Chorley Council revamps remote access with SecurEnvoy authentication

Ditches hardware-based tokens

Chorley Council in Lancashire has become the latest council to buy SecurEnvoy's tokenless two-factor authentication system for remote access to after encountering a range of practical and security problems in its longstanding hardware tokens.

Issues with the unnamed implementation, first installed in 2006, included the loss and damage of tokens, which generated replacement costs and added to management overheads, the Council said. Lost tokens also presented a security risk and staff were unable to log on remotely until a replacement token had been received.

The new service-based SecurAccess system would deliver the same authentication to the mobile phones of 250 remote staff using a time-limited PIN code sent via a smartphone app.

"We were experiencing increasing problems around the management of hardware tokens as employees were misplacing them and issuing new ones not only incurred a cost for the tokens themselves but also involved extra administrative costs and time," said Chorley Council's head of customer ICT, Asim Khan.

"SecurEnvoy's two factor solution means that the user can now take control and we confidently expect this to ease the burden on the technical staff," he said.

The fact the technology was packaged as a service meant that migration had been a quick process, he added.

In SecurEnvoy's view, hardware tokens are becoming obsolete for many remote access applications.

"The problem, however, is that when you have any form of hardware token it becomes yet another device to look after and to remember to carry around," said co-founder, Steve Watts.

"Most people will protect their mobile devices more than they would a plastic token as it has a far higher monetary and personal value. We are more likely to leave hardware tokens at home, in a drawer and on the desk, but we carry mobiles everywhere, making them the perfect tool for authentication."

SecurAccess is already in use by a number of UK councils, including Cambridge, Hertfordshire, Dundee, Lincoln, Peterborough, and Kensington and Chelsea.

Tags securitySecurEnvoypublic sector

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Enterprise Virtualisation Security

Deep Security provides a comprehensive Server Security Platform giving organisations advanced protection for Physical, Virtual, and Cloud Servers.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.