Skip to main content

Protecting Remote Access users of Tax and Customs VPN systems within the Portuguese Ministry of Finance

D.G.I.T.A is the IT arm of the Tax and Customs Departments within the Portuguese Ministry of Finance. Their objective was to find a secure remote access solution to an increased number of auditing personnel who required access to the central systems whilst away from the office visiting taxpayers.

 

The Challenge

The Tax and Customs Departments of the Portuguese Ministry of Finance have traditionally been using a token-based system for VPN access, necessitating the need to combine a personal identification number (PIN) with a token code. Only fifty people had the resources to work remotely in this way, but an easier and more secure system was sought to accommodate the department’s entire team of 1,800 agents to allow them to work away from the office at the corporate sites they were auditing.

D.G.I.T.A had recently purchased the IAG SSL VPN solution from Microsoft to allow remote access and the challenge was to find a complementary strong authentication solution for the employees accessing remote files from their laptops via UMTS.

With the increased level of personnel requiring remote access to their systems, D.G.I.T.A was concerned about the logistics and costs involved in dispatching 1,800 tokens to remote employees in the deployment phase, and the additional necessity of mailing tokens should any employees forget or misplace their tokens. The recuperation of tokens was also a consideration that needed to be addressed. The combination of all of these factors led to the search for a tokenless authentication solution.

The Solution

Recommended by a leading IT company in Portugal, D.G.I.T.A chose Swivel Secure’s multi-factor authentication platform to protect remote users accessing the systems through the VPN. D.G.I.T.A utilised, PINsafe®, Swivel Secure’s patented One-time Code (OTC) extraction protocol and provided every user with a unique PIN code. This code is combined with a randomly generated security string in order to extract an OTC for every login generated. The user is only asked to remember his PIN in order to extract an OTC at the time of receipt of the security string, which is sent to them either via the web browser or the mobile phone. PINsafe® was seen to be secure and very easy to use, which made it the perfect solution for users at the Tax and Customs Departments of the Portuguese Ministry of Finance.

“Because of the large increase of employees needing to gain remote access to their files, it was imperative for us to provide a one-time access code system that would be easy to manage and deploy.”

“With agents spread all over the country it would be difficult to send a token to every person and then activate the token at the office, so, for logistical reasons, the tokens were just not considered a viable option.”

Pedro Pereira, IT Security Officer/ D.G.I.T.A at the Portuguese Ministry of Finance

The district managers were provided with a general manual of instructions and then trained their personnel. The Swivel Secure Authentication Platform was quickly incorporated and taken on board with ease and the newly integrated Swivel Secure system is expected to be a long term, cost-effective solution for the Tax and Customs Departments of the Ministry of Finance.

The Outcome

Ease of use and security provide peace of mind for all.

The transition to Swivel Secure occurred easily and, since its deployment six months ago, only a handful of administration queries have arisen, which is a great success story considering the number of employees repeatedly accessing (approximately 5 times per day) the system remotely. There are now 1,800 agents working productively from remote locations, able to securely access their files. The objective was accomplished with the minimal implementation or end-user issues and at a very reasonable cost.

“The worry of employees losing their tokens often meant a loss of money that has been invested, With PINsafe® if an employee retires or leaves the company the license can be transferred to someone else, which is a much more cost effective solution for us.”

“Swivel Secure is just an easier option all round, for both the employee and the IT department, as the agents don’t need to remember to carry a token with them. We are so impressed with the Swivel Secure system we will probably increase its use within the Tax and Customs Departments over time.”

Pedro Pereira, IT Security Officer/ D.G.I.T.A at the Portuguese Ministry of Finance

Contact Swivel Secure Today

  • This field is for validation purposes and should be left unchanged.