RSA Customer Profiles: RSA SecurID - tech. · PDF fileRSA SecurID case studies by region Click...

RSA Customer Profiles:RSA® SecurID®

Asia PacificNTT Com Asia

Virgin Blue

EMEABank of Uganda

EMEA Telecommunications Company

LAit (Lazio Innovazione Tecnologica)

NyNet

OTP Bank

Red Bull Racing

Rupert House School

Signify

UK Local Authority

Latin AmericaBancolombia

Banco Popular de Puerto Rico (BPPR)

TIVIT

North AmericaArray Services

EMC

International Computerware

KPMG LLP

Moffitt Cancer Center

RSA SecurID case studies by region Click for industry index

BankingBancolombia

Banco Popular de Puerto Rico (BPPR)

Bank of Uganda

OTP Bank

EducationRupert House School

GovernmentLAit (Lazio Innovazione Tecnologica)

UK Local Authority

HealthcareMoffitt Cancer Center

ManufacturingTIVIT

ServicesArray Services

TechnologyInternational Computerware

NTT Com Asia

Signify

EMC

KPMG LLP

NyNet

Red Bull Racing

TelecommunicationsEMEA Telecommunications Company

TravelVirgin Blue

RSA SecurID case studies by industry Click for region index

C U S T O M E R P R O F I L E

ARRAY SERVICES

Professional Services Firm Boosts Security with RSA Technologies

AT-A-GLANCE

Key Requirements

– One security platform for monitoring and reporting of all SSAE 16 controls to support PCI DSS and HIPAA

– Flexibility to cope with heterogeneous technical infrastructure

– Ability to identify and mitigate risks and threats in real time

Solution

– RSA enVision® SIEM collects, analyzes, and prioritizes security events from across the enterprise IT infrastructure

– RSA® Data Loss Prevention (DLP) Suite automatically identifies, monitors, and blocks sensitive information from leaving the organization

– RSA Professional Services provided customization services

Results

– Able to prove continuous compliance with industry regulations

– Automated security practices enable the Security Operations Center to focus on higher-valued tasks

– Improved security posture positions Array Services more competitively

Array Services Group Inc. comprises four separate companies, all based on a single campus in central Minnesota. CareCall, ProSource, JCC Medical, and JCC Financial offer solutions focused on customer service, revenue cycle management, and debt recovery and collections, respectively. The Group’s customer base is spread across a wide range of industries, including healthcare and financial services.

KEY REQUIREMENTS

As a provider of critical professional services that touch upon a number of business areas

and processes for its customers, Array Services Group Inc. often handles sensitive data. This

includes personally identifiable information (PII) and credit card information that are

covered by strict industry regulations like the Healthcare Information Portability and

Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS).

In order to provide its customers with additional peace of mind, Array Services also

wanted to demonstrate its alignment with Statement on Standards for Attestation

Engagements (SSAE 16) attestation requirements. This required the organization to show

it could aggregate logs and correlate events across its entire IT environment – a

significant undertaking given that these systems include a heterogeneous mix of Linux

and Windows systems.

“We needed a solution that could handle the diversity of our technical ecosystem and

create a centralized point of reference for all our security and compliance obligations,”

summarizes Keith Swingle, Director of Information Technology, Array Services. “By

implementing such a solution, we hoped to attract new customers as well as provide

our existing client base with an added layer of protection against risk.”

“ If our customers can’t trust us they won’t do business with us – so having security systems that we can place our own trust in is essential. This is where RSA’s technologies, and the insightful support from its team, have been so important. We have total confidence in the security technologies we have deployed.”

KEITH SWINGLE, IT DIRECTOR, ARRAY SERVICES

SOLUTION

Having successfully used RSA® SecurID® hardware tokens to provide approximately 100

employees with remote access to its VPN for over seven years, Array Services Group naturally

considered RSA – The Security Division of EMC – to provide its new SIEM and DLP capabilities.

“We investigated the RSA enVision security information and event management (SIEM)

platform, and compared it against a number of other options,” says Swingle. “It proved to

be the best fit for our organization, as it met our requirements around functionality and

ease-of-use. The fact that it integrated smoothly with our heterogeneous infrastructure

was also a crucial factor that made the RSA solution stand out from the competition.”

Implementation of the RSA enVision platform was undertaken with support from RSA

Professional Services. The teams worked together to configure the technology in line with

the organization’s specific needs. This meant not only creating a centralized repository

for all log and event information from across the three corporate environments, but also

developing a specially tailored and intuitive interface from which each business

environment can be viewed.

Once the solution was installed and configured, the Array Services Group team was

interested to see how RSA could help them better meet some of their other security

responsibilities.

Brent Benson, Senior System Administrator, Array Services Group Inc. explains: “We

operate in the collections and recovery space, which means we handle a lot of PII on

behalf of our clients. As well as stopping unauthorized individuals from accessing this

data, it’s equally important that we don’t allow it to leave our network unsecured – for

example in an email or on a USB stick. This is where RSA’s DLP solution came in.”

It was with this in mind that Array Services ran a proof of concept of the RSA Data Loss

Prevention (DLP) Suite, covering Array’s network egress points and approximately 300 end

points. “We created our own set of policies to determine how potential breaches are dealt

with,” says Benson. “For example, if someone sends an email containing sensitive

information, we can either stop it immediately, re-route it to the individual’s manager, or let

it go through while notifying the individual so they can modify their behavior next time.”

The team also uses RSA DLP Datacenter to identify where sensitive data is located across

the organization. “Often knowledge of where documents are kept is lost as people move

on, so without spending many man-hours physically searching for it, it’s hard for us to

know where sensitive information might be held,” reflects Benson.

The outcome of the 30-day RSA DLP proof of concept was eye-opening, as Keith Swingle, IT

Director, Array Services, recalls: “I still remember the reaction we received when we reported

the risk areas that the DLP solution had brought to light. It made us aware of the scale of the

risk we faced, but at the same time it gave us the tools we needed to mitigate it.”

RESULTS

Since deploying the RSA enVision platform, Array Services Group is able to show that it

has significant and meaningful controls in place to align with PCI DSS, HIPAA, and many

other government and industry requirements as documented by their current SSAE 16

attestation. “Some regulations require an organization to prove compliance at the time of

audit and then may not be checked again. However, we can now show our customers at

any time that we have strong measures in place to protect their business-critical data,”

says Swingle. “This peace of mind is important to ensure that existing customers stay

with us and that new ones feel they can depend on us.”

“ The RSA enVision platform proved to be the best fit for our organization, as it met our requirements around functionality and ease-of-use. The fact that it integrated smoothly with our heterogeneous infrastructure was also a crucial factor that made the RSA solution stand out from the competition.”

BRENT BENSON, SENIOR SYSTEM ADMINISTRATOR, ARRAY SERVICES GROUP INC.

www.rsa.com

CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.RSA.com

The addition of the RSA DLP Suite has also made a significant impact. The team is now

able to gain detailed insight into the location and flow of sensitive data across its

business units, at the push of a button. “We used to rely on time-consuming manual

scanning for at-risk PII data,” Swingle continues. “Now we can deploy our grid-computing

network of up to 300 PCs to carry out DLP activities on a massive scale, covering

terabytes of data automatically.”

Swingle and Benson sum up the benefits of the two solutions as being able to offer the

strongest available security for their customers’ data along with enhanced auditing and

reporting for management.

They conclude: “At the end of the day, if our customers can’t trust us they won’t do

business with us – so having security technology that we can place our own trust in is

essential. This is where RSA’s technologies, and the reliable and insightful support from

its team, have been so important. We have total confidence in the technologies we have

deployed and are already considering adding more complementary RSA solutions – such

as the RSA Archer™ GRC Platform – to our environment.”

©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, Archer, enVision, and SecurID

are trademarks or registered trademarks of EMC Corporation in the United States and/or other countries. All other

trademarks referenced are the property of their respective owners. ARRAY CP 0212


BANCOLOMBIA

Colombia’s largest bank cuts fraud attempts by 90 percent with RSA

Key Requirements

– Combat rising fraud levels on online-banking portal

– Minimize impact on the end user experience while maintaining effective levels of security

– Boost security profile with 24x7 monitoring of online activity and tools to support an effective response when attacks occur

Solution

– RSA® Adaptive Authentication identifies unauthorized log-in attempts using RSA Risk Engine, without affecting end user experience

– RSA SecurID® hardware authenticators for Bancolombia’s corporate-banking clients enhance access security with two-factor authentication

– RSA FraudAction™ service provides constant monitoring of online threats, helping track and neutralize attacks on Bancolombia and its customers

Results

– Fraud incidents reduced by 90 percent

– Simplified user experience for retail-banking customers, with Adaptive Authentication working in the background to determine risk of unauthorized access attempts

– Bancolombia is better equipped to prevent and respond to online attacks

Bancolombia is the largest commercial bank in Colombia and one of the largest in the Latin America region. It offers both retail and corporate financial services, including saving and current accounts, debit and credit cards, pension plans, mortgages, and personal and business loans. Headquartered in Medellín, Colombia, it also has operations in the U.S., Peru, El Salvador, Panama, Puerto Rico, and the Cayman Islands.

KEY REQUIREMENTS

Bancolombia is a leading name in the world of finance, both in its native Colombia and

across many other Latin American markets. Since starting out in 1945, it has established

an extensive customer base that includes both corporate and retail customers, providing

banking services to around 60,000 organizations and over 1.5 million individuals.

Bancolombia provides an online-banking portal that makes it easier for customers to manage

their financial activity. This is used by around 90,000 contacts within the institutions it serves

and over a million of its retail customers. The transactional platform that supports the service

is hosted and operated on behalf of Bancolombia by TODO1, a company that specializes in

providing IT services to financial organizations across Latin America.

In 2008, Bancolombia began to experience a large rise in attempts to fraudulently gain

access to its online platform. “We knew we needed to respond quickly and effectively,

both for the sake of our customers and to preserve the integrity of our offering,” says

Carlos Rodriguez, Internet Manager, Bancolombia. “Until that point, we had relied on

applications we had developed in-house to prevent attacks. However, the severity of the

fraud activity we were starting to see highlighted the need to strengthen our defenses

with dedicated security solutions.”

“ Incorporating RSA solutions into our online-banking portal has helped us offer a safer experience that customers can trust to be secure against fraud and phishing attempts. The statistics speak for themselves: We have seen a 90 percent reduction in fraud since deploying the technology. Both our retail and corporate customers have benefitted, and we are in a stronger position to meet our regulatory requirements.”

CARLOS RODRIGUEZ, INTERNET MANAGER, BANCOLOMBIA

A priority for Bancolombia was improving the security of its online-banking platform

without detrimentally affecting customers’ experience of using the service. For corporate

accounts, the local regulatory authority required it to also offer hardware-token-based

authentication security to protect high-value business transactions.

In addition to improving access security, Bancolombia also wanted to enhance its awareness

of the online-fraud landscape and activity on its own systems. It needed a set of security tools

to monitor activity, track threats, and provide support when a response was necessary.

SOLUTION

Preserving the ease-of-use of its online-banking portal was a priority, so Bancolombia

decided to deploy RSA Adaptive Authentication for its enterprise and retail customers.

This provides an effective but unobtrusive means of authenticating access attempts. The

solution seamlessly integrates into browser-based log-in processes, without requiring

users to install any additional software or hardware.

For its corporate clients, Bancolombia also offers RSA SecurID hardware authenticators to

provide two-factor authentication when users attempt to access its online-banking

platform, in accordance with the requirements of the regulatory authorities. It distributed

these to approximately 90,000 users of its systems.

Bancolombia relied on the support of TODO1 during the deployment. TODO1 liaised with

RSA Professional Services to provide full support throughout the implementation of

Adaptive Authentication, from sharing examples of best practices during the planning

stages, through overseeing the integration of the technology into Bancolombia’s existing

online-banking portal, and managing the service on an ongoing basis. When deploying

RSA SecurID authenticators to its corporate customers, Bancolombia worked directly with

RSA, with additional support provided by TODO1 once the solution was in place.

To enhance its ability to track and respond to fraudulent activity against its online-

banking platform, Bancolombia implemented RSA FraudAction service. Managed by RSA

security experts, this provides 24x7 monitoring of the online-fraud environment and of

phishing and Trojan threats specifically against Bancolombia and its customers, as well

as tools to investigate and neutralize attacks. As the service is managed externally, only

minimal work was required to integrate it with Bancolombia’s systems, with the

deployment taking only a week. TODO1 oversees its operation on an ongoing basis and

feeds back the insights gathered into online-fraud trends to executives at Bancolombia.

RESULTS

Once the RSA solutions were in place, Bancolombia soon saw a dramatic reduction in the

level of fraudulent activity against its online platform: “Fraud fell by around 90 percent

after we added the technology and has remained consistent since,” says Rodriguez.

With RSA Adaptive Authentication, Bancolombia’s online-banking portal benefits from the

addition of secure but subtle authentication when customers attempt to access the service.

To log in, users are only required to enter a user name and password. Despite the apparent

simplicity of this process, in reality Adaptive Authentication works in the background to

evaluate the risk of an unauthorized-access attempt. It can respond by requiring the user to

input further identifying information to confirm the attempt is genuine if the level of risk is

deemed to be too high, as determined by Bancolombia’s security protocols.

