in turn, means that they can provide more concentrated attention to the children when in school.
Importantly, the school is also complying with the Data Protection Act and Becta guidelines. The Information Commissioners Office, which enforces the Data Protection Act, is vigorous in its pursuance of data miscreants and can, if it feels the need, impose severe fines on organisations. The Becta guidelines, while not mandatory, also represent best practice principles for educational establishments and compliance with them is viewed as essential to ensure the very best operational practice.
Helen Mackman adds: “At Rupert House School we endeavour to do the best across all areas. Providing our teachers with working flexibility is no exception, and meeting national guidelines and legislatory needs is also critical.
“At Rupert House School we aim to do the best across all areas. Providing our teachers with working flexibility is no exception and meeting national guidelines and legislatory needs is also critical. Secure remote access has helped us achieve this.”
HELEN MACKMAN, BURSAR, RUPERT HOUSE SCHOOL
C U S T O M E R P R O F I L E
SIGNIFY
A Decade of Secure, HostedAuthentication Services
AT-A-GLANCE
Key Requirements
– Provide secure hosted two-factor authentication services
– Ensure reliability and flexibility to fit with customer requirements
– Deliver support at all times to guarantee 24x7 access for users
Solution
– Market-leading two-factor authentication underpins hosted security offerings
– Tokens identified as best market offering through constant testing
– Hosted system delivers 99.999% uptime
Results
– Customers receive secure, fault-resilient and easy-to-use remote access service
– In-house teams have more time to focus on mission-critical projects
– Hosted offering delivers cost savings over internally-managed authentication
Since 2000, Signify has built an outstanding reputation for delivering secure, reliable and flexible two-factor authentication which is quick and easy to deploy. It has an extensive client base across sectors including major multi-national corporations, small- and medium-sized businesses, professional services, central government and local authorities.
KEY REQUIREMENTS
Signify has offered hosted two-factor authentication services to its customers across the
UK for ten years. Over this time, Signify has seen an ever increasing demand among its
customers, whatever industry they operate in, for hosted or Software-as-a-Service (SaaS)
options as well as on-premises solutions.
Dave Abraham, Signify’s CEO, explains: “Many of our customers ask us to manage their
two-factor authentication solutions for them as they want a reliable, secure and flexible
solution that is quick and easy to install, but they don’t have the in-house resources to
do it themselves.”
Managing authentication systems securely can be complex, as each user must be given
the correct access rights and credentials, which may change over time. Organizations that
operate 24x7 also need support that is always available so employees who lose their
authentication token or forget login details can get back online quickly or have their
account blocked to prevent unauthorized use.
“There are two key components that we need to address in order to serve our
customers,” comments Abraham. “The first is ensuring they are equipped with the right
security authorization technology, like a VPN and authentication tokens. The second is
having the processes and infrastructure in place to keep it running at all times.”
“ The decision to choose the Signify and RSA managed service was pretty simple. Their focus in this area offered all the features we needed and delivered a 24x7 service for far less than the real in-house cost.”
TERRY WALKER, IT DIRECTOR, KIER GROUP PLC
www.rsa.com
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com
©2010 EMC Corporation. EMC, RSA, RSA Security, the RSA logo, (other EMC trademarks) and (other RSA trademarks)
are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks
mentioned are the property of their respective owners. SIGNIFY CP 0910
SOLUTION
As an independent solutions provider, Signify constantly monitors the market for the
most effective security technologies to recommend to its customers. It carries out regular
tests of the solutions it uses against other offerings to ensure it stays up-to-date on the
best solutions. It has worked with RSA – The Security Division of EMC – for ten years and
is the only European managed security service provider to be an accredited RSA partner.
“After a decade, we still find the RSA SecurID® authenticators to be the best and most
reliable hardware tokens on the market,” says Abraham. “You can drop them in a glass of
water and they still work – no other tokens are that robust.” This reliability means that
Signify can deliver a much more cost effective service to its customers, as the need to
purchase replacement tokens is rare. “The track record of the RSA technology has proven
that is has a very low failure rate,” he adds.
Signify is committed to delivering a positive customer experience for all of its services.
The RSA SecurID technology, providing market leading one-time password strong
authentication, in a breadth of options including software, hardware and SMS, forms the
foundation. Recently included in the service is SaaS login, enabling users to use these
same authentication options to securely access ‘Cloud’ applications such as Salesforce.
com and Google Apps.
In addition Signify has created its own user interface, called the Identity Management
Centre (IMC), which its customers can use to manage user criteria themselves and
manage user access reports in line with audit requirements. A web-based helpdesk is
also available to provide 24x7 support for any users with questions or access issues.
“We regularly carry out audits to test the quality of the two-factor authentication service
we provide to our customers, and have found that we have better than 99.999% uptime,”
Abraham says. “Including planned maintenance, we had just two minutes of downtime in
the last three years.”
RESULTS
The service that Signify is able to offer, based on this technology, has brought real
benefits to clients across many industries. “The Signify managed service has provided us
with a secure, fault-resilient and easy-to-use remote access service and has freed up our
in-house IT teams to focus on other key challenges,” says Warner Beekmeyer, Network
Security Manager for law firm Lovells LLP.
For Royal Vopak, a global market leader of independent bulk liquid storage terminals, a
good hosted service is one that needs no managing and delivers a reliable 24x7 service.
Lambert Caljouw, an Enterprise Architect with the company, explains: “With our previous
provider, some of the tokens would run out of synchronization and that could cause
problems. Because the support staff is not round-the-clock, a forgotten password or a
lost token would often cause significant delays for employees needing to access data.
Signify handles everything from dispatching devices and rights administration to
handling lost tokens or forgotten passwords. It’s a no hassle solution and if a user does
lose a token, Signify provides them with secure emergency access by delivering a one-
time passcode to a mobile phone, PDA or PC by SMS or email.”
“ After a decade, we still find the RSA SecurID authenticators to be the best and most reliable hardware tokens on the market.”
DAVE ABRAHAM, CEO SIGNIFY
C U S T O M E R P R O F I L E
TIVIT
Brazilian IT Outsourcing Company Reinforces Security Compliance with RSA
AT-A-GLANCE
Key Requirements
– Reinforce the security of internal data and remote access processes
– Ensure compliance with industry standards, such as those set by the PCI DSS
– Extend use of flexible, remote working among employees
Solution
– RSA® Data Loss Prevention Network identifies and protects sensitive and regulated data being sent out of the organization via email and other network traffic
– RSA SecurID® delivers two-factor authentication to enhance security when employees access systems remotely
– Local RSA Professional Services team provided tailored support, with deployment completed in just three days
Results
– More insight and control over the security of sensitive data leaving the network
– Able to demonstrate full compliance with security standards to customers in any industry
– Enhanced expertise in IT security, with this incorporated into service portfolio
Based in Sao Paulo, TIVIT provides integrated IT, application systems, and business process outsourcing (BPO) services to clients in Brazil and the rest of the world. With an extensive portfolio of services and a consultative approach to assisting clients, it delivers solutions to organizations in the finance, manufacturing, healthcare, professional services, and utilities sectors.
KEY REQUIREMENTS
IT security is a key concern for TIVIT and its clients, many of whom operate in industries
where specific data protection regulations, such as the Payment Card Industry Data
Security Standard (PCI DSS) apply.
With this in mind, TIVIT is committed to enhancing its internal systems and working
environment to ensure full compliance with regulatory requirements. As part of its efforts,
it identified the need for enhanced insight into the information that was being shared on
its network to help identify potential risks more readily.
In addition, as a client-centric organization, TIVIT aimed to enhance its employees’ ability
to work flexibly on-site at clients’ offices. It wanted to further secure the process of
establishing a remote connection to its servers by introducing multi-factor authentication.
Selma Aparecida Malaguti Aguilera from TIVIT’s Corporate IT and Compliance department
explains: “As an organization, we understand the need for a comprehensive approach to
ensuring the security of our operations, taking into account the IT systems used to access
and share data, the behavior of our employees when handling sensitive information, and
how good practices are enforced. The work we do has a fundamental impact on the IT
security of our clients’ organizations. It is crucial, therefore, to ensure the thoroughness
of our own approach to data protection.”
“ Implementing RSA Data Loss Prevention and RSA SecurID has helped us accelerate our efforts towards ensuring compliance with our customers’ security demands and regulations, such as PCI DSS. As well as ensuring our own operations are secure, this provides extra reassurance to our clients and partners, many of whom operate in industries where these regulations apply.”
