Tata Steel Europe is Europe’s second largest steel manufacturer. Until now, home office staff, salespeople and IT staff on the road have used a token-based two-factor authentication method to gain remote access to internal company data and services. However, this method was costly: the hardware tokens had to be replaced every three years, which created a great deal of work in terms of registration, shipping and administration. Tata Steel Europe decided to switch to the tokenless two-factor authentication method SecurAccess. Currently, 6,500 employees receive their passcode via realtime and pre-loaded SMS or e-mail.
For the previously used system, the company initially invested in almost 5,500 hardware tokens in the form of key fobs. The responsible IT department then had to configure each token for the specific user, depending on the individual requirements and required services, etc. In order to log into the corporate network remotely, employees needed a personal ID number (PIN) and a one-time passcode (OTP). This OTP was generated by the token and shown on the display. The key fob was essential for remote access: if it had been forgotten, lost or stolen, the user could not gain access to the system.
Mobile devices as a means of access. Besides the employees’ obligation to always carry the token with them, this solution also meant time-consuming work in terms of configuring, replacing and shipping new key fobs. When looking for an alternative, the managers at Tata Steel Europe were assisted by their IT security partner SecureLink. Following detailed research into the options on the market, the company decided to install the tokenless two-factor authentication method. The company was particularly impressed by this system as no additional tokens are needed; instead, the system uses existing mobile devices, such as mobile phones, smartphones, tablets and notebooks.
Flexible login options. Thanks to the flexible options offered by SecurAccess, users can authenticate themselves in a way that is suitable for their current location and the device they are using. Using the standard method, this is done via a one-time passcode (OTP), which is only valid once and is received in real-time via SMS. For staff with poor mobile phone reception at their current location (e.g. in India or China), codes are received that are valid for several days. However, employees without a mobile phone receive e-mails containing codes that can be used for a week. Following successful authentication, remotely-working staff can access the corporate network and internal services, including order systems and inventories. With the recently released SecurEnvoy Server Engine Version 7, Tata Steel now also has numerous SMS gateways with smart routing at its disposal, which expand the global capability of SecurAccess.
“Our administration and maintenance workload has been reduced significantly compared with the previous key fob solution. We also have not had to procure any new devices, as existing smartphones and laptops etc. are used. The cost savings are very obvious. We run SecurAccess from one of our own data center’s and we also have our own gateway for Internet access. The SecurAccess migration therefore went very smoothly, we are very happy with the authentication solution,“ comments Mr. Erik den Hertog, Service Delivery Manager Network Services at Tata Steel in Europe.