RSA SecurID is now used by Bancolombia’s corporate customers when accessing their

online-banking services. “Each of the professional users who access our platform on

behalf of their organization now has a hardware authenticator that is unique to them. In

order to gain entry to the system, they use this to generate a one-time access code that

cannot be produced by any other means, but which is recognized by our systems. This

adds a powerful extra layer of security to the log-in process and means that anyone trying

to access our banking portal must have the relevant token in hand,” explains Rodriguez.

“ The combination of RSA Adaptive Authentication, RSA SecurID, and RSA FraudAction service with the support of TODO1 helps protect our online-banking portal from fraud attempts both at the point of access and on a continuous basis. We are now less likely to suffer from an attack and are better prepared to respond if an incident does occur.”

CARLOS RODRIGUEZ, INTERNET MANAGER, BANCOLOMBIA

www.emc.com/rsa

CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa.

RSA’s FraudAction service reinforces the security these solutions provide at the point of

access by enhancing Bancolombia’s overall ability to detect and respond to fraud

attempts. A dedicated team of RSA experts constantly monitors for signs of fraudulent

activity, allowing the bank to respond quickly in the event of an incident. The service also

provides Bancolombia with a powerful range of tools to support a security response,

including those needed to forensically investigate an incident.

©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, FraudAction, and SecurID are

trademarks or registered trademarks of EMC Corporation in the United States and/or other countries. All other

trademarks referenced are the property of their respective owners. BANCOL CP 0512


BANCO POPULAR DE PUERTO RICO (BPPR)

Security technology combats phishing attacks and provides strong authentication

AT-A-GLANCE

Key Requirements

– Required by Federal Financial Institutions Examination Council (FFIEC) to introduce multi-factor authentication (MFA) for user access into online banking services

– Risk assessment showed that its existing in-house security system was not adequate to meet these new demands

Solution

– Deployed RSA® Adaptive Authentication MFA for online banking access

– RSA FraudAction™ anti-phishing rolled out to combat an increase in phishing attacks

– RSA SecurID® authentication deployed to secure employee remote access to the corporate intranet

Results

– A dramatic reduction in the number of phishing attacks, with customers now benefitting from peace of mind, knowing that their assets are fully protected

– Time and costs associated with shutting down fraudulent sites have been reduced, meaning BPPR can take a more proactive approach to combating phishing scams

Banco Popular de Puerto Rico is Popular, Inc.’s main subsidiary and the largest commercial bank in Puerto Rico. It provides the most extensive and complete distribution network in Puerto Rico, with 196 branches, over 620 ATMs, more than 27,162 point-of-sale terminals, a 24/7 call center, and an advanced Internet banking service. To find out more, visit www.popular.com.

KEY REQUIREMENTS

As Puerto Rico’s largest commercial bank, Banco Popular de Puerto Rico (BPPR) takes the

security of its customers’ assets extremely seriously. To authenticate users of its online

banking services, BPPR had in place a three-step password system based on its own in-house

technology. Customers were asked to answer one of three rotating questions (all previously

chosen by them), as well as one set question, before finally being asked to enter a PIN.

While this existing system was effective in preventing phishing attacks on BPPR’s existing

customers, it was required by FFIEC to introduce MFA. An extensive risk assessment

carried out by the bank showed that its existing in-house system was not sufficient to

meet these latest compliance demands.

“ Multi-factor authentication and anti-fraud technologies have enabled us to accelerate the speed at which we can identify and prevent phishing attacks in the online channel. Rather than a reactive approach, we are now able to proactively identify fraudsters and shut down fraudulent sites.”

CAMILLE BURCKHART, SENIOR VICE-PRESIDENT, TECHNOLOGY MANAGEMENT DIVISION AT BPPR

“ We have implemented a risk-based authentication process for our Internet service channel. The system has proved to be very effective. Anti-fraud technology has provided us with a more efficient and proactive way to detect and monitor potential phishing attacks or fraudulent websites which might have a direct impact on our brand and services.”

MIGUEL MERCADO TORRES, CISO, VICE-PRESIDENT, OPERATIONAL RISK MANAGEMENT AT BPPR

As a result, BPPR searched for a brand new alternative, an MFA solution that would

enable it to meet FFIEC requirements. What’s more, it had to find this solution quickly

as the FFIEC deadline was looming.

SOLUTION

RSA Adaptive Authentication

Initially BPPR decided to deploy an MFA solution from one of its existing vendors, but

found this vendor to be extremely unresponsive. BPPR then reached out to RSA – The

Security Division of EMC, and was immediately impressed by RSA’s MFA solution, as well

as RSA’s responsiveness.

RSA Adaptive Authentication leverages risk-based authentication (RBA) technology to

identify fraud and high-risk transactions. The system is supported by the RSA Risk Engine,

which tracks more than 100 fraud indicators in order to detect suspicious activity. The

Risk Engine assigns a unique risk score to each transaction: The higher the score, the

greater the likelihood that a transaction is fraudulent.

RSA Professional Services

RSA Professional Services helped with what was a very customized implementation,

providing ongoing consultation around how the solution could be adapted to fit the

bank’s requirements. During the implementation of RSA Adaptive Authentication, BPPR

saw a dramatic increase in phishing attacks so BPPR decided to bolster security further

by signing up to RSA FraudAction anti-phishing.

RSA FraudAction & Anti-Fraud Command Center (AFCC)

RSA FraudAction anti-phishing is a proven service geared toward stopping and preventing

phishing attacks that occur in the online channel. It includes 24x7 monitoring and

detection, real-time alerts and reporting, forensics and countermeasures, and site

blocking and shutdown.

At the core of the FraudAction service is RSA’s exclusive Anti-Fraud Command Center

(AFCC). RSA’s experienced team of fraud analysts work to shut down fraudulent sites,

deploy countermeasures, and conduct extensive forensic work to stop online criminals

and prevent future attacks.

RSA SecurID

BPPR has also deployed RSA SecurID two-factor authentication to secure employee

remote access into the corporate intranet; approximately 500 RSA SecurID hardware

tokens are in use.

RSA SecurID two-factor authentication is based on something the user knows (a

password or PIN) and something the user has (an authenticator). It provides a much more

reliable level of user authentication than a user name and password, which is what the

bank had previously relied on.

Miguel Mercado Torres, CISO, Vice President, Operational Risk Management at BPPR,

said: “We were keen to upgrade our solution in light of the increase in cyber threats and

cyber fraud activity. By adding in an extra layer of security for access into the corporate

intranet, RSA SecurID authentication enables us to increase the number of people who

are able to work from home, and also enables the sales team to complete more

transactions while out in the field.”

www.rsa.com


©2011 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, FraudAction, and SecurID

are trademarks or registered trademarks of EMC Corporation in the United States and/or other countries. All other

trademarks referenced are the property of their respective owners. BPPR CP 0711

RESULTS

Since deploying RSA Adaptive Authentication, BPPR has seen a dramatic reduction in the

number of phishing attacks. As a result, customers benefit from peace of mind, knowing

that their assets are fully protected.

RSA FraudAction has greatly simplified the process of detecting, blocking, and shutting

down fraudulent sites. Previously BPPR’s internal staff handled this in-house and found

it to be a very time-consuming and costly process. What’s more, their approach was

reactive, relying on customers to inform them about issues. RSA FraudAction allows BPPR

to be more proactive, by enabling them to identify and shut down fraudulent sites before

they become a problem.

To further bolster security in the online channel, BPPR is also planning to roll out RSA

Transaction Monitoring. RSA Transaction Monitoring is typically integrated at various

points within online banking applications in order to monitor high-risk activities such

as money transfers, user profile changes, account modifications, and more.

To prevent fraudsters from setting up new customer accounts, in order to commit fraud,

BPPR is also looking to roll out RSA Identity Verification to verify the identity of callers

into its call center.

“ We were keen to upgrade our solution in light of the increase in cyber threats and fraud activity. By adding in an extra layer of security for access into the corporate intranet, RSA SecurID authentication enables us to increase the number of people who are able to work from home, and also enables the sales team to complete more transactions while out in the field.”

MIGUEL MERCADO TORRES, CISO, VICE-PRESIDENT, OPERATIONAL RISK MANAGEMENT AT BPPR


BANK OF UGANDA

Uganda’s Central Bank delivers world-class security with RSA® SecurID®

AT-A-GLANCE

Key Requirements

– Limit internal network access to authorized employees

– Secure transactions on the bank’s online payments and financial system by ensuring only trusted partners can gain access

– Ensure the bank’s IT systems comply with international financial-security standards

Solution

– RSA SecurID hardware tokens provide two-factor authentication to verify the identity of users accessing the bank’s network or online platform

– Ongoing training on the new system provided by RSA systems integrator 2MN to both internal users and banking partners in Uganda

Results

– Secure, world-class IT systems that are protected against unauthorized access attempts

– Minimal disruption to users

– Demonstrates Bank of Uganda’s commitment to ensuring its systems comply with international standards

Bank of Uganda (BoU) is the Central Bank of the Republic of Uganda. The primary purpose of the Bank is to foster price stability and a sound financial system. Together with other institutions, it also plays a pivotal role as a center of excellence in upholding macroeconomic stability.

KEY REQUIREMENTSThe Bank of Uganda is the country’s Central Bank, providing financial services to the Government and financial institutions that operate within Uganda.

As befits an institution that plays a crucial role in supporting Uganda’s economic infrastructure, securing the Bank of Uganda’s systems is a primary concern to its management team. In recent years, there has been an internal drive to enhance the security of the IT resources that underpin its operations. This has been supported by its international partners, such as the World Bank, which has worked with the Bank of Uganda to deliver a number of projects within the country.

One issue that was of particular importance to the bank was ensuring that files on its internal network could only be accessed by authorized employees. Another focal point for enhancing access security was its online payments and financial system, which is used by internal employees as well as representatives from external financial institutions to process financial transactions.

Hubert Kiyimba, an IT Security Administrator at the Bank of Uganda, said: “The bank’s online payments and financial system platform is an important part of the banking system within Uganda, and it was a priority for us to ensure it could only be accessed by the right people. As the system is used to conduct transactions by a number of external contacts, in addition to our own employees, we needed to ensure that the process of

gaining access was secure but also easy-to-follow and reliable.”

“ With RSA SecurID in place we can be confident that only authorized employees and partners are able to gain access to the Bank of Uganda’s network and online payments and financial system. Our experience with the technology over the past few years has proven it to be a reliable, trustworthy solution, and one that plays a key part in ensuring that the bank’s IT infrastructure meets the standards of the international finance community.”

HUBERT KIYIMBA, IT SECURITY ADMINISTRATOR, BANK OF UGANDA

www.emc.com/rsa


©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, and SecurID are trademarks

or registered trademarks of EMC Corporation in the United States and/or other countries. All other trademarks

referenced are the property of their respective owners. BOU CP 0312

SOLUTIONThe Bank of Uganda assessed different technologies that could help secure local and remote access to important systems and decided that a token-based system that uses two-factor authentication to provide an extra layer of security during the verification process was best-suited to its requirements.

Kiyimba said: “After evaluating the different options available and consulting independent recommendations we identified RSA SecurID as the market leader. We scheduled a meeting with 2MN, one of RSA’s integrator partners within the East Africa region, to discuss the details of the technology and how it could be integrated within our operations.

“As well as its superior security performance, another aspect of the SecurID technology that especially appealed was its compatibility with our existing financial-software environment. It was important that we found a solution that could integrate fluidly to augment our existing resources.”

After setting up a trial of the SecurID solution to determine how it would perform within its IT environment, the Bank of Uganda enlisted 2MN to oversee a roll-out involving 1,700 SecurID hardware tokens, split between internal users and those at external institutions who use the bank’s online payments and financial system.

2MN supported the deployment from start to finish, employing a holistic approach that involved it overseeing the technical logistics of integrating the SecurID solution, supporting the bank’s strategic decision-making around its efforts to enhance its security, and training users as they began to use the technology.

As the project progressed, the flexibility of the SecurID solution provided invaluable, with the bank using its API to integrate the two-factor authentication process into the proprietary software environment powering its online payments and financial system. This ensured that the introduction of the new access-control processes was seamless, minimizing disruption to users.

RESULTSSince deployment, the SecurID technology has preformed reliably for the Bank of Uganda, ensuring consistent access protection across its network and online-banking platform. One of the key features of the solution is its ability to “heal itself” in the event of any issues arising with the authentication server. If any problems are experienced, SecurID automatically deploys a back-up server, ensuring that access to the bank’s systems is not interrupted.

The process of transitioning internal and external users to the new access procedures proved problem-free. The easy-to-use nature of the SecurID token system and the training 2MN provided to Bank of Uganda employees and its partner organizations on using the technology helped ensure that their use of the bank’s platforms was unimpeded.

The implementation has helped the Bank of Uganda ensure its IT systems meet the standards of the international financial community and demonstrate its commitment to developing a world-class banking infrastructure, which could result in increased support from international finance institutions.

With the SecurID solution in place, the Bank of Uganda can be confident its systems are secured against unauthorized access. Kiyimba concluded: “SecurID provides an ideal combination of powerful, reliable protection in a package that is simple and intuitive for users. It has enabled us to significantly improve our security position without impacting the quality of the service we deliver.”

“ SecurID provides an ideal combination of powerful, reliable protection in a package that is simple and intuitive for users. It has enabled us to significantly improve our security position without impacting the quality of the service we deliver.”

HUBERT KIYIMBA, IT SECURITY ADMINISTRATOR, BANK OF UGANDA


EMC CORPORATION

Authentication solution strengtheningand centralizing security at EMC

AT-A-GLANCE

Key Requirements

– Reduce the cost and complexity of managing authentication of employees and external users of enterprise portals and business-critical IT systems

– Improve the end-user experience by minimizing the number of passwords and PINs needed

Solution

– Strong authentication software provides centrally administered access to enterprise portals with single sign-on (SSO) to multiple applications

– Two-factor authentication system offers additional layer of security

Results

– Thanks to SSO, IT security and the user experience have improved, while calls to the help desk have been reduced

– Centralized authentication is less costly and less time-consuming, improving employee productivity

EMC is one of the world’s leading providers of infrastructure information systems, software, and services, employing approximately 40,000 people around the world. Its clients range from Fortune Global 500 enterprises to start ups, across all industry sectors, including financial services, manufacturing, transportation, public services, telecommunications, and life sciences. To learn more, please visit: www.emc.com.

KEY REQUIREMENTS

EMC relies on a number of enterprise portals to share information and business processes

across its global, organizational boundaries. Online resources provide employees, partners, customers, and suppliers with 24x7 access to technical support, product information, sales resources, training services, and security updates, among other things.

The cost and complexity of managing these portals were enormous. EMC Powerlink, for example, is the front-end for over 30 applications, each of which required users to enter a separate user name and password. This was hugely inconvenient for users, who had to remember multiple passwords and often found themselves locked out of the system through the entry of incorrect information.

With over 300,000 registered users it also meant that the volume of calls to the help desk regarding password resets was very high. Given that the average help desk labor cost for a single password reset is about $70 (source: Forrester Research), the cost to the business was very high. Administration was made even more complicated by the fact that users had different levels of access and privileges.

EMC was eager to find an information-centric security solution that would centralize

authentication management to its IT systems and portals and improve the user experience.

“ Technology from our own security division, RSA, has enabled us to bolster secure access to business-critical systems and improve the sharing of information among employees, customers, partners, and suppliers across the globe. Centralized management, web single sign-on, and two-factor authentication improve productivity, as well as user experience, helping us accelerate innovation and increase competitiveness.”

HOWARD HANTMAN, STRATEGIC ARCHITECT, EMC GLOBAL SECURITY ORGANIZATION

www.rsa.com


©2003-2011 EMC Corporation. EMC, RSA, the RSA logo, and SecurID are trademarks or registered trademarks of

EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their

respective owners. EMCAUTH CP 1210

SOLUTION

To provide secure access to each of the web applications within its intranets and external

portals, EMC deployed RSA® Access Manager. This solution enables EMC to manage large

numbers of users while enforcing a centralized security policy that protects enterprise

resources from unauthorized access and makes it easier for legitimate users to do their

jobs. Rather than having to remember multiple user names and passwords, internal and

external users are now able to enter single sign-on to multiple resources.

EMC has also issued RSA SecurID® tokens to all employees and select contractors to add

an additional layer of security for access to enterprise portals as well as other corporate

applications such as SAP Enterprise Resource Planning, Microsoft Outlook Web Access, and

access into the DMZ – the zone that provides an extra layer of security between EMC’s

network and the Internet. The company has 45,000 active RSA SecurID users worldwide.

RSA SecurID offers authentication based on two factors: something the user knows,

a personally selected PIN, and something the user has, an RSA SecurID hardware or

software token. An RSA SecurID token automatically generates a new six-digit one-time

password every 60 seconds. Entering the PIN and one-time password provides a much

more reliable level of user authentication than static passwords and user names.

RSA Authentication Manager is the software engine behind the RSA SecurID system and

is used to verify authentication requests and centrally administer authentication policies

for enterprise networks. Ideal for EMC’s use, it scales to support millions of users and

protects multiple applications and resources across numerous physical sites.

RESULTS

SSO has made the EMC users’ experience more efficient and enjoyable. It has improved

employee productivity, strengthened partner relationships, and reduced the number of

incidents referred to the help desk.

Centralized administration is less time-consuming and, as a result, the process of user

authentication is less costly to the business. The overall security of the company’s IT

systems has improved, since access attempts from unauthorized users are easier to spot

and investigate. New users can be given access to multiple systems at the touch of a

button, and orphan accounts can be easily deleted.

EMC is also evaluating the benefits of RSA Federated Identity Manager, which extends

SSO beyond the enterprise to important applications, such as payroll, hosted outside the

organization.

Finally, EMC is testing various RSA SecurID software token form factors among its employees

including the RSA SecurID Toolbar, RSA SecurID Token for BlackBerry, and software tokens

that support wireless devices running the Microsoft Windows Mobile platform. Embedded

into a wireless device or laptop, RSA SecurID software tokens provide convenience by

eliminating the need for a user to carry a second device to perform two-factor authentication

and also provide efficiencies-of-scale for deployment to the global workforce.

“ The next generation of RSA Authentication Manager will make it possible to send RSA SecurID users an emergency SMS (short message service) to their registered mobile phone, should they leave their hardware token at home. This is particularly useful to improve the productivity of frequent business travelers.”

HOWARD HANTMAN, STRATEGIC ARCHITECT, EMC GLOBAL SECURITY ORGANIZATION

c u s t o m e r p r o f i l e

EMEA TElEcoMMunicATions coMpAny

EMEA Telecommunications Company uses SMS tokens to improve flexibility of two-factor authentication

At-A-GlAnce

Key Requirements

– cost-effective two-factor authentication, enabling global access to corporate network

– Highest standards of security to block unauthorized access

– rapid token distribution with high confidence in who is using the tokens

Solution

– rsA® securiD® on-demand Authenticator offers the market-leading one-time-password (otp) strong-authentication solution by sms

– 2,000 on-demand (sms) tokens issued to employees and partners

– integration with microsoft Active Directory to ensure phones used for authentication are always current

Results

– expanded two-factor authentication to partner organizations

– cut capital expenditure on tokens by 45 percent

This EMEA telecommunications company is a leading mobile service operator.

Key RequiRements The company’s data includes sensitive customer information and its systems enable mobile telephone lines to be activated or deactivated, and new services to be added on, so it is important that these systems are well protected. “security is essential to us,” said the security operations Manager. “i need to protect my customers’ data so that nobody can access it without permission or tamper with it. i have to demonstrate to my employees that they are using a secure channel. A security incident could have a huge negative impact on our company’s image.”

The company had introduced two-factor authentication to protect staff access to its network from over the internet. it was based on RsA securiD hardware tokens and software tokens, which use the computing device itself (such as a laptop) as the second authentication factor. RsA securiD is the market-leading one-time-password (oTp) strong-authentication solution, which is interoperable with over 350 third-party applications. RsA securiD is used by over 30,000 organizations, and offers software, hardware, and sMs authentication options.

“We had difficulties because people would forget their hardware tokens or misplace them,” said the security operations Manager. “The software tokens gave people the flexibility to work from anywhere, but caused problems when people forgot their laptops and wanted to work on a different machine.”

if somebody lost or forgot their token, they would have to go to the nearest company office to get access to the corporate iT infrastructure, which resulted in lost productivity. “Distributing hardware tokens was a challenge,” said the security operations Manager. “How do you quickly get a token to someone who is 700km away?”

There was also a significant investment associated with hardware tokens. The security operations Manager estimates that between 15 percent and 20 percent of tokens were lost each year, and all the tokens needed to be replaced every few years.

“ rsA made my dream come true. they reduced the risks i had with the tokens, enabled me to get better usage of my internal resources, and cut my cApex. i trust rsA because they have never let me down.”

sEcuRiTy opERATions MAnAgER, EMEA TElEcoMMunicATions coMpAny

www.emc.com/rsa

contAct usTo learn more about how RsA products, services, and solutions help solve your business and iT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa.

©2012 EMc corporation. All rights reserved. EMc, the EMc logo, RsA, the RsA logo, and securiD are the property of

EMc corporation in the united states and/or other countries. EMEA TEl cp 1012

“it was hard to be confident in the identity of somebody using a hardware token,” said the security operations Manager. “people could give their token and username to a friend. With hardware tokens, we couldn’t quite be sure whether it might be the authorized user, someone else in the company, or a hacker who was using a stolen token.”

The company required a more cost-effective two-factor authentication solution, which enabled rapid distribution of tokens and provided the highest standards of security for its valuable corporate data. it also needed a solution that would give it greater confidence in who was using the token.

solutionThe company deployed the RsA securiD on-demand Authenticator and 2,000 on-demand tokens, issued using an sMs message sent to the user’s mobile phone. The solution was integrated with Microsoft Active Directory, so that it can use the mobile phone number the company has on file for the user. As a result, the authentication system is always up-to-date with the latest mobile phone numbers. The solution has solved the problem of distributing tokens, because they can be instantly sent to the user’s mobile phone.

if the user loses his or her mobile phone, the company can reallocate the sMs token to the replacement phone without incurring additional licensing or purchase costs.

“With mobile, i can be sure about who has received the message,” said the security operations Manager. “i know who the mobile phone belongs to, and have a high degree of confidence in who is using it. With hardware tokens, somebody might leave the company and give their token to a colleague. That doesn’t happen with phones.”

RsA professional services deployed the solution and integrated it with the company’s sMs gateway for issuing the on-demand tokens. “The RsA professional services team completed the deployment quickly and on time,” said the security operations Manager. “We are the first mobile operator in the region to use this solution and they made my dream come true. They reduced the risks i had with the tokens, enabled me to get better usage of my internal resources, and cut my cApEx. RsA has never let me down.”

ResultsThe ease of token distribution has enabled the company to expand the pool of users issued with a secure token. The company has technical support suppliers located in Europe and the u.s. and previously it was not viable to ship tokens or install software on their computers. now, the company has issued an sMs token to over 120 of its 200 support suppliers. “it enables our suppliers to support our company more flexibly,” said the security operations Manager. The company has also provided its retail partners with secure access to its systems using sMs tokens, something which was not viable before.

“The on-demand tokens have realized our vision for supporting more people,” said the security operations Manager. “We were limited before, because our partners would have to request a temporary username and password to access our systems, and they might need access at 2:00 A.M. our time. now i have resolved my administrative headache.”

The company has cut its capital expenditure on tokens by 45 percent without increasing its operating expenditure.

The company has also been able to increase productivity, because people do not need to use a particular computer to authenticate, and do not have a hardware token to lose. They can work from any computer, using their mobile phones to carry out a two-factor authentication.

“ the on-demand tokens have realized our vision for supporting more people. We were limited before, because our partners would have to request a temporary username and password to access our systems, and they might need access at 2:00 A.m. our time. now i have resolved my administrative headache.”

sEcuRiTy opERATions MAnAgER, EMEA TElEcoMMunicATions coMpAny


INTERNATIONAL COMPUTERWARE

IT Consultancy shows customers the way with secure desktop virtualization

AT-A-GLANCE

Key Requirements

– Set an example of IT innovation for customers

– Support mobile working flexibility and simplify PC fleet maintenance

– Prevent sensitive data leakage from virtual desktops

– Monitor and enforce access to virtual desktops while collecting logs and reports to ensure compliance

Solution

– Implement new VMware PC-over-IP virtual desktop protocol and VMware View

– Test and integrate with existing security resources to ensure user authentication for remote users

– Extend existing Data Loss Prevention (DLP) platform to virtual desktops to monitor and regulate user activity

– Collect and analyze security events from virtual desktop environment, and correlate with non-virtual infrastructure logs for compliance monitoring and reporting

Results

– Virtual desktops already rolled out to 60 most mobile workers

– Environment now fully compliant with security requirements

– Significant cost savings, such as $95,000 on resource allocation for desktop support

As a global IT consultancy, International Computerware Inc. (ICI) combines industry knowledge, functional experience and technology skills to help its clients grow and create extraordinary value. It has delivered innovative, high quality IT expertise and services to its customers for over 20 years.

KEY REQUIREMENTS For IT consultancies, knowing about the best technology and being able to make use of it in the most effective way, is essential in driving customer satisfaction and business success. ICI recognizes this, and is dedicated to making sure the company itself is an example of IT best practice in action.

The company uses industry-leading technologies such as the RSA enVision® platform, RSA SecurID® soft tokens, and RSA® Data Loss Prevention Suite from RSA, The Security Division of EMC, and VMware virtualization software to ensure it stays at the forefront of technological expertise.

However, there are always opportunities for further innovation, and for ICI, this came in the form of desktop virtualization. Jamie Shepard, Executive Vice President, Technology Solutions, ICI, explains: “We already had a strong virtual platform for our datacenter, supporting SQL and Sharepoint environments. The next step was to virtualize our desktop PCs as well to enable mobile employees to log on to their virtual desktops securely from any location, even if their own laptop is broken.”

ICI also wanted to monitor and enforce access to virtual desktops while preventing leakage of sensitive data to ensure compliance with Massachusetts directives. In this way, it planned to make administration of its PC fleet simpler for the IT team, as well as

making life easier for remote workers.

“ Being able to securely access any machine from anywhere and at any time with virtualization significantly accelerates the resolution of any issues and helps keep employees productive. At the same time we know we can immediately pinpoint and block any suspicious activity around sensitive data on our network and we’re saving about $95,000 on resource allocation for desktop support per year.”