SELMA APARECIDA MALAGUTI AGUILERA, CORPORATE IT AND COMPLIANCE, TIVIT
www.emc.com/rsa
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa.
©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, and SecurID are trademarks
or registered trademarks of EMC Corporation in the United States and/or other countries. All other trademarks
referenced are the property of their respective owners. TIVIT CP 0312
SOLUTION
After assessing network-monitoring solutions from RSA and its competitors, TIVIT
commissioned Proof-of-Concept (PoC) trials of RSA Data Loss Prevention (DLP) Network
and a competitor’s offering to better determine their suitability for its requirements. It
also undertook a broader evaluation of the overall strength of their security offerings.
Following its evaluation, TIVIT chose to implement RSA DLP, based on its performance
during the PoC and taking into account the strength of RSA’s full product range and its
broader position within the security marketplace. In particular, TIVIT selected RSA for its
proven experience of deploying DLP globally and the better cost-benefit ratio it offered.
TIVIT enlisted the support of a local RSA Professional Services team to support the
deployment. This proceeded smoothly, taking just three days to roll the solution out to
about 3,000 users across the company’s network.
It also deployed 1,300 RSA SecurID hardware tokens to enhance the log-in process for
employees when accessing its systems remotely or connecting to its wireless network.
As part of its support for the project, the RSA team helped ensure that TIVIT was fully briefed
on how to use the new solutions. It conducted knowledge-transfer sessions with specialists
at the company, enabling them to share their learnings within the organization.
RESULTS
Following the implementation, TIVIT is able to maintain a much stronger position on security
and compliance. By using RSA DLP Network to provide full visibility into the information that
is sent across its network, it is easier for administrators to identify potential data-protection
risks and enforce security best practices among employees. For example, DLP can highlight
if a user is detected sharing unencrypted financial or personally identifiable information,
allowing administrators to take corrective action if necessary.
TIVIT has used DLP to create security rules to identify sensitive internal data, such as
credit card numbers and data which is covered by TIVIT´s classified-information policy,
and improve the way this is handled.
With a greater understanding of how its network is used, TIVIT can develop more effective
security policies and provide more targeted advice to users on how to ensure information
is kept safe. In the event of an incident, DLP allows TIVIT’s administrators to take control
of the situation faster and quickly identify any issues that need to be resolved.
By using RSA SecurID to enhance security when employees connect to its network,
TIVIT has further minimized the risk of sensitive information being accessed without
permission. The deployment has reinforced its compliance with data-security regulations
such as the PCI DSS.
Aguilera comments: “With the DLP and SecurID solutions in place, we are more confident
than ever that the data on our systems is secure. By deploying these technologies, we’ve
been able to send a clear message to our clients and partners that we take the security of
our information seriously and share their priorities when it comes to ensuring compliance
with industry data-protection requirements.”
As well as enhancing TIVIT’s reputation among its client base, the success of the
relationship with RSA has also presented an opportunity to potentially add security
services to its offering. With the security of its own systems ensured, TIVIT is now
considering partnering with RSA to further extend the benefits of RSA solutions to its
clients.
“ With the security solutions in place, we are in a better position both to serve our existing clients and pursue new business opportunities. Demonstrating the strength of our internal security measures has enhanced our reputation as an IT partner, and the development of our relationship with RSA offers the potential for us to develop related services in the future.”
SELMA APARECIDA MALAGUTI AGUILERA, CORPORATE IT AND COMPLIANCE, TIVIT
C U S T O M E R P R O F I L E
U.K. LOCAL AUTHORITY
Local authority secures compliance with two-factor authentication
AT-A-GLANCE
Key Requirements
– A platform for governance, risk, and compliance that meets requirements of U.K. government Code of Connection (CoCo) in order to connect to the Government Connect Secure Extranet (GCSx)
– Two-factor authentication for secure remote access
Solution
– Deployed two-factor authentication
– Provided approximately 300 hardware tokens for employees and made available 500 tokens for contractors
Benefits
– Met CoCo stipulations, ensuring appropriate authorization for GCSx access
– Quick adoption by end users due to ease of use
– Anticipate long-term IT cost savings with more efficient remote-access provisions
This local government authority serves the needs of residents in a large geographical stretch of northern England. These services cover a broad range of areas including housing, social services, environmental planning, transport and street maintenance, benefits and advice, and help during emergencies.
