For Loral Skynet, a satellite communications services provider that often stores government-regulated data, user names and passwords weren't enough when it came to authenticating employees and partners accessing the corporate network remotely.
"We have normal business types of data that need to be protected, but we also have data that is more sensitive than a baker's secret. We are talking rocket science," said David
Kurtiak, director and principal engineer, network and computing services, at Loral, based here.
If government data, such as engineering plans for a space vehicle, was accidentally leaked, the company would face huge fines and possible criminal liability charges under federal International Traffic in Arms Regulations, he said.
So Loral turned to Atrion Communications Resources, a Branchburg, N.J.-based systems integrator, to implement a strong authentication solution: RSA Security's SecurID.
SecurID functions like an ATM card, requiring users to identify themselves with something they know, such as a PIN, and with something they have,in this case, a keyfob. Each user is assigned a SecurID authenticator that generates a new code every 60 seconds, which the user combines with a PIN to obtain access. SecurID is used in conjunction with RSA ACE/Server software.
Chris Zimmermann, Atrion security consultant and trainer, said companies want two-factor authentication such as SecurID to ensure remote users have unique identification.
"As companies become more security-conscious, this is becoming the de facto standard for remote access," Zimmermann said.
Kurtiak said ease of use was key when Loral decided on a security solution. "We looked for a solution that would be easy for our users to adopt. User acceptance is usually the most difficult part of any security solution," he said.
Plus, the company had a finite budget for the project, so buying a smart card reader for each workstation was out of the question.
Loral chose Atrion to implement SecurID because it was the most responsive company and "expressed a desire to earn our business and work with us," Kurtiak said. Another draw was that Atrion was a few miles away from Loral, which helps ensure local support.
Initially, Loral rolled out SecurID to about 50 employees, mostly engineers, for VPN access. The engineers readily took to the keyfobs, which became a "nifty thing to have," Kurtiak said.
"The acceptance was just tremendous. It caught on like wildfire," he said.
Loral expanded the SecurID implementation to about 400 users, including sales and marketing staff and executive management, as well as business partners. The company sent out about 120 tokens to partners to access the corporate extranet. Loral also extended SecurID beyond VPN and extranet access to Web-based e-mail.
The solution cut administration costs by reducing the number of calls being made to the help desk because of forgotten passwords, Kurtiak said. Company policy requires changing passwords every month. Often, employees would change their password on a Friday and then couldn't log onto the network over the weekend because they forgot their new password. "Every 30 days, our help- desk calls would spike tremendously," but with SecurID, employees only have to remember their PIN, he said.
Atrion recently helped Loral upgrade its RSA ACE/Server to the 5.0 version from the 4.1 version when it upgraded to Windows 2000 from Windows NT 4.0. The upgrade was a breeze, Kurtiak said. "Our client experienced virtually no downtime in the process," he said.