JAMIE SHEPARD, EXECUTIVE VICE PRESIDENT, TECHNOLOGY SOLUTIONS, INTERNATIONAL COMPUTERWARE INC.

www.rsa.com


©2010 EMC Corporation. All rights reserved. EMC, RSA, RSA Security, the RSA logo, RSA enVision and RSA Data

Loss Prevention Suite are the property of EMC Corporation in the United States and/or other countries. All other

trademarks referenced are the property of their respective owners. ICI CP 0910

SOLUTION

In order to meet this new challenge, ICI decided to build on its existing virtualization and

security resources. “We knew that the combination of VMware and RSA technologies we

had in place was a good one,” recalls Shepard. “So it was a case of extending those

resources to our PCs as well as our datacenter.”

Bringing these secure virtualized capabilities to its PCs meant ICI needed to deploy VMware’s

PC-over-IP protocol. It chose to run a proof of concept (PoC) of this new feature in order to

ensure the virtualized desktops would work effectively with its RSA security environment.

“We set up two users – one from sales and one from engineering – with virtual

desktops,” says Shepard. “Both were regular mobile workers, so they were part of the

group that we expect to benefit the most from this virtualization project. They have very

different use cases but both require reliable accessibility and availability.”

Feedback from the PoC users was positive, showing that the virtual desktop PC model

stops remote workers suffering from latency caused by physical PCs connecting to servers

in far-off datacenters.

Following the successful PoC, the virtual desktop environment was rolled out to all mobile

users in the first virtualization group. These employees use a variety of devices, from

laptops and desktop PCs to Apple iPads. The virtual environment was then integrated

with ICI’s existing DLP environment, which, Shepard found, was very simple: “The virtual

desktop, from the DLP solution’s point of view, is no different than any other virtual

machine, so it can discover sensitive information, detect inappropriate or unauthorized

activity, and lock it down in an instant.”

The company is now working on integrating additional security features such as RSA SecurID

for user authentication, to enforce secure access for virtual desktop infrastructure (VDI)

users in the VMware infrastructure. It also plans to integrate its RSA enVision platform with

the virtual desktop environment to monitor end user and administrator activities.

RESULTS

With the initial round of deployment complete, ICI now has 60 virtual desktop users

across the sales and engineering departments. It plans to extend its virtual user base

across the rest of the engineering team and administrators in the coming months. “Being

able to use virtual desktops for activities like training will make information sharing much

simpler and more efficient for us,” comments Shepard.

He continues: “The biggest saving for us is the reduction in administrative headaches

that the virtual fleet enables. Being able to securely access any machine from anywhere

and at any time significantly accelerates the resolution of any issues and helps keep

employees productive. At the same time we know we can immediately pinpoint and block

any suspicious activity around sensitive data on our network.” For example, a user

logging onto his virtual desktop from a customer site will still be covered by the DLP

platform and alerted should he attempt any unauthorized action, such as saving

protected data onto a USB stick.

In addition to setting the standard for its customers with this initiative, ICI is seeing an

impact on its bottom line. “We’re saving about $45,000 per year in desktop PC refreshes

through virtualization,” says Shepard, “and about $95,000 on resource allocation for

desktop support. On top of that we are now fully compliant.”

“ We’re saving about $45,000 per year in desktop PC refreshes through virtualization. On top of that we are now fully compliant.”

JAMIE SHEPARD, EXECUTIVE VICE PRESIDENT, TECHNOLOGY SOLUTIONS, INTERNATIONAL COMPUTERWARE INC.


KPMG LLP

Firm drives compliance with RSA® Archer™ eGRC Suite

AT-A-GLANCE

Key Requirements

– Common platform for all eGRC activities to enhance accuracy and efficiency of compliance efforts

– Easily deployable solution for fast time to value and rapid response to own and client demands

– Clear, flexible management and reporting capabilities to satisfy business unit and other stakeholders

Solution

– RSA Archer eGRC Suite modules provide single platform for ITS (Information Technology Services) policy development, management, and monitoring

– Automated tracking of remediation activities streamlines and solidifies compliance stature

– Flexible dashboard and reports deliver information to management in digestible format

Results

– Quick, comprehensive response to requirement to comply with NIST 800-53 directive won new business

– Business and clients are reassured by ability to provide fast and comprehensive responses to their requests using online policy center

– Risk of inadvertent regulation breaches is minimized with tighter, automated compliance controls

Formed in 1987, KPMG LLP provides audit, tax, and advisory services and industry insight to help organizations negotiate risks and perform in dynamic and challenging business environments. KPMG LLP is the U.S. member firm of KPMG International whose firms have a total of 140,000 professionals, including more than 7,900 partners, in 146 countries.

KEY REQUIREMENTS

The services that KPMG offers vary hugely, with each project tailored to the specific needs

of the client in question to deliver impactful results. Despite this variety of activity, the

organization’s focus on quality remains constant. Part of providing high-quality service

means anticipating and meeting its legal, regulatory, and client requirements.

With many clients in highly regulated industries such as finance and healthcare, a key

priority for any business initiative or IT project is ensuring compliance with relevant

industry regulations – from Sarbanes-Oxley (SOX) to the Health Insurance Portability and

Accountability Act (HIPAA). KPMG must therefore demonstrate its ability to easily and

rapidly meet these and other enterprise Governance, Risk, and Compliance (eGRC)

demands when undertaking client projects.

This challenge is not a new one, and the company has long had policies in place to meet

its own and clients’ requirements. However, these policies were stored in various

repositories across the ITS organization, meaning it was difficult to map policies to new

standards. Irina Giller, Director, ITS Policy and Governance, KPMG, heads up the team

responsible for ITS policies and compliance. She explains: “We were unable to easily

confirm whether or not we could comply with a new client request using an existing

policy, so there was a lot of manual work involved every time – even after we created a

more centralized repository using available tools.”

“ To enable our IT governance program, we decided that investment in the GRC platform was needed in addition to defining necessary processes. The GRC technology helps us to achieve alignment of controls with policies. It accelerates the definition, management, measurement, and reporting of IT-related controls through the mapping to regulatory mandates, managing remediation tracking and policy exceptions, and reporting on them to our ITS executive management.”

IRINA GILLER, DIRECTOR, ITS POLICY AND GOVERNANCE, KPMG

KPMG needed a common eGRC platform with a fully centralized policy repository to

both publish policies and map them to authoritative sources while maintaining a

comprehensive overview of its eGRC capabilities. Flexibility was also important to

ensure that KPMG could set, operate, and report on its own policies and processes

where required to satisfy a variety of legal, regulatory, and client requirements.

SOLUTION

KPMG considered leading GRC platforms against its IT governance requirements and

selected the eGRC solutions from RSA Archer. It also received feedback from KPMG’s

Client Delivery team on RSA Archer capabilities as they worked with RSA Archer on

various client projects.

“We needed a solution that would enable us to publish and search all policies from a

central point,” says Giller. “It was also important to have granular access controls to

make sure that policies and control standards could be accessed by all KPMG partners,

employees, and other authorized parties while baseline technical controls and

specifications could only be accessed by the central ITS organization. Lastly, we

needed the ability to map policies based on authoritative sources.”

Giller and her team addressed these requirements by deploying the Policy Management

and Compliance Management modules of the RSA Archer eGRC Suite. These solutions

enable KPMG to ensure comprehensive management of its policies, and any exceptions,

as well as remediation tracking for compliance.

“With this solution, which includes a number of internal processes and the eGRC tool, we

can carry out self-assessments to identify any gaps in our compliance stance, then easily

work in amends to our policies to ensure we’re covered,” comments Giller. “Likewise, if a

client has a new compliance requirement or wants to review our capabilities, it’s easy for

us to show them online how our processes measure up against their expectations and

make any necessary enhancements in an efficient manner.”

Implementation was carried out by KPMG’s ITS Policy and Governance team, following

brainstorming sessions with KPMG’s Advisory team to develop a roadmap for rollout of

RSA Archer modules. A consultant from RSA Archer was on site to help manage the

implementation of both modules, and RSA also provided training to KPMG’s development

and support groups. This equipped them with the knowledge necessary to manage the

new eGRC platform themselves.

RSA provided Professional Services support by assisting KPMG in deploying the solutions

out of the box and then customizing the Policy Management module to build in the

required notification processes. It also helped customize and map the compliance and

remediation-tracking aspects of the Compliance Management module to fit with KPMG’s

planned usage model.

RESULTS

The first test for the new platform came shortly after deployment, when a new client

project required KPMG to affirm and where necessary enhance its policies and

procedures in alignment with the National Institute of Standards (NIST) 800-53 directive,

which impacts data hosting for government organizations. KPMG won this new client’s

business by building a hosting environment in compliance with the directive. Enabled

by RSA Archer, KPMG mapped the requirements to its internal policies and procedures,

performed gap analysis, and, where necessary, developed and published additional

policies, procedures, and technical baselines, all in a reasonable timeframe.

Having a centralized and automated online eGRC solution has simplified many tasks

for Giller’s small team. “Previously, client audits necessitated the printing out and

processing of reams of paper documentation,” says Giller, “which was time-consuming

and unscalable. Now all the information we need is there on the system, so it’s much

“ Clients are reassured by our commitment to meeting their needs, especially when they come in to conduct on-site reviews and we navigate them through our online policy center.”

IRINA GILLER, DIRECTOR, ITS POLICY AND GOVERNANCE, KPMG

www.rsa.com


easier and quicker for us to find the policy or control standard we’re looking for. Not only

has this accelerated our own ability to meet requests for information, but clients are

reassured by our commitment to meeting their needs, especially when they come in

to conduct on-site reviews and we navigate them through our online policy center.”

Managing IT policy exceptions is another area where the team has seen a marked

improvement. The RSA Archer solution issues automatic alerts to KPMG’s ITS Policy

Review Board whenever an exception is submitted for review and approval, or is due to

expire. The board can then notify the individual of its decision to allow a time-limited

exception where business justification warrants it and adequate compensating controls

are in place, or direct individuals to either take the necessary steps to become compliant

or remove the incompliant situation from the network. “This model means we have

tighter control over our compliance capabilities and are able to reduce the risk of any

inadvertent breaches of regulations,” says Giller.

©2011 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, and Archer are trademarks or registered trademarks

of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their

respective owners. KPMG CP 1011


LAIT (LAZIO INNOVAZIONE TECNOLOGICA)

Secure remote access enables Lazio’s regional health authority to implement a new Web-based booking service

AT-A-GLANCE

Key Requirements

– Provide end-user self service for convenience and reduced administrative time

– Guarantee all the pharmacies in Regione Lazio total secure access to the booking system for specialised medical services

– Protect sensitive data, while keeping costs down

Solution

– Two-factor authentication used to manage secure assess into the medical service booking system

– A Virtual Private Network Secure Socket Layer (VPN SSL) implementation allows secure connection to LAit’s data centre across the Internet

Results

– Provides secure access to the outpatient booking service supplied by National Health Service

– Thanks to strong authentication, the Recup System has reduced management costs by 70%

– Unifies password management, consolidates authentication management, and collects logs to aid compliance

Since 2001 LAit has worked closely with Regione Lazio in Italy to govern the automation of regional public services. LAit designs, develops and manages Regione Lazio’s IT systems to spur the development of the Information Society, and lay the foundations for the growth of digital administration. To find out more, visit www.laitspa.it/laitweb/

KEY REQUIREMENTS

A number of solutions (Firewall, Proxy and VPN) from some of the leading vendors in the

market guarantee Regione Lazio’s data centre perimeter information security. These

solutions are able to provide IT system protection as they grant access only to authorised

users, under conditions well profiled, predefined, and in a controlled manner.

Using this process LAit securely publishes Web sites and Web portals for public services

(such as the regional Web site, health system portal, agriculture portal and tender

process system); email services; and data transfer systems. For special technical/

operational purposes it allows privileged access using Virtual Private Networks controlled

by strong authentication devices.

The Farmarecup project is a great example of this. Farmarecup was promoted by the

regional department for the protection of consumers’ interests to simplify public

administration. Currently it connects more than 170 pharmacies in Lazio to Recup — the

booking system for specialised medical services. LAit plans to extend Farmarecup to all

pharmacies in the region, providing end user self service for convenience and reduced

administrative time.

This Web-based application, through Recup, gives access to the outpatient booking

service supplied by National Health Service. Thanks to two-factor authentication, the

Recup System has reduced management costs by 70%.

“ Secure remote access and collaboration has enabled us to accelerate the process for booking medical appointments and exams, providing more efficient public services to Regione Lazio’s citizens. What’s more, thanks to two-factor authentication we have reduced management costs by 70%.”

REGINO BRACHETTI, PRESIDENT OF LAIT S.P.A.

www.rsa.com


RSA and the RSA logo are registered trademarks or trademarks of RSA Security Inc. in the U.S. and/or other

countries. EMC is a trademark of EMC Corporation All other trademarks mentioned herein are the property of their

respective owners. ©2003-2010 RSA Security Inc. All rights reserved. LAIT CP 1010

SOLUTION

LAit professionals faced two challenges: guarantee a total secure access to the

application, and, at the same time, keep costs as low as possible. This is the reason

why they rejected a dedicated connection in favour of an Internet-based solution.

LAit evaluated the different solutions available on the market.

“We evaluated the performance of the systems in real-life scenarios,” explained Vittorio

Gallinella, Technical Director of LAit S.p.a. “This was necessary to verify the compatibility

and integration with LAit’s systems, as well as ease of installation. Moreover, it was

important to evaluate the software features for managing the solutions, in order to select

the one that is easy to configure and manage, so we can keep down daily management

operating costs.”

In the end, LAit chose to deploy a two-factor authentication solution from RSA, the

Security Division of EMC. RSA SecurID® two-factor authentication is based on something

the user knows (a password or PIN) and something the user has (an authenticator

displaying a password that changes every 60 seconds), providing a much more reliable

level of user authentication than reusable passwords.

“Two-factor authentication was both highly secure and reliable, while the RSA solution is

a proven one-time password technology protecting over 30,000 organisations. Lazio

prides itself by applying innovative systems to provide more efficient public services to

its citizens,” added president Brachetti. The integration between the LAit network and the

security infrastructure has been delivered quickly and without issues, as well as the

integration with the booking application.

RESULTS

“The solution is very intuitive, particularly from user’s point of view. Token utilisation is

widespread in Italy, therefore many end users can immediately take advantage of this

solution. The application is very easy to use although for those who may need some

support LAit has set up a customer care service,” said Alessandro Cimalacqua,

responsible for network operations at LAit.

Thanks to two-factor authentication, LAit has succeeded in giving access across the

Internet to the medical appointments and exams booking service, ensuring the high

security level needed for sensitive data confidentiality. The use of the VPN SSL and strong

authentication enables LAit to utilise connectivity that pharmacies already have, so there

are no additional costs for Regione Lazio.

“We above all recognise the versatility of RSA SecurID, besides the simplicity of

installation, management and use. Because of these characteristics we have adopted this

solution for other purposes too, in particular providing remote access to a number of

services for some Directorates and Departments, for system management, and to give

access to some resources. The solution enables us to unify password management and

consolidate authentication management with a unique tool,” Gallinella stated.

“ Thanks to two-factor authentication, the Recup System reduces outpatient booking service management costs by 70%. Web application broadens the service, satisfying Regione Lazio’s policies that aim for health service enhancements. I believe that our technology choice demonstrates that LAit professionals are doing a very good job in modernising the Lazio IT system.”

REGINO BRACHETTI, PRESIDENT OF LAIT S.P.A.


MOFFITT CANCER CENTER

Moffitt Cancer Center enhances patient satisfaction and scientific research

AT-A-GLANCE

Key Requirements

– Reduce complexity for patients to securely access medical and treatment data

– Real-time fraud/threat detection with minimal impact to user experience

Solution

– Authentication solution enables easier and more secure patient and researcher access

– Simple login enables patients to access data at their convenience

Results

– 80 percent decrease in reported password-related issues

– Fewer issues allow IT staff to support other needs

– Researchers share patient information securely with colleagues anywhere

– Organization plans to expand use of security technologies

H. Lee Moffitt Cancer Center & Research Institute is internationally recognized for its translational research. Located in Tampa, Florida, it holds the distinction of being a National Cancer Institute-designated Comprehensive Cancer Center. It is one of the largest cancer centers in the U.S., recording more than 289,000 outpatient visits a year.

KEY REQUIREMENTS

Moffitt Cancer Center’s Total Cancer Care is a comprehensive approach that enables

caregivers and researchers to identify and meet all the needs of a patient and their family

during the patient’s lifetime and for future generations. To conduct successful research,

the Cancer Center needs access to as much data as possible about the disease and the

patient. The Total Cancer Care protocol solicits medical and treatment details from willing

patients for use by scientists and to match patients to appropriate clinical trials.

Historically, when registering for an appointment, participating patients were given a tablet

PC to input their details into the specially created portal. While many patients were willing

to take part in the initiative, it could sometimes take up to two hours to input their details.

Donald Wasylyna, Manager, Information Security, explains: “We needed to make it easier

for patients to sign up for Total Cancer Care and allow them to participate from home so

they could complete the questionnaires at their convenience.”

The center needed an accurate, real-time fraud/threat detection system that would

simplify user experience while increasing protection against emerging threats.

“ Moffitt Cancer Center patients have access to their medical records with a new patient portal, which also links to a database that collects information for Total Cancer Care™, a unique clinical trial aimed at personalizing treatment. Security and access issues are complex. RSA® Adaptive Authentication provides patients with appropriate access to information, while reducing user complaints by 80 percent.”

DONALD WASYLYNA, MANAGER, INFORMATION SECURITY, MOFFITT CANCER CENTER

www.rsa.com


©2011 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, enVision, and SecurID are trademarks or registered

trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property

of their respective holders. MCC CP 0211

SOLUTION

The organization was already a customer of RSA – The Security Division of EMC – using

about 1,200 RSA SecurID® hardware and software tokens to provide select staff with

remote access to its VPN. The team decided to investigate solutions that RSA could

provide for the challenges that Total Cancer Care presented.

Moffitt needed a solution that would integrate seamlessly with its existing infrastructure

and be extremely user-friendly. “We looked at a number of vendors and carried out

extensive research over 18 months,” recalls Wasylyna. “In the end, though, it was clear

that the best fit for us was a risk-based user-authentication solution based on RSA

Adaptive Authentication. It provides the simple integration we sought and has excellent

usability, ensuring all of our patients would be able to work with it from home.”

Shortly after launching the portal, Moffitt Cancer Center incorporated a number of other

features, such as appointment scheduling and bill payment, to further enhance the

patient experience. It then extended use of RSA Adaptive Authentication to its

collaboration and research portal, which is used by scientists on-site to work on projects

with colleagues based across the country and abroad. “Users of this portal often need to

share confidential patient information as part of their research, and the strong protection

provided by the RSA solution means we can be sure that only the right people are able to

access it,” Wasylyna says.

RESULTS

Introducing the new remote access model for the portal had an immediate effect.

“Password-related issues reported by patients participating in Total Cancer Care went

down by more than 80 percent just by removing the password complexity requirements

and adding Adaptive Authentication,” says Wasylyna. “This has reduced our support

requirements so that we can support other endeavors contributing to the prevention and

cure of cancer.”

Impressed with the results it has seen from using Adaptive Authentication, Moffitt Cancer

Center is now deploying more of the technology suite. Wasylyna comments: “We will be

using RSA Certificate Manager to authenticate about 1,000 mobile devices that are used

around the hospital and also are planning to deploy RSA enVision® to provide security

information and event management across our entire network.”

“ It was clear that the best fit for us was a risk-based user authentication solution based on RSA Adaptive Authentication. It provides the simple integration we were seeking and has excellent usability, ensuring all of our patients are able to access it from home.”

DONALD WASYLYNA, MANAGER, INFORMATION SECURITY, MOFFITT CANCER CENTER


NTT COM ASIA

Leading ICT Services firm delivers more secure solutions to customers with RSA® SecurID®

AT-A-GLANCE

Key Requirements

– Deliver strong authentication system to protect confidential information

– Offer high availability to enable remote access, 24x7

Solution

– Two-step authentication with RSA SecurID solution

– Provides efficient, remote access to confidential information

Results

– Increased security

– Reliable solution increases customer confidence and builds trust

– Real-time technical support increases productivity

– Experienced support team provides the basis for a long-term partnership

Founded in Hong Kong in 1999, NTT Com Asia Limited is a wholly owned subsidiary of NTT Communications, the international and long distance arm of NTT (Nippon Telegraph and Telephone Corporation). NTT Com Asia serves as the key arm of NTT Communications’ Asia operations. Leveraging the NTT Communications Global infrastructure, NTT Com Asia delivers end-to-end global network & IT solutions for multinational corporations including IP connectivity, data center, cloud hosting, cloud applications, managed services and integrated solutions. Today NTT Com Asia and its affiliate HKNet Company Limited employ over 300 professionals to support global enterprises to accelerate growth in the Asian market. To learn more about NTT Com Asia visit www.ntt.com.hk.

KEY REQUIREMENTS

Information is a precious commodity in any business, and the sharing of information has

always represented a potential security risk. For large organizations it is essential that

only the right people have access to the information.

In order to meet stringent customer requirements in the financial-services industry, NTT

Com Asia needed to offer a strong authentication system to help protect confidential

customer information as well as ensure that customer organizations meet compliance

with local financial regulations. The solution also needed to offer high availability in

order for users to log in to their organizations’ systems remotely, 24x7.

Jonathan Wong, NTT Com Asia, says, “The goal of the project was to provide a system that

enabled mobile workers at our customer sites to access sensitive information stored on

their internal servers from a remote location, whenever they needed it. The process had

to be secure, but also needed to be simple enough to implement to a potential workforce

of hundreds or thousands.”

“ Since we deployed RSA SecurID, the feedback from our customers has been very positive. The key theme coming through is reliability. Our customers trust the solution to deliver against their security requirements.”

JONATHAN WONG, DIRECTOR SERVICE MANAGEMENT AND OPERATIONS, NTT COM ASIA

SOLUTION

NTT Com Asia deployed RSA SecurID – a security product from RSA, The Security Division

of EMC. The RSA solution offers customers a secure two-factor authentication process.

RSA SecurID two-factor authentication is based on something each user knows (a

password or PIN) and something they have, for example an authentication security token.

The token generates authentication codes at fixed intervals using a built-in clock and the

token’s encoded factory key. This key is different in every token and is loaded into the

corresponding RSA SecurID server known as RSA Authentication Manager. Using a two-

step authentication process, dramatically increases security.

As the developer of the RSA SecurID solution, RSA delivers regular solution upgrades and

ongoing improvements for customers. NTT Com Asia shared their user experience and

suggested areas of improvement with RSA; the development team at RSA took the

initiative and provided NTT Com Asia with an improved solution to meet their needs.

Furthermore, NTT Com Asia was given the opportunity to use a simulation environment

to test out RSA SecurID Service Pack 4–the latest edition of the solution. Wong was

impressed with the solution and the support he received. He says, “Throughout the

testing period, the RSA team were available to answer any queries we had with the

solution.” He adds, “Thanks to RSA we were able to test all of the functionality of the new

system before making any decisions about the upgrade. The results of the test period

were positive and we took the decision to roll out the RSA SecurID solution, with the

support of RSA Support Services.”

In terms of support services, NTT Com Asia takes advantage of a wide team of resources

including a Support Engineer, an Escalation Manager, and a Technical Account Manager.

The team, spearheaded by the Technical Account Manager, deliver the services as a

single function.

Wong comments, “RSA were one of the best solution providers in the region that could

deliver against the security requirements set by our customers. It was an easy decision

for us to select RSA as our partner in this project”.

RESULTS

Having chosen the RSA SecurID solution, NTT Com Asia is pleased to have successfully

rolled out the solution to its clients with a number of benefits.

Increased security of remote access with RSA SecurID two-step authentication method

Thanks to the trusted two-step authentication method, NTT Com Asia customers have the

peace of mind that important, confidential documentation and applications are secure

from outsider access, helping organizations meet compliance regulations set by local

authorities.

In addition, NTT Com Asia customers now have the freedom to access secure information

from any location and at any time. This enables staff to be more productive when working

remotely.

Reliable solution increases customer confidence and builds trust

According to Wong, the RSA solution enables NTT Com Asia to deliver best-of-breed

solutions to their customers and helps the business to further strengthen existing

relationships with their customers.

Wong comments, “Since we deployed RSA SecurID, the feedback from our customers has

been very positive. The key theme coming through is reliability. Our customers trust the

solution to deliver against their security requirements.”

“ The RSA Support team really go the extra mile for us – including working weekends or at odd hours of the day in order to help us achieve our goals.”

JONATHAN WONG, DIRECTOR SERVICE MANAGEMENT AND OPERATIONS, NTT COM ASIA

www.emc.com/rsa


Real-time technical support increases productivity

The RSA solution is supported by RSA Support Services, which is available 24 hours a

day, seven days a week. If at any point the NTT Com Asia team have a query or issue that

they need to resolve, they simply contact RSA Support for a resolution. Wong believes

that having one point of contact is key to this process. Wong says, “It is reassuring to

know that if we run into any issues we just need to make a single phone call and we

can resolve the issue immediately. It is a simple and effective support function.”

As a result, the IT team at NTT Com Asia spends very little time maintaining the system

and instead focuses their efforts on delivering IT solutions and services that meet the

needs of their customers.

Experienced, knowledgeable support team provides the basis for a long-term partnership

NTT Com Asia is pleased with the excellence of RSA’s service. Wong comments, “The RSA

Support team really go the extra mile for us – including working weekends or at odd

hours of the day in order to help us achieve our goals.” He adds, “Support services are

extremely important to us as a global ICT solution provider, as we demand high-quality

service upgrades with minimal inconvenience for our customers. RSA deliver against

these requirements.”

Prior to the upgrade from RSA SecurID Service Pack 2 to Service Pack 4, the RSA Support

team added value by meeting NTT Com Asia’s additional requirement to deliver a

simulation platform, which enables NTT Com Asia to experience and practise the upgrade

process. By simulating the upgrade, the NTT Com Asia team were able to ensure the

process was error-free.

Wong has been impressed with the expertise and professionalism shown by the Support

team during the post-sales process. Wong comments, “The RSA team are experienced,

knowledgeable, but more importantly they understand our business – this is key.”

Wong concludes, “RSA are a reliable and trusted security partner for NTT Com Asia, and

we value their continued support. We fully intend to build on this relationship moving

forwards as we seek to deliver new and innovative solutions to our customers.”

