SecurAccess uses mobile phones as a second authentication device for Save the Children
(10/01/2008)

Save the Children has over 4,000 employees working in 52 countries. Three quarters of its employees are working in some of the poorest, most remote locations on the planet and this throws up some very unique communications challenges.

Organising and managing this unique work force throws up some challenging logistical problems for those in the communications department at headquarters in London. Without a doubt the introduction of mobile communication devices has really helped the charity. However, this has obviously created the need for greater external remote access to the main IT system, therefore throwing up some important security issues.

Andrew Brenson, Head of UK Operations and Communications for Save the Children UK explained the challenge: “Our existing security process used single-factor authentication, which became clearly unsuitable for our needs. We needed to find a way of creating a two-factor system without incurring excessive costs to the charity.”

SecurEnvoy was able to offer Andrew Brenson a solution with SecurAccess. SecurEnvoy focuses on using mobile phones as a second authentication device. By sending an authentication code via SMS, organisations can easily enable strong secure remote access for all their users at the touch of a button. Andrew had no doubt that this would be a huge advantage, “When I considered that the majority of Save the Children staff had mobile phones already, and were therefore capable of receiving the one-time authentication code, it made sense for me to adopt the SecurAccess system.”

But this was not the only benefit that SecurEnvoy brought to the table. With employees bouncing around in Jeeps in far-flung locations the system could not be time-critical. Other authentication systems work on the basis that the passcode ‘times out’ after a set period, meaning the user has to obtain a new passcode to access the system, which can be an issue for people working in remote locations.

With SecurAccess, aid workers out in the field were under no time constraints to use the passcode- it stays on the phone until it is needed. Andrew felt this was further proof of SecurAccess’s suitability: “I was concerned that the reception available to our staff in some of these locations could mean that they are unable to access the authentication codes. If you’re in the middle of Africa and you try and log into our system you need to have a robust system of sending the one time passcode for them to access”.

Brenson is keen to highlight the other benefits that the SecurEnvoy system has brought to the charity. “SecurAccess is different because it’s cost effective in terms of the actual hardware. Other options that we looked at needed another bit of kit to carry around, which was expensive and impractical for our staff who, generally speaking, want to carry light. This is a great system because it takes advantage of a device that people have already got.”

Remote access to the corporate system is currently available to everyone at Save the Children, but it is not a system that is in place across the board - yet. Andrew is in no doubt that as businesses become more web enabled it is becoming best practice to have two-factor authentication as standard for all employees, regardless of location. Save the Children UK are currently in the process of updated their entire system. As a result of this they have subsequently increased their use of SecurAccess.

Before the introduction of SecurAccess staffs trying to access the system remotely were using the standard name and password login process. But as they develop more web based applications it is Andrew’s intention to expand the use of SecurEnvoys technology to take on board other authentication systems, such as SecurICE, which offers emergency access for all workers.

The feedback from staff has generally been very positive. There is obviously the obligatory technophobe that doesn’t see the need for further security levels. But Andrew was keen to stress that it was unavoidable; once companies introduce remote working systems for their staff they need to make access more secure: “The web is becoming more and more useful, and it does support the mission of our organisation. However, the downside of this is that the internet is a public system. Therefore other people are using it and you obviously open yourself up to security risks. Anything that we can put in place that hardens our security is beneficial to the organisation.”

SecurEnvoy adopted the use of SMS in their delivery of two factor authentication as a convenient and secure means of delivering a passcode. Little did they know that this system would be the perfect solution for a charity looking for a secure IT access system for employees scattered across the world, sometimes in the most remote places.