Case study: SecurEnvoy helps charities get movingsecurenvoy 17/09/2010, Archive
Most companies believe their business performs a service that’s valuable and important. But when it comes to charities, their business can literally change lives.
The Prince’s Trust and Save the Children are two of the most committed and respected charities in Britain. The Prince’s Trust is the UK’s leading youth charity. It gives practical and financial support, developing key workplace skills such as confidence and motivation. The UK branch of the international charity, Save the Children, works to ensure children receive adequate healthcare, food, education and protection.
Both charities faced significant challenges when expanding their operations and mobilising their workforces. The Prince’s Trust holds highly confidential and sensitive information about the young people that it works with. The security of this data is paramount but can be difficult to manage. The Prince’s Trust has commitments across the length and breadth of the UK, presenting challenging logistical considerations for a charity headquartered in London, with 350 remote employees who need to gain access to centralised IT systems from different locations on a regular basis.
Save the Children’s diversified geographic spread presents some challenging logistical problems for the Global Information Systems Department at its London base. Aid workers are based in remote areas of Africa, Asia and South America. Security however, is always a big issue as more employees need to gain remote access to centralised IT systems, which presents an increased need for robust security.
Single-factor authentication uses only a single password to access classified data and networks, so it’s not the most secure option. It’s all too easy for staff to leave passwords lying around for unauthorised eyes, leaving the door wide open for opportunistic hackers. But a more advanced solution could mean boundless costs and a complicated system overhaul.
SecurEnvoy, the inventor of tokenless two-factor authentication, offered both charities the perfect cost-effective solution in the form of SecurAccess. Using the SMS feature on mobile phones, SecurEnvoy transforms any mobile phone into a virtual authentication device. Organisations can easily implement high-security remote access for all their users with a mere touch of a button, which sends an authentication code via SMS. There’s no need for additional hardware such as tokens. This also makes SecurAccess a much greener alternative, as it has one of the smallest IT footprints on the market.
The solution proved hugely successful for The Prince’s Trust. Matthew Brentnall, senior head of IT for the Trust commented: “SecurAccess was the best system for us as it wasn’t as costly as the competition and was much easier and faster to implement. Also, unlike token-based security solutions there is no risk of employees forgetting or loosing hardware tokens. Using their mobiles, which staff always have on them, seemed like a great idea and the best process for us.”
SecurAccess also allows remote staff to use pre-loaded passcodes, meaning SMS delays and network coverage blackspots will not prohibit users authenticating. “SecurAccess gives us ultimate piece of mind – our employees can safely connect to our network, rather than prying hackers, which would be disastrous to our organisation,” Matt added.
The Prince’s Trust’s staff can now rest assured that they can access crucial information easily and reliably with SecurAccess and their mobile phones, wherever their work takes them.
Andrew Brenson, acting Chief Information Officer for Save the Children UK, also quickly realised the benefits that SecurAccess offered: “I was concerned the reception available to our staff in some locations would mean they were unable to access the authentication codes. If you’re in the middle of Africa and you try and log in you need to have a robust system of receiving the one-time passcode for safe access.”
Andrew continued: “When I considered that the majority of staff had mobile phones already, and could receive the one-time authentication code, it made sense to adopt the SecurAccess system.”
Most authentication systems work with passcodes that require a real time active GSM connection with no delays, which creates a problem for people working in remote locations and other places with limited mobile reception. But SecurAccess allows aid workers in the field to use pre-loaded passcodes. The next required code is sent during the previous authentication. So, the passcode stays on the phone until it is needed, doesn’t expire and works even without mobile reception.
Both charities are now able to rest assured, safe in the knowledge that no matter how dispersed their workforce may be, their security will remain intact.