©2012 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, and SecurID are trademarks or registered

trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the

property of their respective owners. NTT CP 0512


NYNET

Helping North Yorkshire County Council (NYCC) Stay Connected

AT-A-GLANCE

Key Requirements

– Secure the authentication process for reliable remote access to services

– Ensure network availability across one of the country’s most remote rural regions

– Maintain business continuity to guarantee provision of services

– Enable employees to work flexibly across multiple sites and from home as necessary

Solution

– Sophisticated broadband solution

– Seamless deployment of one-time password (OTP) hardware authenticators

– Burst license arrangement guaranteeing high level of service while containing costs

Results

– Deployment of shared infrastructure services for public-sector bodies

– Maintain the highest levels of security for sensitive data

– Scalability of solution delivers substantial cost savings and efficiency gains

– Enablement of 200 employees to work from home through heavy snowfall

NYnet provides connectivity and managed services to the majority of public-sector organizations in North Yorkshire. Serving over 750 Public Sector and Health Service sites, NYnet’s high availability broadband network delivers fast, secure, and reliable access to data, applications, and Internet resources across England’s largest county.

KEY REQUIREMENTS

As a leading communications-network provider, NYnet provides connectivity to over 750

Public Sector sites and business parks across England’s largest county. One of its largest

customers, NYCC, is particularly dependent on online availability and NYnet was eager to

help it to maintain 24x7 services to the public.

NYCC had experienced serious problems with its previous remote access technology, both

with the availability of its authentication infrastructure and the quality of service provided

by the service desk in the event of authentication-token reset requests.

Business continuity was a top priority. The Council needed to guarantee critical services,

such as Children’s Services, all year round, even when facing challenges, such as adverse

weather conditions, that would prevent employees from getting to Council sites.

NYCC required secure remote authentication for users in isolated locations. This was

particularly important given the government’s emphasis on enabling home working

for employees, and the Council’s necessity to realize cost savings through reduction

of office space.

Increasing reliability was also important as NYCC workers rely upon authentication tokens

to be able to work consistently to deliver key services.

“ The secure remote-access solution accelerated the take-up of home working for NYCC enabling 200 Council employees to continue to provide much-needed frontline services to the community during unprecedented heavy snowfalls in the latter months of 2010.”

ANDREW FAWCETT, HEAD OF PRODUCT DEVELOPMENT, NYNET

www.rsa.com




property of their respective holders. NYNET CP 0911

SOLUTION

NYnet turned to business solutions provider ANS Group; a solution was created that

combined technologies from Cisco and RSA to meet NYnet’s requirements.

Cisco ASA 45/40 access switches were used to create a VPN between the end-users

and the core network. These load-balanced switches, with intrusion protection, ensure

network availability. Working with NYnet, ANS set up radio masts to enable wireless

connectivity and better throughput for the region.

RSA® SecurID® two-factor authentication hardware authenticators were rolled out to over

800 users at NYCC. Forty percent of these users work in Children’s Services with the

remaining 60 percent split between Financial Services, Environment Services, Adult and

Community Services, and the Chief Executive’s office.

By providing a two-factor authentication solution using the combination of a user name

and password, and a once-only unique number, the RSA SecurID authenticators offered

NYCC both flexibility and security. The deployment of the authenticators was seamless

as they were closely integrated with the organization’s login system.

The new system allows all users to experience standardized access to their systems

regardless of the platform used.

NYnet opted for the ANS SysCare Managed Service, meaning that responsibility for

monitoring of the network, its security, and its upkeep has been outsourced to ANS

Group. This has produced both financial and time savings for NYnet, with SLAs that

guarantee an improvement in uptime and reliability.

The Managed Services package also provides the benefit of a burst license arrangement that

enables NYnet to rapidly increase the number of user licenses it has access to without

buying permanent licenses. This ensures that in the rare event that a major incident results

in employees not being able to get to the office, NYnet can still guarantee that security

policies requiring RSA SecurID strong authentication for remote access will still be enforced.

Feedback from all employees is that the authenticators are simple to use and fully

reliable. The solution is used to provide secure remote access for NYCC employees

working either from home, on the road, or across multiple sites.

RESULTS

The solution that ANS developed brought about significant cost savings for NYCC by

enabling cost-effective shared services across public-sector bodies in the region. By opting

for the Cisco and RSA solution, NYCC was able to realize a saving of £80,000 over five years.

The new solution has enabled NYnet to respond to the increasing public-sector demand

for shared-infrastructure solutions. The scalability of the authentication solution means

that NYnet can offer a cost-effective platform to meet all of its customers’ needs. The

potential to roll out the solution to other public-sector bodies in North Yorkshire, such as

Primary Care Trusts (PCTs) and North Yorkshire Police, thus generating additional revenue

streams, is a significant benefit to NYnet.

The flexible home working that the secure remote access enabled not only brought about

financial benefits, but also enabled NYCC to provide much-needed frontline services to

the community during heavy snowfalls in the latter months of 2010.

With the network now managed by ANS SysCare, NYCC benefits from improved reliability

and the cost and time savings of having outsourced the management of the network.

“ Without this solution, County workers would have been unable to work during the recent snows and this would have resulted in a huge loss of output for several days. I myself was unable to get into work during those days but was able to put in a full day of work.”

GAVIN BOOTH, TELECOMS SERVICE MANAGER, NYCC


OTP BANK

Retail bank delivers innovative customer service with RSA SecurID®

AT-A-GLANCE

Key Requirements

– Offer customers flexible, integrated banking services with full peace of mind

– Integrate easy-to-use authentication to create attractive banking services

– Minimize administration costs of managing customer accounts

Solution

– New bank account offering combines online and phone channels

– Market-leading one-time password authentication provided by RSA SecurID® hardware tokens

– Security features ensure customer data is protected regardless of operating system, browser, or device

Results

– Over 50,000 new customers have adopted new secure banking service

– Tokens enable users to access their accounts and carry out transactions anywhere, anytime

– Increased user independence reduces burden on bank for administrative tasks

OTP Group provides high-quality financial solutions to meet the needs of nearly 11.9 million customers across almost 1,500 branches, agent networks, and state-of-the-art electronic channels across Eastern Europe.

KEY REQUIREMENTS

Banking customers demand an increasingly sophisticated service from their financial-

service providers. In order to stand out in a fiercely competitive market, banks must

ensure that they not only offer compelling and innovative products and services, but also

that they can fully protect their customers’ precious savings and investments.

The Ukrainian subsidiary of OTP Bank faced exactly this challenge. Vladimir Shvedchenko,

Head of Electronic Business Development for the bank in the region, explains: “We

wanted to offer our customers integrated telephone and Internet banking support. At the

same time, in line with our commitment to providing only the best and most secure

services, we needed to ensure that access to our customers’ accounts was watertight but

simple so that even customers with no technology skills could participate.”

From an internal perspective, the bank needed to ensure that any user authentication

solution put in place to support the enhanced offering would also integrate smoothly with

its existing corporate infrastructure. It needed to offer single sign-on and as much user

self-service as possible to minimize its own administrative costs while boosting customer

satisfaction.

“ By offering our customers the ability to securely access their bank accounts either online or by phone using RSA SecurID® two-factor authentication, we have significantly enhanced the quality of their experience. At the same time we have accelerated growth of our customer base as we can offer highly attractive new services.”

VLADIMIR SHVEDCHENKO, HEAD OF ELECTRONIC BUSINESS DEVELOPMENT, OTP BANK UKRAINE

www.rsa.com


©2011 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, and SecurID are trademarks or

registered trademarks of EMC Corporation in the United States and/or other countries. All other trademarks

referenced are the property of their respective owners. OTPBANK CP 0611

SOLUTION

OTP Bank Ukraine analyzed a wide range of solutions for authenticating its customers to

access their accounts both online and by phone. It focused on evaluating the three key

criteria of security, usability, and platform independence, the last being particularly

important so that customers could access their online accounts regardless of operating

system, browser, or device.

“We wanted to use the best available one-time password, strong authentication

solution,” says Shvedchenko, and for this reason the bank chose to deploy RSA SecurID®

two-factor authentication hardware tokens from RSA – The Security Division of EMC, to its

customers. The solution is based on something the customer knows (a password or PIN)

and something they have (an authenticator) to deliver two levels of user verification.

“We felt that the RSA solution offered the strongest authentication capabilities combined

with an easy-to-use token that would appeal to our customers,” Shvedchenko continues.

“This fits with our strategic vision of offering customers one contract and one

authentication solution to cover all channels of interaction.”

The tokens were introduced to the bank’s OTPdirekt account offering so any customer

that opens an account is now automatically issued an RSA SecurID authenticator for

anytime, anywhere use.

RESULTS

In the first two years of operating the enhanced OTPdirekt service, the bank gained

50,000 new customers, all of whom were issued with an RSA SecurID hardware token.

The two-factor authentication solution has met with a positive response from users, who

are able to access their accounts and carry out transactions both online and by phone

very simply.

“This initiative has not only proven appealing to our customers but also cost-effective

and simple to manage for us,” concludes Shvedchenko. “By equipping our customers

with safe and controlled access to their account information using any device or browser,

we are also demonstrating to the industry that OTP Bank is taking the right steps to offer

new services without compromising customer security and satisfaction.”

“ We felt that the RSA solution offered the strongest authentication capabilities combined with an easy-to-use token that would appeal to our customers.”

VLADIMIR SHVEDCHENKO, HEAD OF ELECTRONIC BUSINESS DEVELOPMENTOTP BANK UKRAINE


RED BULL RACING

Red Bull Racing Wins Big with Two-factor Authentication from RSA® SecurID®

AT-A-GLANCE

Key Requirements

– Ability to authenticate access to critical applications and email over VPN, even under tough physical conditions

– Watertight protection for team data in highly competitive field

– Easy-to-manage model to optimize efficiency of IT and security teams

Solution

– Robust RSA SecurID hardware authenticators stand up to weather and hard work in the pit lane and on the move

– Easy-to-read tokens encourage user uptake and facilitate fast VPN access under pressure

– RSA Authentication Manager solution integrates smoothly with Cisco and Citrix platforms for a seamless virtual working environment

Results

– Reliability of new hardware tokens remains at 100 percent after one year in production

– Setting up a new token now takes two minutes instead of 30 with previous authentication model, and can be completed simply by IT help desk

– Overall management of authentication solution is less time-consuming, enhancing security team efficiency

The Red Bull Racing team, based in Milton Keynes, England, are double Formula 1 World Champions. The team is, along with Scuderia Toro Rosso, one of two teams owned by beverage company Red Bull GmbH. In both 2010 and 2011, the team won the Constructors’ Championship and team-member Sebastian Vettel won the world drivers Championship.

KEY REQUIREMENTS

A day in the life of a world-champion F1 company is far from office-based. The Red Bull

Racing team regularly competes in Grand Prix all over the world, meaning that many

employees are often on the move. Indeed, individuals frequently need to access the Red

Bull corporate network from challenging locations and under significant time pressure –

particularly those based in the pit lane on race day.

In a fiercely competitive field like F1 racing, however, providing employees with fast and

reliable access to critical applications and email is just half of the story. At the same time,

Red Bull must ensure that any unauthorized attempts to access its network are effectively

prevented to keep team secrets from being leaked.

To enforce a sufficiently high level of security, Red Bull implemented a company policy

demanding the use of two-factor authentication for its remote VPN. However, its existing

solution was not able to meet its usability requirements. Neil Bailey is IT Infrastructure

Manager at Red Bull Racing, and he outlines the issues: “The hardware tokens we were

using weren’t very user-friendly and we had a lot of feedback that people found them

hard to read. Login failures were an everyday occurrence, with many employees regularly

frustrated in their attempts to catch up on their email from their hotel after a day in the

field. The tokens were causing problems trackside as well, as they had a tendency to stop

working if they got wet. This isn’t acceptable when the team needs to access the VPN at a

moment’s notice and in all weather.”

With tokens failing so regularly, administering and replacing them was fast becoming a

costly and time-consuming burden for the IT team as well.

“ We couldn’t afford to lose any more time to ineffective authentication measures, so we wanted to go with the industry leader to ensure we got the high quality we needed. In the end, the fact that RSA is the leader in this field was only one of the many reasons we had to put our trust in its RSA SecurID hardware authenticators.”NEIL BAILEY, IT INFRASTRUCTURE MANAGER, RED BULL RACING

www.emc.com/rsa


©2012 EMC Corporation. All rights reserved. EMC, RSA, RSA Security, the RSA logo and RSA SecurID are the property

of EMC Corporation in the United States and/or other countries. All other trademarks referenced are the property of

their respective owners. RDBLL CP 0512

SOLUTION

Red Bull Racing had worked with communications services provider NextiraOne, on many

trackside infrastructure projects for a number of years. It therefore naturally turned to this

trusted partner to help identify and implement a new two-factor authentication solution

that would deliver the reliability and usability that the team needed.

“We couldn’t afford to lose any more time to ineffective authentication measures, so we

wanted to go with the industry leader to ensure we got the high quality we needed,” says

Bailey. “In the end though, the fact that RSA is the leader in this field was only one of the

many reasons we had to put our trust in its RSA SecurID hardware authenticators.”

Hardware tokens were issued to around 400 employees, who adopted the new

technology enthusiastically thanks to the user-friendly, easy-to-read design. In addition

to the robust, reliable hardware element, Red Bull Racing was impressed by the fact that

the power behind the tokens–RSA Authentication Manager–integrated smoothly with its

existing IT environment.

