Rolling out an easy to use SMS authentication solution to protect a local government VPN and Public Services Network.
North Yorkshire County Council is an elected assembly of 72 councillors that provides a wide range of public services to around 600,000 people living in over 250,000 households in North Yorkshire. It is a ‘top-tier’ council and, as such, provides important local services including education, social services and road maintenance.
The council opted to move away from a managed service provider that provided two-factor authentication (2FA) over a virtual private network (VPN), to DirectAccess, a VPN-like technology that provides intranet connectivity to client computers when they are connected to the Internet.
Due to the sensitive and often confidential nature of the information held by the council, it was fundamental that the network was protected from any kind of unauthorised access. As the council’s network was used not only by employees but also by around 300 external third party users, such as school staff, a two-factor authentication solution for the government network was an essential requirement.
The council also needed to ensure that it was meeting the compliance requirements of the Public Service Network (PSN). The PSN is the government’s high-performance network, which is used by a number of government departments. It is a shared network, so the security of anyone connected user has the potential to affect the security of all others and, ultimately, the network itself. It was therefore fundamental for the council to demonstrate that its security arrangements, policies and controls were sufficient in order to gain a PSN compliance certificate.
The council had previously used a token-based authentication solution to protect its VPN but was keen to reduce costs by eliminating the need for hardware and the logistical difficulties of administering tokens. North Yorkshire County Council needed a cost-effective solution that could provide the necessary flexibility.
After evaluating several solutions, the council decided to implement Swivel Secure’s multi-factor authentication platform, from global network security solution provider Swivel Secure. The solution was implemented in March 2015 with the support of a reseller, Axial Systems, one of the UK’s leading independent IT value-added resellers and solution integrators of network and security solutions including professional services.
The Swivel Secure authentication platform offers the widest choice of authentication options available on the market. The council chose to use the SMS deployment option.
The Swivel Secure SMS solution for one-time code (OTC) delivery is simple and easy to use. One-time codes can be delivered on-demand, automatically after every authentication attempt, or in batches.
The OTC is presented in a different channel from where it is entered as part of the normal application login process. Swivel Secure provides a range of configurable SMS-based options and the format and content of these messages can be customised.
The council opted to integrate the SMS option with PINsafe. The OTC PINsafe® process combines the use of a registered PIN with ten-digit security strings that are sent to the user. The user then combines these in their head to work out a unique OTC. For example, if the user has a PIN of ‘1370’ the user would enter the first, third, seventh and tenth digits from their security string.
This is a unique feature which differentiates Swivel Secure from other authentication technologies and ensures that the user’s PIN cannot be compromised by phishing, keylogging, man-in-the-middle and shoulder surfing attacks.
North Yorkshire County Council currently operates on 3,000 licences. Many of these will be used for a planned Citrix roll-out for the council’s employees, which allows users to access the network via home devices with a Citrix desktop. The council will authenticate these devices with Swivel Secure’s SMS and mobile app deployment options.
Why Swivel Secure?
The council provided the following reasons for selecting the AuthControl Sentry®:
- Cost. The solution is designed to keep implementation and management costs as low as possible. As Swivel Secure’s platform can be tailored to suit any remote access environment, together with the individual requirements of each user, it allows enterprises to define and employ numerous user authentication policies, which can all be managed centrally.
- The flexible and scalable nature of the platform which allows it to be easily tailored for individual needs. Some of the users were not equipped with smartphones, for example, ruling out several tokenless deployment options.
- The simple and user-friendly interface which can be integrated easily with existing IT infrastructures and adopted quickly by users.
Following a smooth implementation of the Swivel Secure’s authentication platform, the council has enjoyed a number of
Paramount in the council’s decision to employ a multi-factor authentication solution was the need for the personal data that it manages to be safe from the attentions of data thieves. Since the solution has been implemented there have been no known security breaches or loss of data.
Substantial reduction in costs.
The council has enjoyed significant financial savings by opting to move away from its former managed service to the Swivel Secure authentication platform.
…and convenience for users by removing the need for physical tokens, ensuring that access to the network is never hampered by misplacing tokens.
The Swivel Secure solution offered equivalent, or greater, functionality than many of the solutions that we considered, but at a much more attractive price. The implementation was managed very smoothly by the teams at Swivel Secure and Axial and we have had no support issues since. The scalability and flexibility of the Swivel Secure authentication platform is ideal for any organisation looking to accommodate remote users.
Gavin Booth, Telecoms Service Provider, North Yorkshire County Council
When it came to meeting the council’s requirements, we weren’t surprised that Swivel Secure was their solution of choice. Swivel Secure has the full range of deployment options covered, with a flexible and scalable platform which allows it to be easily tailored for individual needs. We look forward to continuing our work with Swivel Secure in the future.
Nathan Spendelow, Senior Account Development Manager at Axial Systems