Providing versatile authentication for a globally expanding Portuguese legal network
PLMJ is one of Portugal’s leading law firms, renowned for its dynamism, capacity for innovation and quality of service. With a longstanding reputation, built over 45 years in the legal industry, PLMJ deals with the full-spectrum of legal services across a wide-range of specialisms. The firm’s key focus is providing first-class legal services and the best representation for its clients, whilst meeting its ambitions for global expansion and building an international network of partners. Currently, its 200 lawyers, 47 partners, 62 senior associates and 100 support staff work across offices located throughout Portugal; in Lisbon, Oporto and Faro, and in partner offices in Angola, Mozambique, Brazil, Macau, Cape Verde, the Azores, Coimbra, Guimarães, Viseu and Madeira. PLMJ also has representation in principal investment markets, in particular Central and Eastern Europe and China.
Due to the multi-agency and international nature of the practice, PLMJ’s ability to uphold its pledge to first-class legal services is only possible if both its employees and clients have access to information whenever it is needed. All confidential legal documents and other sensitive resources are held in and managed via PLMJ’s online platform, which is remotely accessible by all parties across the multiple jurisdictions. The sensitive nature of the data hosted on the platform, make it essential for PLMJ to have access controls in place to filter exactly what is available to the different parties, as well as ensuring that all materials are retrieved securely.
PLMJ’s main challenge was to guarantee the security of its online platform, beyond the standard username and password approach to authentication. The firm researched the options available on the market but found that the majority relied on a token-based approach, which was simply not a practical option for the firm.
The majority of its employees did not want the extra trouble of carrying a token around, or the additional worry of lost, stolen or misplaced tokens. What was needed was a tokenless authentication approach.
Knowing of its market-leading expertise in tokenless authentication, PLMJ turned to global security solutions provider Swivel Secure. The company has over 14 years’ experience in delivering multi-factor authentication solutions to a portfolio of customers across the world.
Swivel Secure has the widest range of deployment options, according to Gartner, which makes it ideal for all common network environments. As PLMJ staff all use Blackberry devices, the solution was configured to put the devices at the heart of the authentication process with one-time codes (OTCs) emailed to the devices. The firm also chose to implement the Swivel Secure authentication platform AuthControl Sentry® with the additional security level provided by its patented technology, PINsafe®. The PINsafe® protocol generates a OTC each time a user needs to login, thereby ensuring that only authorised users can access the PLMJ online platform.
The OTC PINsafe process combines the use of a registered PIN with ten digit security strings that are sent to the user. The user then combines these in their head to work out a unique OTC. For example, if the user has a PIN of ‘1370’ the user would enter the first, third, seventh and tenth digits from their security string.
This patented extraction procedure positions the end user at the heart of the authentication process, since it requires them to be present at the time of login. This is a unique feature which differentiates Swivel Secure from other authentication technologies and ensures that the user’s PIN cannot be compromised by phishing, key logging, man-in-the-middle and shoulder surfing attacks.
In addition, PLMJ has stated that a huge benefit of the Swivel Secure solution is the ability to personalise the authentication process and establish clear access controls according to the individual end-user requesting the information. PLMJ is able to implement different levels of security for each authentication process, defined by the device used, the IP address, its location or the authorisation level of the end user.
PLMJ implemented the Swivel Secure solution in 2009 with 170 licenses and currently has 270 users. With no reports of incidents since the solution was implemented, the firm has plans to expand the number of licenses as the firm continues to grow. The firm states that Swivel Secure’s ease of use and the option to have multiple integrations have been key benefits.
We chose the Swivel Secure solution AuthControl Sentry® because no other company could offer anything remotely similar. The AuthControl Sentry® platform was unique and innovative. We have used Swivel Secure since 2008 to access our applications. For the IT department, it is a secure solution, with low maintenance and support costs. For the end-user it is extremely easy to use and ensures the high levels of security that are required in our type of work. In addition to providing secure access to our online applications, we can also define different levels of access, adapted to our needs, which is a great benefit to us.
Ricardo Negrão, Support Director, PLMJ