“We were pleasantly surprised by how well the solution integrated with our Citrix Access

Gateway VPN,” Bailey comments. “It also works very well with our Cisco Secure Remote

Access solution, enabling smooth delivery of applications. This effortless interoperability

meant that migrating our user base to the RSA platform was quick and hassle-free.”

RESULTS

A year after introducing the RSA SecurID-based authentication solution, Red Bull Racing

can see improvements across the board. The robust hardware tokens are able to

withstand exposure to the rigors of the pit lane while ensuring that users can always

access the VPN and its essential applications whenever and wherever they need to. “The

authenticators have had a reliability rate of 100 percent,” says Bailey. “We’ve not had a

single hardware failure.”

Where new tokens need to be allocated–for example to new employees–the process is

now much simpler and more efficient too. Previously, a skilled security expert would need

to spend about 30 minutes in the authentication-management console, setting up a new

user and allocating them a token. Using the RSA Authentication Manager console, new

users can now be set up in just a couple of minutes. The process is less complex now as

well, meaning Red Bull Racing is able to outsource management of its authentication

fleet to its IT help desk, freeing up the security team to focus on more innovative and

mission-critical projects.

Bailey comments: “The difference between our previous model and the RSA SecurID

authenticators is significant. With the new solution, we’re confident that our team can

perform to the best of their ability at all times, and when you’re striving to be the best in

the world, that’s very important.”

“ The RSA SecurID authenticators have had a reliability rate of 100 percent. We’ve not had a single hardware failure. With the new solution, we’re confident that our team can perform to the best of their ability at all times, and when you’re striving to be the best in the world, that’s very important.”

NEIL BAILEY, IT INFRASTRUCTURE MANAGER, RED BULL RACING


RUPERT HOUSE SCHOOL

Flexible system and authentication mechanismshelp school maintain the highest standards

AT-A-GLANCE

Key Requirements

– Users struggle with cumbersome security mechanisms

– Lack confidence in providing remote access to systems

– Public data disclosure would lead to damaging publicity

Solution

– Consult with trusted ICT provider Polar Computer Communications

– Safe and controlled access to network assets for any user

– Trust the identities of remote employees when they use network resources

Results

– Reduced risk by deploying strong authentication for workforce

– Sensitive personal data is protected

– Compliance with guidelines and mandatory security requirements

Rupert House School is a UK-based preparatory and pre-preparatory school that teaches approximately 230 pupils every year. Housed in a seventeenth century building in Henley-on-Thames, just west of London, the school was established as a trust over 50 years ago. Today, Rupert House has a reputation for providing an outstanding educational platform for children before they move to secondary education at the age of eleven. To find out more, visit: www.ruperthouse.org/index.html

KEY REQUIREMENTS

As a private educational establishment, Rupert House sets its own curriculum for students to follow. This permits the school to establish unique elements of learning for its children, for example, teaching the French language beginning at the age of six years old.

The school sets high achievement targets for its students and expects the same from the teaching staff. To meet the teacher objectives, the school recognized the need to offer flexible working options by allowing staff to access the school network remotely. This would enable them to carry out a range of tasks from pupil reports to assessments and marking from any location rather than just the school staff room.

However, the school’s network holds sensitive personal data such as pupil and parent information. If the network became compromised, resulting in the loss or theft of sensitive data, it could have potentially devastating consequences for both the school

and the security of its pupils, parents and staff.

As a result, before it could permit teachers remote access to the network, the school was

advised by Polar Computer Communications to ensure that security was watertight and

that it complied with data protection regulations, as set out by the UK Data Protection

Act and Becta guidelines.

The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK.

“ Providing our staff with remote and secure access to the school network has accelerated our aim to ensure best practice across all areas of endeavor within Rupert House School.”

HELEN MACKMAN, BURSAR, RUPERT HOUSE SCHOOL

www.rsa.com


©2010 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, and SecurID are the property of

EMC Corporation in the United States and/or other countries. All other trademarks referenced are the property of

their respective owners. RHS CP 0910

Becta is a government agency that leads the national drive to ensure the effective and innovative use of technology throughout learning. It also helps ensure that the market develops products and services that meet the needs of the education and skills sector and provide value for money.

SOLUTIONRupert House’s long standing and trusted ICT network solutions provider is Polar Computer Communications (Polar) which has provided professional network services to the educational, retail, financial, telco and public sectors since its inception in 1997. Helen Mackman, Bursar, Rupert House School, said: “We have had a strong relationship with Polar for several years and it was natural to ask their advice.”

Simon Bird, Sales and Marketing Manager, Polar, said: “We didn’t want to introduce a cumbersome security mechanism that users might struggle with. A secure hardware token solution ticked all the necessary boxes.”

Polar recommended and deployed an SSL VPN solution incorporating RSA® SecurID® hardware tokens, a two-factor authentication solution from RSA, The Security Division of EMC. The security of two-factor authentication is based on something the user knows (a password or PIN) and something they have (an authenticator or token).

The same basic principle is applied in the everyday use of a bankcard at a cashpoint, however the key differentiator is that an RSA SecurID authenticator displays a 6-digit code that changes every 60 seconds creating a secure password when used in combination with the PIN.

When a user enters the code and PIN, the back-end server verifies the code and authenticates the user. This would ensure confidence that only legitimate users are accessing the school’s resources as well as provide the flexibility to enforce policy and apply controls as required.

RESULTS

Helen Mackman says: “The technology from the teacher side is the hardware tokens. A teacher simply accesses the school website, enters their name and the code that is being displayed on the key at that moment in time. They then enter through the school’s online portal into the school network.”

Users can access parts of the network that are relevant to them such as pupil information, educational assessment reports and reports for parents on their child’s progress. It has produced quite a change for the staff by effectively handing ownership back to the teachers, who are no longer constrained by school working hours and can log onto the network when it is convenient for them.

The school has reduced risk and cost by deploying strong authentication for its staff and also introduced flexibility for teachers in their working hours and more balance in their life. This promotes improved staff efficiency as they are better able to prepare pupil reports, teaching tools and lessons from home, and in turn, means that they can provide more concentrated attention to the children when in school.

Importantly, the school is also complying with the Data Protection Act and Becta guidelines. The Information Commissioners Office, which enforces the Data Protection Act, is vigorous in its pursuance of data miscreants and can, if it feels the need, impose severe fines on organisations. The Becta guidelines, while not mandatory, also represent best practice principles for educational establishments and compliance with them is viewed as essential to ensure the very best operational practice.

Helen Mackman adds: “At Rupert House School we endeavour to do the best across all areas. Providing our teachers with working flexibility is no exception, and meeting national guidelines and legislatory needs is also critical.

“At Rupert House School we aim to do the best across all areas. Providing our teachers with working flexibility is no exception and meeting national guidelines and legislatory needs is also critical. Secure remote access has helped us achieve this.”

HELEN MACKMAN, BURSAR, RUPERT HOUSE SCHOOL


SIGNIFY

A Decade of Secure, HostedAuthentication Services

AT-A-GLANCE

Key Requirements

– Provide secure hosted two-factor authentication services

– Ensure reliability and flexibility to fit with customer requirements

– Deliver support at all times to guarantee 24x7 access for users

Solution

– Market-leading two-factor authentication underpins hosted security offerings

– Tokens identified as best market offering through constant testing

– Hosted system delivers 99.999% uptime

Results

– Customers receive secure, fault-resilient and easy-to-use remote access service

– In-house teams have more time to focus on mission-critical projects

– Hosted offering delivers cost savings over internally-managed authentication

Since 2000, Signify has built an outstanding reputation for delivering secure, reliable and flexible two-factor authentication which is quick and easy to deploy. It has an extensive client base across sectors including major multi-national corporations, small- and medium-sized businesses, professional services, central government and local authorities.

KEY REQUIREMENTS

Signify has offered hosted two-factor authentication services to its customers across the

UK for ten years. Over this time, Signify has seen an ever increasing demand among its

customers, whatever industry they operate in, for hosted or Software-as-a-Service (SaaS)

options as well as on-premises solutions.

Dave Abraham, Signify’s CEO, explains: “Many of our customers ask us to manage their

two-factor authentication solutions for them as they want a reliable, secure and flexible

solution that is quick and easy to install, but they don’t have the in-house resources to

do it themselves.”

Managing authentication systems securely can be complex, as each user must be given

the correct access rights and credentials, which may change over time. Organizations that

operate 24x7 also need support that is always available so employees who lose their

authentication token or forget login details can get back online quickly or have their

account blocked to prevent unauthorized use.

“There are two key components that we need to address in order to serve our

customers,” comments Abraham. “The first is ensuring they are equipped with the right

security authorization technology, like a VPN and authentication tokens. The second is

having the processes and infrastructure in place to keep it running at all times.”

“ The decision to choose the Signify and RSA managed service was pretty simple. Their focus in this area offered all the features we needed and delivered a 24x7 service for far less than the real in-house cost.”

TERRY WALKER, IT DIRECTOR, KIER GROUP PLC

www.rsa.com


©2010 EMC Corporation. EMC, RSA, RSA Security, the RSA logo, (other EMC trademarks) and (other RSA trademarks)

are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks

mentioned are the property of their respective owners. SIGNIFY CP 0910

SOLUTION

As an independent solutions provider, Signify constantly monitors the market for the

most effective security technologies to recommend to its customers. It carries out regular

tests of the solutions it uses against other offerings to ensure it stays up-to-date on the

best solutions. It has worked with RSA – The Security Division of EMC – for ten years and

is the only European managed security service provider to be an accredited RSA partner.

“After a decade, we still find the RSA SecurID® authenticators to be the best and most

reliable hardware tokens on the market,” says Abraham. “You can drop them in a glass of

water and they still work – no other tokens are that robust.” This reliability means that

Signify can deliver a much more cost effective service to its customers, as the need to

purchase replacement tokens is rare. “The track record of the RSA technology has proven

that is has a very low failure rate,” he adds.

Signify is committed to delivering a positive customer experience for all of its services.

The RSA SecurID technology, providing market leading one-time password strong

authentication, in a breadth of options including software, hardware and SMS, forms the

foundation. Recently included in the service is SaaS login, enabling users to use these

same authentication options to securely access ‘Cloud’ applications such as Salesforce.

com and Google Apps.

In addition Signify has created its own user interface, called the Identity Management

Centre (IMC), which its customers can use to manage user criteria themselves and

manage user access reports in line with audit requirements. A web-based helpdesk is

also available to provide 24x7 support for any users with questions or access issues.

“We regularly carry out audits to test the quality of the two-factor authentication service

we provide to our customers, and have found that we have better than 99.999% uptime,”

Abraham says. “Including planned maintenance, we had just two minutes of downtime in

the last three years.”

RESULTS

The service that Signify is able to offer, based on this technology, has brought real

benefits to clients across many industries. “The Signify managed service has provided us

with a secure, fault-resilient and easy-to-use remote access service and has freed up our

in-house IT teams to focus on other key challenges,” says Warner Beekmeyer, Network

Security Manager for law firm Lovells LLP.

For Royal Vopak, a global market leader of independent bulk liquid storage terminals, a

good hosted service is one that needs no managing and delivers a reliable 24x7 service.

Lambert Caljouw, an Enterprise Architect with the company, explains: “With our previous

provider, some of the tokens would run out of synchronization and that could cause

problems. Because the support staff is not round-the-clock, a forgotten password or a

lost token would often cause significant delays for employees needing to access data.

Signify handles everything from dispatching devices and rights administration to

handling lost tokens or forgotten passwords. It’s a no hassle solution and if a user does

lose a token, Signify provides them with secure emergency access by delivering a one-

time passcode to a mobile phone, PDA or PC by SMS or email.”

“ After a decade, we still find the RSA SecurID authenticators to be the best and most reliable hardware tokens on the market.”

DAVE ABRAHAM, CEO SIGNIFY


TIVIT

Brazilian IT Outsourcing Company Reinforces Security Compliance with RSA

AT-A-GLANCE

Key Requirements

– Reinforce the security of internal data and remote access processes

– Ensure compliance with industry standards, such as those set by the PCI DSS

– Extend use of flexible, remote working among employees

Solution

– RSA® Data Loss Prevention Network identifies and protects sensitive and regulated data being sent out of the organization via email and other network traffic

– RSA SecurID® delivers two-factor authentication to enhance security when employees access systems remotely

– Local RSA Professional Services team provided tailored support, with deployment completed in just three days

Results

– More insight and control over the security of sensitive data leaving the network

– Able to demonstrate full compliance with security standards to customers in any industry

– Enhanced expertise in IT security, with this incorporated into service portfolio

Based in Sao Paulo, TIVIT provides integrated IT, application systems, and business process outsourcing (BPO) services to clients in Brazil and the rest of the world. With an extensive portfolio of services and a consultative approach to assisting clients, it delivers solutions to organizations in the finance, manufacturing, healthcare, professional services, and utilities sectors.

KEY REQUIREMENTS

IT security is a key concern for TIVIT and its clients, many of whom operate in industries

where specific data protection regulations, such as the Payment Card Industry Data

Security Standard (PCI DSS) apply.

With this in mind, TIVIT is committed to enhancing its internal systems and working

environment to ensure full compliance with regulatory requirements. As part of its efforts,

it identified the need for enhanced insight into the information that was being shared on

its network to help identify potential risks more readily.

In addition, as a client-centric organization, TIVIT aimed to enhance its employees’ ability

to work flexibly on-site at clients’ offices. It wanted to further secure the process of

establishing a remote connection to its servers by introducing multi-factor authentication.

