Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Secure remote access for global organisation with widespread mobile staff.

InfoSecurity Europe : 22 February, 2008  (Technical Article)
The Save the Children charity secures the access of 4000 worldwide employees to central resources using SecurEnvoy.
Save the Children has over 4,000 employees working in 52 countries. This may not be an unusual scenario considering the global nature of modern business but put into the equation the additional fact that three quarters of its employees are working in some of the poorest, most remote locations on the planet and this throws up some very unique communications challenges.

There are 28 Save the Children organisations across the world that work under the umbrella title of the International Save the Children Alliance. Save the Children UK has a presence in more than 52 countries and, alongside the US, is the largest Alliance member. They currently have 4,000 staff situated all across the world, coordinating emergency relief efforts and helping to protect children from the effects of disasters, both natural and man-made.

Organising and managing this unique work force throws up some challenging logistical problems for those in the communications department at headquarters in London. Without a doubt the introduction of mobile communication devices has really helped the charity. However, this has obviously created the need for greater external remote access to the main IT system, therefore throwing up some important security issues. Andrew Brenson, Head of UK Operations and Communications for Save the Children UK explained the challenge: "Our existing security process used single-factor authentication, which became clearly unsuitable for our needs. We needed to find a way of creating a two-factor system without incurring excessive costs to the charity."

SecurEnvoy, specialists in the two-factor authentication, was able to offer Andrew Brenson the perfect solution called SecurAccess. SecurEnvoy focuses on using mobile phones as a second authentication device. By sending an authentication code via SMS, organisations can easily enable strong secure remote access for all their users at the touch of a button. Andrew had no doubt that this would be a huge advantage, "When I considered that the majority of Save the Children staff had mobile phones already, and were therefore capable of receiving the one-time authentication code, it made sense for me to adopt the SecurAccess system."

But this was not the only benefit that SecurEnvoy brought to the table. With employees bouncing around in Jeeps in far-flung locations the system could not be time-critical. Other authentication systems work on the basis that the passcode 'times out' after a set period, meaning the user has to obtain a new passcode to access the system, which can be an issue for people working in remote locations. With SecurAccess, aid workers out in the field were under no time constraints to use the passcode- it stays on the phone until it is needed. Andrew felt this was further proof of SecurAccess's suitability: "I was concerned that the reception available to our staff in some of these locations could mean that they are unable to access the authentication codes. If you're in the middle of Africa and you try and log into our system you need to have a robust system of sending the one time passcode for them to access".

Brenson is keen to highlight the other benefits that the SecurEnvoy system has brought to the charity. "SecurAccess is different because it's cost effective in terms of the actual hardware. Other options that we looked at needed another bit of kit to carry around, which was expensive and impractical for our staff who, generally speaking, want to carry light. This is a great system because it takes advantage of a device that people have already got."

Remote access to the corporate system is currently available to everyone at Save the Children, but it is not a system that is in place across the board - yet. Andrew is in no doubt that as businesses become more web enabled it is becoming best practice to have two-factor authentication as standard for all employees, regardless of location. Save the Children UK are currently in the process of updated their entire system. As a result of this they have subsequently increased their use of SecurAccess.

Before the introduction of SecurAccess staffs trying to access the system remotely were using the standard name and password login process. But as they develop more web based applications it is Andrew's intention to expand the use of SecurEnvoys technology to take on board other authentication systems that EncurEnvoy offer, such as SecurICE, which offers emergency access for all workers.

The feedback from staff has generally been very positive. There is obviously the obligatory technophobe that doesn't see the need for further security levels. But Andrew was keen to stress that it was unavoidable; once companies introduce remote working systems for their staff they need to make access more secure: "The web is becoming more and more useful, and it does support the mission of our organisation. However, the downside of this is that the internet is a public system. Therefore other people are using it and you obviously open yourself up to security risks. Anything that we can put in place that hardens our security is beneficial to the organisation."

SecurEnvoy adopted the use of SMS in their delivery of two factor authentication as a convenient and secure means of delivering a passcode. Little did they know that this system would be the perfect solution for a charity looking for a secure IT access system for employees scattered across the world, sometimes in the most remote places.

SecurEnvoy is exhibiting at Infosecurity Europe 2008, Europe's number one dedicated Information security event. Now in its 13th year, the show continues to provide an unrivalled education programme, new products & services, over 300 exhibitors and 11,700 visitors from every segment of the industry. Held on the 22nd - 24th April 2008 in the Grand Hall, Olympia, this is a must attend event for all professionals involved in Information Security.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo