Oxygen Secure Systems Utilizes
When Rotherham Council wanted to improve productivity and work/life balance for its employees by enabling them to work from home, or other locations outside the office, it knew security and cost would be the two main impediments. RBT (Rotherham Brought Together), a joint venture between British Telecom & Rotherham Metropolitan Borough Council to provide IT Services to Rotherham Council, was tasked with finding a secure and cost-effective solution, and to have it up and running within six months.”Rotherham Council knew that there would be many benefits for its staff if they could work from outside the office, including enabling single parents to spend more time at home, but also understood that it could only provide this functionality if it could guarantee that no unauthorized users would be able to gain access to its network,” said James Clifford, Senior Network Specialist, RBT (Connect) Ltd. “Rotherham Council would only approve the project if RBT could find a secure authentication solution that would fit within the Council’s budgetary constraints.”RBT began researching available authentication options to secure each end point, including RSA’s SecureID, but found significant stumbling blocks.
“RSA’s licensing model was beyond budget as it required a large initial expenditure and a re-purchasing of tokens every three years,” explained Clifford. “Also, its [Graphic User] interface was overly complicated, and the tokens came pre-initialized creating an undue security risk – as another party would also have a complete list of Rotherham Council’s codes,” Clifford continued. “All in all, RSA was simply too cumbersome to use and too expensive to purchase and run.”Good “Counsel”It was at this time that Clifford spoke with London-based IT Security Specialists, Oxygen Secure Systems. Oxygen suggested that Rotherham consider an authentication solution from CRYPTOCard Corporation. Oxygen explained that CRYPTOCard’s authentication technology did not come pre-initialized, provided high-level security, was ATM-machine simple to use, and compared very favourably in terms of cost with RSA’s solution.
“When Oxygen explained the benefits of CRYPTOCard’s authentication technology, and the high-profile organizations, including NASA, RCMP [Royal Canadian Mounted Police], Deutsche Bank, Google, and Australia Parliament House, that were already utilizing the solution, it sounded an ideal fit for Rotherham Council,” Clifford explained. “But, the key to beginning a pilot program was the significantly-lower upfront costs CRYPTOCard presented,” Clifford continued. “Oxygen also explained that as CRYPTOCard’s tokens utilized replaceable batteries that did not necessitate token replacement every three years, Rotherham Council would not be trapped within an expensive licensing model, enabling it to continue seeing cost advantages over the next few years compared to other available solutions.”CRYPTOCard’s solution couples something in the user’s possession (a multi-function smart card, USB token, hardware token, or software token), with something the user knows (their PIN), to make it simple for Rotherham Council to positively identify all local and remote users attempting to access the network. By utilizing the familiar ATM-style simplicity, CRYPTOCard also eliminates the user resistance usually associated with installing an additional layer of security.
When the user attempts to access the network, the CRYPTO-Admin authentication server generates a one-time password for every log-on attempt, making stolen credentials useless to hackers, and does not transmit the user’s PIN over the wire where it would be vulnerable to ‘sniffer’ technology. Oxygen explained that this system not only guaranteed system security, but also had significant ease-of-use and cost advantages.”By generating a unique password for every log-on attempt, CRYPTOCard not only makes it simple for Rotherham Council’s staff to securely access the network, but by removing passwords from the user, the solution effectively eliminates the significant time and expense associated with resetting forgotten ‘static’ passwords, or having to enforce regular password changes – actually providing institutions with a full return on investment that could be measured in a matter of months,” explained James Cook, Sales Manager, Oxygen Secure Systems.The new authentication technology would make it simple for Rotherham Council’s authorized remote staff to safely access any services from any location through VPN.A Team EffortRotherham Council started working with Oxygen Secure Systems, and after initial testing, was happy that the solution provided the functionality, ease of administration, and price combination it required.
“It was quickly decided that CRYPTOCard provided the ideal balance of security, ease of use, and affordability that Rotherham Council was looking for,” commented Clifford. “It was agreed that the solution would become the standard, and that RBT would install the technology for Rotherham Council with a view to rolling out the technology to other Councils over time.”RBT began by installing an ADSL connection to each remote location, with a Cisco VPN connection back to the head office infrastructure to provide workers with the ability to work from outside the office. British Telecom supplied a 10 meg pipe to the ADSL connections. RBT also installed two Cisco 3030 VPN concentrators, which were purchased at a massive discount due to Rotherham Council’s relationship with British Telecom.
“RBT then worked with Oxygen Secure Systems to integrate CRYPTOCard’s RADIUS server within the Cisco VPN,” explained Clifford. “CRYPTOCard’s solution is basically plug and play, and was the fastest part of the entire project, which only took about month from start to finish.”A Perfect Fit…For Any UserOffering numerous different form factors, CRYPTOCard’s versatile solution has provided Rotherham Council with the simple-to-administer high level authentication it required to enable its staff to work from outside the office, while making it simple for users to utilize the ATM-style log-on process to gain system access from different tokens that best fit their specific access requirements.”The multi-function smart card acts as a physical ID card and provides both physical and network authentication to provide Rotherham Council’s IT staff with 24/7 secure access to both the building and the LAN and VPN,” said Clifford. “Alternatively, as most remote users do not require 24/7 door access, they can utilize the cost-effective keychain token that provides simple secure access without requiring Rotherham Council to purchase readers.”The solution also makes it easy for Rotherham Council to ensure that its list of users is constantly updated to ensure only authorized users can access the system.
To add, remove, or move a user an administrator simply drags a token from one group folder to another – making it easy to provide new staff or temporary users with immediate network access, and just as simple to prevent former employees or temporary users that no longer require access from utilizing the network. The authentication server also enables Rotherham Council to restrict individual Web-based system access down to the page level – allowing users, or user groups, to access appropriate intranet pages, but denying access to areas of the site, like financial or personal staff records, that are not designed for everybody’s use.RBT recently ordered the first 100 tokens, and over the past few weeks have been performing a controlled roll-out. This roll-out is expected to gather significant pace over the coming months and is expected to reach several hundred users by the time it is complete.Authentication as it Should Be: Simple, Affordable, and Highly SecureBy providing the guaranteed system authentication capability Rotherham Council required at a price that fit the budget, coupled with the ease of use its staff requested, CRYPTOCard’s technology has made it simple for RBT to meet the security targets it was set. And Oxygen Secure Systems played a big part in successfully completing this project.
“Oxygen Secure Systems was extremely knowledgeable and has been a great help in installing CRYPTOCard’s authentication solution,” concluded Clifford. “Now, smaller offices with three-to-five people can work from home, which is more convenient for the staff and more cost effective – enabling Rotherham Council to reallocate funds to other needed services,” Clifford continued. “Also, as everybody from IT staff to social workers can now access the system at any time from any location, the authentication solution has not only saved time and bettered service, but has also enabled Rotherham Council to improve productivity and work/life balance for its employees.”