Using Swivel Secure’s PINsafe® protocol to provide 2-factor authentication for Sanitas Health.
Sanitas is a leading health care provider in Spain. Across its network of hospitals and clinics, it provides a personalized health service together with various insurance policies for its clients. Besides its five private hospitals, the company has invested in more than 800 medical centres and clinics in Spain where patients can receive treatment. Sanitas is a member of Bupa, an international health care group which operates in more than 190 countries around the world. This group has no shareholders, which means that all profits are invested in substructure improvements such as hospitals and new technologies in healthcare. Today Sanitas has more than 9,000 employees and 2.4 million clients.
In order to operate over such a vast network, remote access to all information stored on the corporate network has become a vital necessity. Sanitas uses the Citrix Access Gateway portal and needs to be able to provide its employees and commercial delegates who work remotely, with flexible and secure access to information stored on the virtual private network (VPN).
Given the sensitive nature of the data that is contained on the systems, such as patient records, it was crucially important for Sanitas to ensure that only authorised parties were accessing the VPN.
To coordinate the implementation and adoption of an authentication solution amongst such a large employee base, Sanitas required a solution that would not only guarantee strong security but also provide flexibility and ease of use.
Faced with this challenge, Sanitas approached Comparex, a global IT provider that specialises in license management, software procurement and technical product consulting. Comparex considered the requirements set by Sanitas and recommended Swivel Secure’s authentication solution – AuthControl Sentry®.
Swivel Secure’s multi-factor authentication solution presents the user with a challenge, checking their response is correct before granting network access. The company has over 14 years of experience in delivering authentication solutions to a wide variety of customers, including UK NHS Trusts.
As a flexible authentication platform, Swivel Secure offers the widest range of user deployment options according to Gartner and enables companies to assign an authentication level to each member of staff, meaning only authorised employees can access certain areas of the corporate network – a key requirement for Sanitas.
Recognising Sanitas’ need for flexibility and adaptable authentication, Comparex also recommended Swivel Secure’s PINsafe® protocol, which offers an additional level of security, without compromising usability.
PINsafe®, Swivel Secure’s patented One-time Code (OTC) extraction protocol, generates an OTC each time a user needs to log in, thereby ensuring that only authorised users can access the virtual network.
The process combines the use of a registered PIN with a ten-digit security string that is sent to the user. The user then combines these in their head to work out a unique OTC. For example, if the user has a PIN of ‘1370’ the user would enter the first, third, seventh and tenth digits from their security string. The PIN is known only by the user and is never entered at the time of login. This method guarantees that the authentication server can never be compromised by known threats such as phishing, keylogging or hacking and mitigates the threat of man-in-the-middle and shoulder surfing attacks.
Sanitas opted to implement PINsafe® across multiple devices, so as to allow its employees greater flexibility in how they choose to authenticate.
Sanitas chose PINsafe’s browser implementation via TURing image, which incorporates the security string image within a login dialogue. Swivel Secure offers a variety of customisation options such as different fonts and backgrounds to make the TURing image more resistant to optical character recognition attacks.
In addition, Sanitas employees can also authenticate via the PINsafe® mobile app, which delivers an OTC directly from the Swivel Secure server to their mobile devices – enabling users to authenticate even during a prolonged lack of network coverage.
Sanitas’ previous solution authenticated via a mobile application, however, AuthControl Sentry® offered superior security and flexibility, providing Sanitas employees with the option to authenticate from their browser, with further authentication options such as tokens and SMS, available if required.
The solution was implemented in 2013 and at this time, its 1,000 remote users are authenticated via Swivel Secure’s PINsafe® solution. Moving forward, Sanitas intends to implement AuthControl Sentry® in different portals so as to allow access from VDI desktops too.
Why Swivel Secure?
Sanitas provided the following reasons for selecting the Swivel Secure’s authentication platform and PINsafe® protocol:
Sanitas’ helpdesk technicians only required two days of training to learn how to manage Swivel Secure’s authentication platform – AuthControl Sentry®, ensuring no disruption to Sanitas employees.
The ability of AuthControl Sentry® to allow employees to securely access the VPN when working remotely and at other locations across the healthcare network.
Swivel Secure offers a range of deployment options that can be adapted to meet the differing requirements of the end-user.
Paramount in the deployment of a multi-factor authentication solution was the need for personal data to be only accessible by authorised personnel and to protect against data breaches.
The Swivel Secure solution proved to be quick to implement and easy to use. Within two days, it was completely integrated and in just two weeks all end-users had been able to gain access secure to the VPN without any difficulty. The support provided by Comparex and Swivel Secure exceeded the expectations of Sanitas and the company is now considering the possibility of increasing the number of its users.
We are very happy with AuthControl Sentry®. The implementation process was managed efficiently over a two day period, with intuitive training that ensured minimum disruption to our users. The whole system has succeeded in meeting the needs of Sanitas for strong and flexible security.
Mayte Mompean, Technical Consultant, Sanitas