KEY REQUIREMENTS
Communication with central government is absolutely central to the local authority’s
operations. For example, the council needs to regularly send information on the number
of people claiming benefits to the Department of Work and Pensions. This information,
and that collated from other local authorities, helps inform central-government policy
while ensuring local authorities receive the funds they need.
This communication takes place over a secure WAN, known as the GCSx. GCSx is also
connected to the Government Secure Intranet (GSI). Other local authorities, central
government, and national government-funded organizations such as the National
Health Service and the Police National Network also use this WAN.
To strengthen security, central government developed the CoCo for all organizations
that connect to the GCSx. The CoCo is a list of security requirements, approximately
200 in total, which all local authorities must comply with before their GCSx circuit
can be activated.
The government authority needed a platform for GRC programs and a two-factor
authentication solution that would provide secure access for employees and contractors.
“ With RSA® SecurID® providing two-factor authentication for secure, remote network access, we are now assured that our users are who they say they are. This means we are able to provide them with access to the applications they need as and when they need them. Furthermore, it accelerates our drive to meet regulatory mandates issued by central government about the management of data.”
IT BUSINESS MANAGER, U.K. LOCAL AUTHORITY
www.rsa.com
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com
©2011 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, and SecurID are trademarks or registered
trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the
property of their respective holders. UKLOC CP 0211
SOLUTION
CoCo regulations cover a wide range of measures including locking down laptops,
securing data against theft, and guidelines for desktop PC usage. The local authority
met these requirements but needed to strengthen network access for remote workers
in compliance with CoCo mandates.
It had previously operated a standard username and password system to gain access
to its network, but the GCSx then required a strong two-factor authentication solution.
The council asked a number of companies to submit proposals. A network-security
company provided a presentation on RSA SecurID two-factor authentication from RSA,
The Security Division of EMC. RSA SecurID is based on something you know (a password
or PIN) and something you have (an authenticator).
The IT Business Manager at the local authority explained: “IDsec’s presentation was
second to none and it was an easy decision to choose RSA SecurID. From a network
perspective we are a Cisco house. RSA SecurID has a powerful and proven track record
especially within government organizations and integrates very easily with Cisco
technologies.”
The network company then used its technical ability and IT skill sets to ensure the RSA
SecurID solution was implemented within a short time frame and “very smoothly,” added
the IT Business Manager. Three hundred RSA SecurID hardware tokens were provided to
various council employees working from home, such as IT and finance staff. A further 500
RSA SecurID software tokens were made available for contractors who need temporary
network access.
These tokens ensured the authority’s network could only be accessed by authorized
people, while also delivering very strong security.
RESULTS
The strong authentication solution has ensured that the local authority can now positively
identify people who are accessing its local area network, virtual private networks, and
the GCSx.
The IT Business Manager said: “The RSA SecurID technology has instilled great
confidence that all data sent across our network is transported securely. For example,
financial employees working from home may need to collate data on the council’s
network and then send it to the Department of Work and Pensions over the GCSx. They
can do this securely and easily by using the RSA SecurID hardware tokens. In fact, if
they’re not using this authentication, they’re simply not allowed access to any networks.”
Aside from the improved security and compliance with CoCo requirements, the council
also praised the solution’s ease-of-use as a further significant benefit with users
understanding the technology very quickly.
It also anticipates long-term cost savings arising from a decreased need for IT staff to
establish remote network connections. The council can simply centrally manage remote
network users, as and when needed.
“ We have raised our security profile and simplified compliance with the mandatory Code of Connection thanks to RSA SecurID. Eventually we plan to extend use of RSA SecurID in line with our evolving needs.”
IT BUSINESS MANAGER, UK LOCAL AUTHORITY
C U S T O M E R P R O F I L E
VIRGIN BLUE
Virgin Blue’s productivity takes off with on-demand authentication tokens
AT-A-GLANCE
Key Requirements
– Replace cumbersome VPN-based IT environment with strong authentication to allow more efficient employee access to corporate data
– Simplify IT security management
Solution
– Deployed on-demand access solution via SMS authentication tokens to 7,500 employees and hardware tokens to about 1,500 users
– Tokens provide remote access to new web-based corporate portal
Results
– Call center workers 10 percent more productive
– Mobile employees access critical data as needed
– Self-service features mean no increase in IT support despite a 1000 percent increase in tokens used
– Third parties able to use new solution
Virgin Blue has accomplished a lot in its years of operation. Launched in 2000 as the first sustainable low-fare airline in Australian skies, it has established a global reputation as an innovator and leader in the aviation industry. It started operating a single route, with just 200 staff, and now flies thousands of passengers across the South Pacific region and beyond, and employs more than 7,000 people.
