Providing cost-effective, secure access to Durham County Council’s Virtual Private Network and Public Services Network through One Time Code Authentication
Durham County Council comprises an elected assembly of 126 councillors accountable to over 513,000 people in County Durham. 18,800 people work for the council, delivering a wide range of services, as well as representing and promoting the interests of the county in regional, national and international affairs.
The Challenge
With almost 19,000 employees working across a variety of locations in the region, Durham County Council needed to ensure its employees could securely access the corporate virtual private network (VPN) from any location, in order to maximise the productivity of its dynamic and flexible workforce. Due to the sensitive nature of information hosted on the corporate VPN, it was essential that any employee operating outside the control and protection of the fixed network perimeter was able to do so securely.
In addition to the corporate VPN, the council’s employees also work across the Public Services Network (PSN); a unified, interconnected ‘network of networks designed to enable the nationwide secure exchange of information relating to public services. As the PSN provides a means of sharing potentially sensitive public service data, it was again essential that those accessing the systems, either from a remote location or from their own offices, were appropriately authenticated.
To enable its employees to access the corporate VPN and the PSN from any location, the council implemented a token-based multi-factor authentication system. It soon became evident that a solution based entirely on physical tokens was unsuitable; once the initial implementation investment was factored alongside the ongoing cost of provisioning tokens to replace those that had been lost or stolen, the overall system was deemed to be cost-prohibitive.
The Solution
To try and combat the extensive costs associated with the token-based approach, Durham County Council implemented an SMS-based tokenless authentication solution. While the council found that this alternative was indeed more effective, costs once again began to climb due to the licensing structure of the solution’s supplier.
To address the problem, Durham County Council turned to Sapphire, Trusted Security Integrator. A national ISO 27001 certified solutions provider with a reputation built on providing secure, flexible working solutions to clients in both the public and private sectors.
Knowing that price, usability and flexibility were key requirements for the council, Sapphire recommended a multi-factor authentication solution from a global network security solution provider, Swivel Secure. Having previously recommended the Swivel Secure platform AuthControl Sentry® for a number of its customers requiring a similar solution, Sapphire was confident that the platform would meet the council’s evolving needs.
Swivel Secure’s multi-factor authentication solution, based on a challenge-response system, allows companies to take back control of security and protect their networks by putting the user at the heart of the authentication process; a user is sent a ‘challenge’ to which they must respond. The company has over 14 years of experience in delivering multi-factor authentication solutions to a wide variety of customers, many of which are within the public sector.
Durham County Council elected to implement the AuthControl Sentry® platform with the additional security level provided by its patented technology, PINsafe®. The PINsafe® protocol generates a One-time Code (OTC) each time a user needs to log in, thereby ensuring that only authorised users can access the council’s corporate network and the PSN.
Swivel Secure has been designed to provide its customers with a wide range of deployment options which enables easy and rapid integration within all common network environments. With staff previously responding well to the simplicity of an SMS-based system, the council opted to configure the Swivel Secure solution to utilise SMS once again. Despite the popularity of SMS, however, staff were frequently frustrated when they needed to access the network from a location that didn’t have a mobile signal; they were unable to gain access to the services they required until a signal could be re-established and the required SMS received.
The council therefore also opted to configure its system with tokens, thus allowing staff to choose the option that was most convenient, depending on their location and circumstances.
The SMS option can also be integrated with PINsafe. The OTC PINsafe® process combines the use of a registered PIN with ten-digit security strings that are sent to the user. The user then combines these in their head to work out a unique OTC. For example, if the user has a PIN of ‘1370’ the user would enter the first, third, seventh and tenth digits from their security string.
This patented extraction procedure positions the end-user at the heart of the authentication process since it requires them to be present at the time of login. This is a unique feature which differentiates Swivel Secure from other authentication technologies and ensures that the user’s PIN cannot be compromised by phishing, keylogging, man-in-the-middle and shoulder surfing attacks.
The council initially implemented 1,000 licenses when the solution was first deployed in 2011. Since then, Swivel Secure has been rolled out an extra four times within the council and is now used by a total of 4,400 employees.
“We have always been pleased with the Swivel Secure authentication solution and the great service and support that we receive from its team and Sapphire. The introduction of support for tokens gave us the flexibility we needed to offer service to our users, even when they had no mobile signal.”
Why Swivel Secure?
The council provided the following reasons for selecting the Swivel Secure authentication platform and PINsafe® protocol:
- The lower total cost of ownership when compared to other tokenless and token-based multi-factor authentication solutions.
- Greater flexibility in terms of deployment methods enabled the council to continue with its current working practices, thereby minimising any disruption for employees.
- Its ability to allow employees to securely access both the corporate network and the PSN.
- The rapid scalability of the product; allows new users to be quickly and easily provisioned.
- The responsiveness of the Swivel Secure support team which, alongside Sapphire, is able to resolve issues quickly and effectively
Business Benefits
Since installing the AuthControl Sentry® platform, the council has enjoyed a number of benefits, including:
Rapid provisioning of new users to access the network
Swivel Secure allows the council to take control of provisioning new users to the system, therefore the speed at which new users can access the corporate network has increased productivity.
Authentication appropriate to access rights
As a flexible authentication platform, Swivel Secure enables Durham County Council to assign an authentication level to each member of staff, meaning only authorised employees can access certain areas of the corporate network.
Improved customer service
Employees working remotely are able to access the corporate network and PSN quickly, securely and conveniently, helping them to provide a seamless service to the people of Durham, wherever and whenever they need it.
We have worked with Swivel Secure for many years and have always been impressed with the company’s flexibility when it comes to meeting customers’ exacting standards. Durham County Council is another example of how the company exceeds expectations and delivers an outstanding service. We are very confident in the solution and look forward to continuing our work with Swivel Secure into the future.
David Lannin, Director of Technology, Sapphire