Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Multiple application access security for SD Worx

InfoSecurity Europe : 05 December, 2007  (Application Story)
Human Resources company uses Digipass strong authentication solution as part of its overall data security strategy to prevent unauthorised access to sensitive data.
SD Worx is an HR services company offering a complete range of services and products relating to the employment of personnel. To serve its 31 000 clients better, SD Worx decided to incorporate the Internet into its client services mix. SD Worx offers in-home developed software packages to its clients so they can pass on their payroll data electronically to the social secretariat of SD Worx. The payroll packages e-Linx and e-Blox are installed on SD Worx servers and are currently being used over the Internet by 6 500 HR-employees.

As the payroll data are being transferred over a publicly accessible network as the Internet, SD Worx realized a need for absolute security and confidentiality. "Our clients' HR-staff provides us monthly with necessary and confidential data, so we can do the payroll processing for them," says Koen Kips, E-infrastructure coordinator at SD Worx. "Because the software packages can be used over the Internet, we need to guarantee an absolutely secure and confidential way of exchanging this information. Besides that, we also want to know who sends us this information, in order to allow us to check whether this person is authorized to do so."

SD Worx consulted their trusted IT-partner Telindus to find the ideal way to secure the exchange of these data.

"SD Worx is very security aware," says Jean Philippe Van Aelst, Account Manager at Telindus. "The data which SD Worx receives from its clients are very confidential and that is why they are also attractive for fraudsters. These critical data magnetize criminals: it works like a red rag on a bull."

Strong authentication was the right security path to follow for SD Worx. With strong authentication, the user has to authenticate him self through two independent factors. Something you know (a password) can be one factor used together with something you have (a physical device) as a second factor. This contrasts with traditional password authentication, where the user only needs a static password to identify him self. Together with Telindus, SD Worx decided to work with VASCO's Digipass Strong Authentication and VACMAN Server for Radius.

SD Worx assigns a Digipass 300 to everybody who is authorized to use or enter data into the software packages. To login to such a package, the user needs an Internet connection, a username, a PIN code and Digipass 300. After entering the PIN code (first factor) on the keypad of Digipass 300 (second factor), the device/software generates a unique password. This password needs to be entered into an applet, together with the username, in order to get access to the payroll software.

With a unique password that is generated every 36 seconds, Digipass puts fraudsters out of action. Even if fraudsters can retrieve the password someone used to login, the criminals won't be able to re-use it, as Digipass produces a new password for every login.

"For Telindus, VASCO is a preferred partner," says Jean Philippe Van Aelst. "We know their products and technology very well and we were confident that the solution would suit SD Worx's needs."

"Two important factors to opt for VASCO were VASCO's proven track record in the financial world and the ease of use of Digipass 300," comments Koen Kips. "To know that already a lot of banks used this security solution, assured us of the added value of Digipass Strong Authentication. The easy use of Digipass 300 stimulates its adoption. No technical skills are required to use Digipass 300. Therefore we could distribute it to all kinds of users."

SD Worx uses Digipass 300 not only to secure the input of data by clients, but also for a number of other applications. Internally, SD Worx employees use Digipass 300 for remote access and to connect securely to the corporate network through a VPN connection. Digipass is also being used to give SD Worx employees access to their web mail.

SD Worx tries to set an example for its clients with its own HR vision and policy. Therefore the company takes its social responsibility seriously and offers blind and visually impaired people the same job opportunities as everyone else. For these employees, SD Worx opted for VASCO's Digipass 300 Comfort Voice. This way, they can securely access the same applications as other employees can.
To assist visually impaired people, Digipass 300 Comfort Voice has extra large buttons and every key press is followed by an acoustic feedback. The calculated unique password is being read by Digipass to the user through a built-in speaker or via a headset. That way the user can insert the password as he or she hears it.
Currently, SD Worx has distributed 10 500 Digipass devices and this number grows 500 to 1 000 Digipass every year. "We have never questioned our choice for Digipass and VACMAN in the 7 years we have been working with it. We are very happy with the product and so are the end users," says Koen Kips. "End users describe Digipass 300 as user friendly, compact and easy to take with you, wherever you go. The hardcover that protects Digipass 300 when it is not being used is been found very utile, like the fact that people can attach Digipass 300 to their key ring. Digipass is also being perceived as very durable: people drop the device, accidentally roll over it with their desk chair... and it never breaks."

Vasco Data Security SA is exhibiting at Infosecurity Europe 2008, Europe's number one dedicated Information security event. Now in its 13th year, the show continues to provide an unrivalled education programme, new products & services, over 300 exhibitors and 11,700 visitors from every segment of the industry. Held on the 22nd - 24th April 2008 in the Grand Hall, Olympia, this is a must attend event for all professionals involved in Information Security.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo