Founded in 1998, Motiv is one of a handful of ICT service companies that specialise solely on security. Challenged with complex issues of disclosure and security in a changing digital world, it prides itself on delivering innovative ICT solutions that not only secure its clients, but also support their business. From this vantage point, it is able to comprehend the complete security agenda – from governance risk and compliance to firewalls and secure authentication.
Over the years Motiv has increasingly witnessed authentication become important for protecting networks and data, to the position today where two-factor authentication is an essential component of any security infrastructure.
Motiv’s Information Security Consultant, Bart Verhaar, explains, “I don’t think you can bypass two-factor, or even multi-factor authentication anymore whether its certificates, biometric or even token solutions. That said, while the solution itself could be fantastic, at the end of the day you need something that justifies the expense and considers the needs of the end user. Security only works if it’s easy. If its difficult users are either going to write things down, or circumvent them, and that makes it insecure.”
Two-Factor Authentication – the smart way
A few years ago, Motiv was intrigued when SMS authentication solutions were introduced. This has some intestering advanctages comparing to the traditional hardware time based tokens. The security experts analysed several solutions on the market. Motiv selected SecurEnvoy for soft tokens en sms tokens because the solution is based on pure open protocol standards and the user-friendly experience. The use of open protocol standards makes SecuEnvoy extremely easy to integrate with a high number of vpn solutions and web services which we are managing on behalf of our customers.
As the inventors of tokenless authentication, SecurEnvoy’s solution turns any phone that can receive SMS texts into an authentication token. This in turn allows Motiv’s customers to provide staff with industry standard two-Factor authentication without the pain and cost of deploying legacy hardware tokens.
However, not every one was convinced by SMS tokens, as Bart recalls, “In the past we found that you couldn’t get around hardware tokens because of the question of reliability issues with SMS, unavailable service and even provider issues, etc. However, with SecurEnvoy we have the answer.”
The key strategy to successful use of SMS for delivering passcodes is resolving intermittent network coverage and SMS delivery delays. SecurEnvoy overcomes this by pre-loading one time passcodes (each authentication attempt sends the next required passcode) and with three pre-loaded one time passcodes with each message. In addition to tokenless SMS Two-Factor authentication, clients can opt to use a soft token application, available as a download, and suitable for most types of mobile devices – iPhones, iPads, Android, Blackberry, etc. This gives the end user greater flexibility between tokenless or soft tokens.
Bart adds, “We find that customers don’t just want soft or SMS tokens, they like to be able to have the choice. With SecurEnvoy it’s putting that choice into their hands. Rather than the administrator dictating what is used, the end-users can decide for themselves whether they want SMS, and whether it’s preloaded or on-demand, or to use their Android or smartphone, and they can change by themselves. Whatever they want to use we can support them.”
Cost versus security
As previously mentioned, a key consideration is that the
solution justifies the expense. SecurEnvoy is the perfect example of this.
With hardware tokens, there is the investment in the token itself, the ongoing management of the solution plus the expense of replacing those lost or broken.
With SecurEnvoy, Motiv’s clients buy a licence which is perpetual, an annual fee for support, leaving just the SMS costs to cover. With soft tokens SMS costs are negated, making the solution even cheaper.
Bart recalls, “We have one client that, at a certain time of year, needed to allow employees to log onto its system. As it only needed the ability five times a year alternative token solutions were impractical due to price. Working with SecurEnvoy, we were able to create an offer that made it affordable for this client, we secured the deal, and they secured their systems.”
Customised environments
In addition to user flexibility and affordability, SecurEnvoy is also adaptable to different environments, which is important for Motiv as a managed service provider. SecurEnvoy is happy to work with open standards and this is a unique selling point for Motiv. Bart clarifies, “We have a number of customers with customised environments, where things are a bit different. For example, we’re doing a lot of Juniper solutions, and for some website integrations this can be rather a large expensive project. Instead SecurEnvoy just fits in and, if we find we have an issue, a quick call to SecurEnvoy ensures us that we can go on with the project. Our experience has been that we get all the support needed and problems are resolved really quickly which, I think, is because SecurEnvoy isn’t as bureaucratic as other vendors – where you need to go through a whole lot of different layers of the company. Instead, I have direct contact with people that have the ‘know-how’ of the product and understand why this business is important to us.”
Practicing what it preaches
So convinced by the solution, Motiv even replaced its own legacy hardware tokens with SecurEnvoy’s SMS and soft tokens. Motiv has a variety of users – those that log in every day and those that only log in if they’re ill at home, not dissimilar to its own clients. With a hardware solution it would need to provide every user with a token, instead it only has to cover the SMS charges.
While cost was a consideration, the driver for Motiv to switch to SecurEnvoy was its use of open standards. Bart confirms, “Other two-factor vendors, use their own protocols. With SecurEnvoy, because it’s easy to set up, we could build a managed service around it and, using open standards over the internet, connect our service to our clients’ environments.”
In conclusion, Bart summarises, “SecurEnvoy has a lot of advantages that make it user friendly, cost effective and easy to implement – that’s something that our clients really like. It’s so intuitive, easy to use, and clients can understand exactly how it works. A simple demo and they’re sold. SecurEnvoy really complements our portfolio, especially for our clients looking to access solutions like SSL VPN. When we build a website, for example, it gives an extra layer of security to the solution. It’s been a hit every where we’ve installed it and we have absolutely no reservations in recommending it to our customers.”