KEY REQUIREMENTS
As a major player in the Australasian aviation industry, Virgin Blue needs to stay agile.
Having the flexibility to adapt quickly to changes in market and customer demand
is essential.
Having quickly grown from a company of a few hundred people to several thousand, its
employee productivity was often hampered by its IT environment. Mobile workers, such
as IT support staff and senior executives, relied upon a VPN to access information when
away from the office. Based on physical security tokens from another vendor, this model
was hard to manage and could stop key employees from being able to do their jobs.
Virgin Blue decided to develop a web-based secure portal to provide staff access to
corporate information. The online model would also support the significantly larger
user base more smoothly and reliably.
Alistair Crawford, IT Infrastructure Manager for Operations at Virgin Blue, explains:
“The aim was to give other groups of workers, such as call center operatives, the option
to work from home while also enabling traveling staff to access the company system even
when abroad. These goals meant that user authentication and management became
even more important though.”
“ By deploying RSA® SecurID® on-demand authentication tokens we have not only accelerated our transition to a fully mobile productive workforce, but we’ve also driven time and cost savings for both IT and the business at large.”
ALISTAIR CRAWFORD, IT INFRASTRUCTURE MANAGER FOR OPERATIONS, VIRGIN BLUE
www.rsa.com
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com
©2011 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, and SecurID are trademarks or registered
trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property
of their respective holders. VBLUE CP 0211
SOLUTION
The company needed a strong authentication system with the highest possible
availability to support wider remote access, 24x7. It was also essential to have a
management solution that would minimize the amount of time the IT team needed to
spend on support of the authentication system. The time invested in administering the
incumbent hardware tokens was significant, and the team could not accommodate a
corresponding increase as the user base grew.
After considering a number of solutions, Virgin Blue carried out tests on the
authentication, integration, and failover capabilities of RSA SecurID on-demand SMS
tokens from RSA – The Security Division of EMC. “During the evaluation stage, RSA
worked proactively with us to ensure the solution was tailored to meet our specific
requirements,” says Crawford. “For example, we needed to ensure the solution worked
internationally, so that pilots and cabin staff could get onto the system in an emergency
from any location.”
He continues: “In the end, we chose the RSA solution as it met all our requirements
around availability and manageability. It was clearly the perfect fit.”
RSA SecurID two-factor authentication is based on something each user knows (a
password or PIN) and something they have – in this case an on-demand authenticator
delivered by SMS. This provides Virgin Blue with a much more reliable level of user
authentication than reusable passwords.
RESULTS
The solution enabled 50 call center staffers to work from home, increasing the number
of calls they can take by 10 percent. Mobile employees are also more productive as they
can keep working even when on the move.
The new web-based system is more reliable, reducing organizational down time and
administrative costs. This is most obvious in the fact that despite the 1000 percent
increase in the token base, the support team has remained the same size. The solution’s
self-service portal enables end users to manage their own tokens easily and simply.
“All of this was enabled by the authentication system provided by RSA,” says Crawford.
“It was smooth and quick to integrate, it’s easy to use, and it delivers the reliability and
availability we need. Without it, we could not have introduced the web-based corporate
portal.”
Virgin Blue is already working on expanding the solution further, providing tokens
to more call center staff as well as certain third parties. “For example, by allowing
engineering companies secure direct access to information on our system, we can
help them update aircraft-maintenance records quicker,” Crawford explains.
He concludes: “We’re the first airline in the region to adopt this innovative high
availability approach, and thanks to RSA it’s been a great success and secured
our leading reputation.”
“ Our project was enabled by the on-demand SMS authentication system provided by RSA. It was smooth and quick to integrate, it’s easy to use, and it delivers the reliability and availability we need. Without it, we could not have introduced the web-based corporate portal.”
ALISTAIR CRAWFORD, IT INFRASTRUCTURE MANAGER FOR OPERATIONS, VIRGIN BLUE