RSA Security`s SecurID reinforces financial service provider`s strategic security policy, comprehensively protects customer policy and personal data
Furthering both the protection of sensitive customer data and its local reputation as one of the most security-conscious financial service providers, Liberty Group has gone live with RSA Security`s SecurID two-factor authentication solution.
The project - the first stage of a potential foray into an extremely comprehensive security deployment - focuses on securing access to application, database and legacy systems which house Liberty`s customer policy, financial and personal data.
"Security, especially when it concerns sensitive customer information, is of absolute strategic importance to us," explains Trevor Williams, head of information security at Liberty.
The company recently conducted an initial vulnerability assessment. Williams says it became clear that username and password access were not strong enough to protect the group`s mission-critical applications and the sensitive information they contained.
"As a result, we issued an RFP [request for proposal] that took multi-factor authentication and authorisation into account," he says. "We also placed strong emphasis on a solution that was scalable, able to interoperate with legacy back-end systems and capable of securing Web-based applications in the future."
The result was the selection of RSA Security`s two-factor authentication solution, SecurID, deployed and supported by one of the company`s local value-added resellers, Nanoteq.
Authentication and authorisation are at the very heart of the rapidly growing information and system security market. Authentication provides an almost watertight means of ensuring that users are who they say they are; authorisation ensures that they have the right to conduct the transactions they request. "The most effective approach to authentication combines something that a user has (in this case, a SecurID token) and something the user knows (a password or personal identification number) - hence `two-factor`," explains Peter Burgess, territory manager for sub-Saharan Africa at RSA Security.
"The SecurID token, no larger than a key fob, is synchronised with a software server that resides on the customer`s back-end system. Together, they generate a new pass-code every 60 seconds.
"The combination of this dynamically-changing pass-code, a user-identified PIN and a solid back-end server means that SecurID can very effectively authenticate a user requesting access to a protected system or application." So far, more than 500 SecurID tokens have been issued to the Liberty Group head office staff who access - and have rights to update or make payments from - the mainline business application system.
"By targeting these users we have addressed our immediate security needs - after all, they are the ones with powerful authorisation on the system," says Williams.
Williams says that plans may be afoot to offer two-factor authentication to all users and, as part of the expanded drive, to other mission-critical applications within Liberty Group.
"We have strategic investments in solutions from the likes of Oracle and SAP," he says, adding that it`s in the company`s plans to evaluate technologies that can be used to provide widespread yet secure access to those applications. Public key infrastructures (PKIs) - another one of RSA Security`s key solution areas - could be one of the ways that Liberty Group addresses this issue.
A PKI is widely accepted as the de facto standard for implementing an e-security solution, including the management of digital certifications and identities, and ensuring that online transactions and communications are legally binding. Williams, however, says that Liberty Group`s future plans are still under development. He does add that information and system security will remain a strategic issue that a great deal of corporate attention is paid to.
"If you look at the services companies like ours are trying to offer customers - 24x7 access to information, high levels of uptime and great availability - then there`s no way that technology and security can be ignored."
Share
Editorial contacts