Selma Aparecida Malaguti Aguilera from TIVIT’s Corporate IT and Compliance department

explains: “As an organization, we understand the need for a comprehensive approach to

ensuring the security of our operations, taking into account the IT systems used to access

and share data, the behavior of our employees when handling sensitive information, and

how good practices are enforced. The work we do has a fundamental impact on the IT

security of our clients’ organizations. It is crucial, therefore, to ensure the thoroughness

of our own approach to data protection.”

“ Implementing RSA Data Loss Prevention and RSA SecurID has helped us accelerate our efforts towards ensuring compliance with our customers’ security demands and regulations, such as PCI DSS. As well as ensuring our own operations are secure, this provides extra reassurance to our clients and partners, many of whom operate in industries where these regulations apply.”

SELMA APARECIDA MALAGUTI AGUILERA, CORPORATE IT AND COMPLIANCE, TIVIT

www.emc.com/rsa


©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, and SecurID are trademarks

or registered trademarks of EMC Corporation in the United States and/or other countries. All other trademarks

referenced are the property of their respective owners. TIVIT CP 0312

SOLUTION

After assessing network-monitoring solutions from RSA and its competitors, TIVIT

commissioned Proof-of-Concept (PoC) trials of RSA Data Loss Prevention (DLP) Network

and a competitor’s offering to better determine their suitability for its requirements. It

also undertook a broader evaluation of the overall strength of their security offerings.

Following its evaluation, TIVIT chose to implement RSA DLP, based on its performance

during the PoC and taking into account the strength of RSA’s full product range and its

broader position within the security marketplace. In particular, TIVIT selected RSA for its

proven experience of deploying DLP globally and the better cost-benefit ratio it offered.

TIVIT enlisted the support of a local RSA Professional Services team to support the

deployment. This proceeded smoothly, taking just three days to roll the solution out to

about 3,000 users across the company’s network.

It also deployed 1,300 RSA SecurID hardware tokens to enhance the log-in process for

employees when accessing its systems remotely or connecting to its wireless network.

As part of its support for the project, the RSA team helped ensure that TIVIT was fully briefed

on how to use the new solutions. It conducted knowledge-transfer sessions with specialists

at the company, enabling them to share their learnings within the organization.

RESULTS

Following the implementation, TIVIT is able to maintain a much stronger position on security

and compliance. By using RSA DLP Network to provide full visibility into the information that

is sent across its network, it is easier for administrators to identify potential data-protection

risks and enforce security best practices among employees. For example, DLP can highlight

if a user is detected sharing unencrypted financial or personally identifiable information,

allowing administrators to take corrective action if necessary.

TIVIT has used DLP to create security rules to identify sensitive internal data, such as

credit card numbers and data which is covered by TIVIT´s classified-information policy,

and improve the way this is handled.

With a greater understanding of how its network is used, TIVIT can develop more effective

security policies and provide more targeted advice to users on how to ensure information

is kept safe. In the event of an incident, DLP allows TIVIT’s administrators to take control

of the situation faster and quickly identify any issues that need to be resolved.

By using RSA SecurID to enhance security when employees connect to its network,

TIVIT has further minimized the risk of sensitive information being accessed without

permission. The deployment has reinforced its compliance with data-security regulations

such as the PCI DSS.

Aguilera comments: “With the DLP and SecurID solutions in place, we are more confident

than ever that the data on our systems is secure. By deploying these technologies, we’ve

been able to send a clear message to our clients and partners that we take the security of

our information seriously and share their priorities when it comes to ensuring compliance

with industry data-protection requirements.”

As well as enhancing TIVIT’s reputation among its client base, the success of the

relationship with RSA has also presented an opportunity to potentially add security

services to its offering. With the security of its own systems ensured, TIVIT is now

considering partnering with RSA to further extend the benefits of RSA solutions to its

clients.

“ With the security solutions in place, we are in a better position both to serve our existing clients and pursue new business opportunities. Demonstrating the strength of our internal security measures has enhanced our reputation as an IT partner, and the development of our relationship with RSA offers the potential for us to develop related services in the future.”

SELMA APARECIDA MALAGUTI AGUILERA, CORPORATE IT AND COMPLIANCE, TIVIT


U.K. LOCAL AUTHORITY

Local authority secures compliance with two-factor authentication

AT-A-GLANCE

Key Requirements

– A platform for governance, risk, and compliance that meets requirements of U.K. government Code of Connection (CoCo) in order to connect to the Government Connect Secure Extranet (GCSx)

– Two-factor authentication for secure remote access

Solution

– Deployed two-factor authentication

– Provided approximately 300 hardware tokens for employees and made available 500 tokens for contractors

Benefits

– Met CoCo stipulations, ensuring appropriate authorization for GCSx access

– Quick adoption by end users due to ease of use

– Anticipate long-term IT cost savings with more efficient remote-access provisions

This local government authority serves the needs of residents in a large geographical stretch of northern England. These services cover a broad range of areas including housing, social services, environmental planning, transport and street maintenance, benefits and advice, and help during emergencies.

KEY REQUIREMENTS

Communication with central government is absolutely central to the local authority’s

operations. For example, the council needs to regularly send information on the number

of people claiming benefits to the Department of Work and Pensions. This information,

and that collated from other local authorities, helps inform central-government policy

while ensuring local authorities receive the funds they need.

This communication takes place over a secure WAN, known as the GCSx. GCSx is also

connected to the Government Secure Intranet (GSI). Other local authorities, central

government, and national government-funded organizations such as the National

Health Service and the Police National Network also use this WAN.

To strengthen security, central government developed the CoCo for all organizations

that connect to the GCSx. The CoCo is a list of security requirements, approximately

200 in total, which all local authorities must comply with before their GCSx circuit

can be activated.

The government authority needed a platform for GRC programs and a two-factor

authentication solution that would provide secure access for employees and contractors.

“ With RSA® SecurID® providing two-factor authentication for secure, remote network access, we are now assured that our users are who they say they are. This means we are able to provide them with access to the applications they need as and when they need them. Furthermore, it accelerates our drive to meet regulatory mandates issued by central government about the management of data.”

IT BUSINESS MANAGER, U.K. LOCAL AUTHORITY

www.rsa.com




property of their respective holders. UKLOC CP 0211

SOLUTION

CoCo regulations cover a wide range of measures including locking down laptops,

securing data against theft, and guidelines for desktop PC usage. The local authority

met these requirements but needed to strengthen network access for remote workers

in compliance with CoCo mandates.

It had previously operated a standard username and password system to gain access

to its network, but the GCSx then required a strong two-factor authentication solution.

The council asked a number of companies to submit proposals. A network-security

company provided a presentation on RSA SecurID two-factor authentication from RSA,

The Security Division of EMC. RSA SecurID is based on something you know (a password

or PIN) and something you have (an authenticator).

The IT Business Manager at the local authority explained: “IDsec’s presentation was

second to none and it was an easy decision to choose RSA SecurID. From a network

perspective we are a Cisco house. RSA SecurID has a powerful and proven track record

especially within government organizations and integrates very easily with Cisco

technologies.”

The network company then used its technical ability and IT skill sets to ensure the RSA

SecurID solution was implemented within a short time frame and “very smoothly,” added

the IT Business Manager. Three hundred RSA SecurID hardware tokens were provided to

various council employees working from home, such as IT and finance staff. A further 500

RSA SecurID software tokens were made available for contractors who need temporary

network access.

These tokens ensured the authority’s network could only be accessed by authorized

people, while also delivering very strong security.

RESULTS

The strong authentication solution has ensured that the local authority can now positively

identify people who are accessing its local area network, virtual private networks, and

the GCSx.

The IT Business Manager said: “The RSA SecurID technology has instilled great

confidence that all data sent across our network is transported securely. For example,

financial employees working from home may need to collate data on the council’s

network and then send it to the Department of Work and Pensions over the GCSx. They

can do this securely and easily by using the RSA SecurID hardware tokens. In fact, if

they’re not using this authentication, they’re simply not allowed access to any networks.”

Aside from the improved security and compliance with CoCo requirements, the council

also praised the solution’s ease-of-use as a further significant benefit with users

understanding the technology very quickly.

It also anticipates long-term cost savings arising from a decreased need for IT staff to

establish remote network connections. The council can simply centrally manage remote

network users, as and when needed.

“ We have raised our security profile and simplified compliance with the mandatory Code of Connection thanks to RSA SecurID. Eventually we plan to extend use of RSA SecurID in line with our evolving needs.”

IT BUSINESS MANAGER, UK LOCAL AUTHORITY


VIRGIN BLUE

Virgin Blue’s productivity takes off with on-demand authentication tokens

AT-A-GLANCE

Key Requirements

– Replace cumbersome VPN-based IT environment with strong authentication to allow more efficient employee access to corporate data

– Simplify IT security management

Solution

– Deployed on-demand access solution via SMS authentication tokens to 7,500 employees and hardware tokens to about 1,500 users

– Tokens provide remote access to new web-based corporate portal

Results

– Call center workers 10 percent more productive

– Mobile employees access critical data as needed

– Self-service features mean no increase in IT support despite a 1000 percent increase in tokens used

– Third parties able to use new solution

Virgin Blue has accomplished a lot in its years of operation. Launched in 2000 as the first sustainable low-fare airline in Australian skies, it has established a global reputation as an innovator and leader in the aviation industry. It started operating a single route, with just 200 staff, and now flies thousands of passengers across the South Pacific region and beyond, and employs more than 7,000 people.

KEY REQUIREMENTS

As a major player in the Australasian aviation industry, Virgin Blue needs to stay agile.

Having the flexibility to adapt quickly to changes in market and customer demand

is essential.

Having quickly grown from a company of a few hundred people to several thousand, its

employee productivity was often hampered by its IT environment. Mobile workers, such

as IT support staff and senior executives, relied upon a VPN to access information when

away from the office. Based on physical security tokens from another vendor, this model

was hard to manage and could stop key employees from being able to do their jobs.

Virgin Blue decided to develop a web-based secure portal to provide staff access to

corporate information. The online model would also support the significantly larger

user base more smoothly and reliably.

Alistair Crawford, IT Infrastructure Manager for Operations at Virgin Blue, explains:

“The aim was to give other groups of workers, such as call center operatives, the option

to work from home while also enabling traveling staff to access the company system even

when abroad. These goals meant that user authentication and management became

even more important though.”

“ By deploying RSA® SecurID® on-demand authentication tokens we have not only accelerated our transition to a fully mobile productive workforce, but we’ve also driven time and cost savings for both IT and the business at large.”

ALISTAIR CRAWFORD, IT INFRASTRUCTURE MANAGER FOR OPERATIONS, VIRGIN BLUE

www.rsa.com



trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property

of their respective holders. VBLUE CP 0211

SOLUTION

The company needed a strong authentication system with the highest possible

availability to support wider remote access, 24x7. It was also essential to have a

management solution that would minimize the amount of time the IT team needed to

spend on support of the authentication system. The time invested in administering the

incumbent hardware tokens was significant, and the team could not accommodate a

corresponding increase as the user base grew.

After considering a number of solutions, Virgin Blue carried out tests on the

authentication, integration, and failover capabilities of RSA SecurID on-demand SMS

tokens from RSA – The Security Division of EMC. “During the evaluation stage, RSA

worked proactively with us to ensure the solution was tailored to meet our specific

requirements,” says Crawford. “For example, we needed to ensure the solution worked

internationally, so that pilots and cabin staff could get onto the system in an emergency

from any location.”

He continues: “In the end, we chose the RSA solution as it met all our requirements

around availability and manageability. It was clearly the perfect fit.”

RSA SecurID two-factor authentication is based on something each user knows (a

password or PIN) and something they have – in this case an on-demand authenticator

delivered by SMS. This provides Virgin Blue with a much more reliable level of user

authentication than reusable passwords.

RESULTS

The solution enabled 50 call center staffers to work from home, increasing the number

of calls they can take by 10 percent. Mobile employees are also more productive as they

can keep working even when on the move.

The new web-based system is more reliable, reducing organizational down time and

administrative costs. This is most obvious in the fact that despite the 1000 percent

increase in the token base, the support team has remained the same size. The solution’s

self-service portal enables end users to manage their own tokens easily and simply.

“All of this was enabled by the authentication system provided by RSA,” says Crawford.

“It was smooth and quick to integrate, it’s easy to use, and it delivers the reliability and

availability we need. Without it, we could not have introduced the web-based corporate

portal.”

Virgin Blue is already working on expanding the solution further, providing tokens

to more call center staff as well as certain third parties. “For example, by allowing

engineering companies secure direct access to information on our system, we can

help them update aircraft-maintenance records quicker,” Crawford explains.

He concludes: “We’re the first airline in the region to adopt this innovative high

availability approach, and thanks to RSA it’s been a great success and secured

our leading reputation.”

“ Our project was enabled by the on-demand SMS authentication system provided by RSA. It was smooth and quick to integrate, it’s easy to use, and it delivers the reliability and availability we need. Without it, we could not have introduced the web-based corporate portal.”

ALISTAIR CRAWFORD, IT INFRASTRUCTURE MANAGER FOR OPERATIONS, VIRGIN BLUE

RSA Customer Profiles: RSA SecurID - tech. · PDF fileRSA SecurID case studies by region Click...

Documents

Transcript of RSA Customer Profiles: RSA SecurID - tech. · PDF fileRSA SecurID case studies by region Click...