Deploying a new tokenless 2FA system for a Further Education Institute
The Sheffield College offers a wide range of academic, vocational and work-related qualifications. Around 20,000 students a year, including adults and young people study on full-time, part-time and shorter courses. Its four main campuses located across the city – Hillsborough College, Norton College, Peaks College and Sheffield City College – provide further education provision in partnership with schools, universities and local industries to the Sheffield City region and beyond.
Spread over four campuses across the region, the college staff are often required to work from, and travel between, each location. To ensure business continuity, the college utilised a remote access solution which enabled staff to access their virtual desktops and corporate network whilst on the move. The previous solution deployed a token-based two factor authentication (2FA) platform, which required a new token to be provisioned every time a staff member joined, or a token was lost or stolen. Replacing and provisioning new tokens was not only proving costly but time consuming and a drain on administrative resources.
With the maintenance renewal due, the college took the decision to implement a new tokenless 2FA system which could mitigate the challenges presented by physical tokens. As the college was also updating its remote access solution to VMware View VDI, it was crucial that the new authentication platform integrated with the new version, VMware View 5.1.
To ensure its new remote access solution was secure, the college turned to Nviron, a leading provider of IT infrastructure, networking and security solutions. Nviron is a Microsoft Gold accredited provider of IT solutions to a number of colleges in the UK and was therefore able to recommend an appropriate authentication solution that was cost effective and simple to use.
So confident was Nviron in the suitability of its chosen solution, a tokenless authentication platform from network security provider, Swivel Secure, that it offered the college the option to pilot the solution on a no-commitment basis. As the Swivel Secure platform was replacing an existing solution, the two month pilot period ensured that staff at the college were comfortable with the new authentication process and that it seamlessly integrated with the new remote access solution.
The college selected to implement the Swivel Secure authentication platform –
AuthControl Sentry®, with the additional security level provided by its patented technology PINsafe®. The PINsafe® protocol generates a One-time Code (OTC) each time the user needs to login, thereby ensuring that only authorised users can access the college’s corporate network.
Swivel Secure has been designed to provide its customers with a wide range of deployment options which enables easy and rapid integration within all common network environments. The college selected to configure its system using a combination of the mobile application, SMS and email, allowing staff to choose the option that they deem to be most convenient to them.
The OTC PINsafe® process combines the use of a registered PIN with 10 digit security strings that are sent to the user via their chosen deployment option. The user then combines these in their head to work out the unique OTC. For example, if the user has a PIN of ‘2846’ the user would enter the second, eighth, fourth and sixth digits from their security string.
This patented extraction procedure positions the end user at the heart of the authentication process, since it requires them to be present at the time of login. This is a unique security feature which differentiates Swivel Secure from other tokenless technologies and ensures that the user’s PIN cannot be compromised by common threats including phishing, key logging, man-in-the-middle and shoulder surfing attacks.
Why Swivel Secure?
After undertaking a two month pilot of the Swivel Secure solution, the college rolled it out to 120 users, with plans to extend its use to the rest of its staff (up to 500 in total) by Easter 2013.
The college provided the following reasons for selecting the AuthControl Sentry® platform and PINsafe® protocol:
- The total cost of ownership when compared to other tokenless and token-based 2FA solutions.
- The flexible and scalable nature of the platform which allows it to be easily tailored for individual needs.
- Simple integration with the college’s new remote access solution, VMware View VDI.
- The ease with which the platform can be managed when compared with the administration required for provisioning new tokens
Business Benefits of the Authentication Solution
Thanks to Nviron implementing the Swivel Secure authentication solution, the college now enjoys the following benefits:
- Improved productivity
Staff are now able to connect to the corporate network from any of the college’s campus locations. This has streamlined working processes and allowed staff to work more efficiently and effectively when out of the office. The combined solution enables them to work remotely, securely and productively, as if they are in the office.
- Rapid provisioning of users to access the network
The speed at which new users can now be provisioned to access the corporate network has enabled increased productivity by eliminating the time delays associated with issuing new tokens.
- Significant cost efficiencies
The college is enjoying the cost benefit of deploying a tokenless 2FA platform; it no longer has to manage, acquire, dispatch and coordinate the return of physical tokens.
“When we decided to implement VMware View as our new remote access service we needed a simple cost effective way of integrating a two factor authentication system. Having looked at a few options, Nviron suggested Swivel Secure. Straight away we liked the simplicity and flexibility of the platform and Nviron provided us with a cost effective deal on the license. The system is straight forward to use and administer and we are now looking forward to rolling it out to the rest of our remote access users in the next few months.”
Paul Newell, ICT Systems Manager, The Sheffield College
“The Swivel Secure authentication platform was simple and easy to integrate with the new remote access system the college had chosen. We recommended the product due to its ease of use and management, along with the sensible pricing structure that it offers. We were so confident in the Swivel Secure offering that we saw no risk in offering the pilot trial free of charge.”
Andrew Carty, Business Development Manager, Nviron