Providing secure One-time Codes (OTC) to thousands of Leicestershire Council Employees through two-factor authentication mobile apps.
Leicestershire County Council is a local government authority based in Glenfield near Leicester. It provides a wide range of vital services to over 650,000 local people, living in approximately 267,000 households across the region. The council’s services are delivered by six departments which address the full range of public and community needs, including education, adult and social care to property services, environment and transport.
The Challenge
The council carried out an overhaul of its working practices, to bring it into line with technological advances and to maximise efficiencies through optimal use of its ICT infrastructure. The goal was to offer its 2500 remote working employees more modern working practices, by introducing flexible/remote working and ‘hot desking’ initiatives. These changes would in turn maximise productivity and create a smarter working environment, by ensuring that all employees, from senior officers and elected members to more junior staff and external suppliers, we’re able to remotely access the network wherever and whenever they needed. The initiative required the implementation of a new remote access solution and integration of a virtual desktop infrastructure (VDI), which is currently underway.
Due to the sensitive, and often confidential, nature of the information accessed by council employees, it was imperative that security was central to this overhaul of its ICT services. This would mean that anyone operating outside the control and protection of the fixed network perimeter was able to do so securely, without compromising the network to a data breach.
At the same time, the council also needed to ensure that it was meeting the compliance requirements of the Public Service Network (PSN). The PSN is the government’s high-performance network, which is used by a number of government departments. Because it is a shared network, the security of anyone user connected to the PSN affects the security of all other users and, ultimately, the network itself. It was therefore fundamental for the council to demonstrate that its security arrangements, policies and controls were sufficient in order to gain a PSN compliance certificate.
Finally, as a public sector body, cost efficiency was an extremely important factor for the council and this underpinned all of these changes.
The council had previously used token-based authentication but it became clear that this solution was not going to meet the needs of the new smarter working initiative or provide a cost-effective price point. What was needed was a security solution that could be integrated into the wider ICT services offering as part of a cohesive solution for the future of flexible working, whilst helping to manage expenditure. In order to find such a solution, the council went out to tender.
The Solution
After evaluating the available solutions on the market the council decided to implement Swivel Secure’s multi-factor authentication platform AuthControl Sentry®, from global network security solution provider Swivel Secure, with the help of reseller Phoenix Software Ltd.
Swivel Secure’s authentication platform offers the widest choice of authentication options available on the market. The council chose to use the mobile app and token-based deployment options.
The Swivel Secure mobile app authenticator can be configured in a number of ways, to deliver one-time codes (OTCs) or via OneTouch authentication, which is up to 10 seconds faster than conventional token-based or SMS methods. It can be used to authenticate access to the full range of remote environments, including virtual private networks, websites, corporate Cloud applications, and virtual desktops. The council chose to implement authentication via OTC.
To authenticate to the council’s network, an employee must enter their username, one-time code provided by AuthControl Sentry® and password into the web login screen. The Mobile App allows for the safe delivery of secure OTCs. With the option to store up to 99 OTCs and no SMS costs to consider, employees are able to authenticate even in areas with no mobile phone coverage for extended periods of time, an important consideration in a rural county.
To ensure that it supported the migration from the previous hardware-based authentication, Swivel Secure also provided the council with tokens, for those who wanted to continue with this familiar method of authentication. The mobile app has, however, proved popular and there has been a high level of uptake from employees using their own or their company mobile phones to authenticate.
Leicestershire County Council currently operates on 2,100 licenses and has plans to roll out the use of the Swivel Secure mobile app further over the coming year to meet its flexible working objectives.
The number of users requesting remote access has increased by over 200 since the deployment started and over 150 additional tokens have been deployed. This immediate growth has been fuelled by the lower cost of the AuthControl Sentry®.
Why Swivel Secure?
The council provided the following reasons for selecting the Swivel Secure authentication platform:
- The lower total cost of ownership; as the Swivel Secure mobile app works with all mobile operating systems, the council was able to leverage an existing base of employee mobile phones to provide secure network authentication, without incurring the additional costs associated with traditional token-based deployments.
- Flexibility; Swivel Secure is flexible by design, enabling the council to scale network and application security to meet constantly evolving requirements. Swivel Secure enables different parameters to be defined for different users within an implementation.
- With the rapid scalability of the product; new users can be quickly and easily provisioned.
- With the responsiveness of the Swivel Secure support team; issues are resolved quickly and effectively
Business Benefits
The council has reported the following business benefits since using AuthControl Sentry®:
- The Swivel Secure solution has provided savings of £130k on authentication over the first 3 years of the contract compared to their previous authentication provider.
- 50% of remote users have adopted the Swivel Secure mobile app with positive feedback on user experience.
- A good working partnership has been established with the team at Swivel Secure, who have been approachable and helpful throughout the process.
- Authentication appropriate to access rights. AuthControl Sentry® enables the council to assign ‘risk-based’ authentication levels to employees meaning only authorised employees can access certain areas of the network.
- AuthControl Sentry® is simple to integrate with the new remote access solution and is flexible enough to be adapted to secure the new VDI.
“We are very happy with our decision to implement the Swivel Secure authentication solution, which has helped us to cut costs. The mobile app solution is user friendly and has given us the flexibility we needed to offer for secure remote access. The level of service and support that we receive from the team is excellent.”
Manjit Singh Saroya, at Leicestershire County Council