Take precautions rather than losing out: This motto is especially true for insurance brokers such as Lockton International. The company not only attaches great importance to this philosophy with regard to its customers, but also with regard to its own IT infrastructure and the access rights for its corporate network. Lockton previously protected its data using a token-based two-factor authentication solution, which turned out to be too expensive. As a result, the company changed to the tokenless method SecurAccess from SecurEnvoy. This combines the entry of personal login details and a passcode, which is sent either via SMS to employees' mobile phones or as an app on their device.
Lockton International can now look back at 48 years in business. Founded in 1966 by Jack Lockton, the company is now the world's largest, privately owned insurance broker and has 64 branch offices in 17 countries. Around 4,950 associates serve more than 35,000 customers in terms of assisting with their risk management. Because of the international network of branch offices, constant exchanging of information and good practices is an absolute must. In many cases, employees also access their data remotely, for example during business trips.
The loss of a token previously meant a loss of network access
Lockton previously used to safeguard network access using the token-based two-factor authentication solution SecurID from RSA. However, this approach proved to be cumbersome and costly over time. All too often the plastic tokens were lost or forgotten. As a result, employees could no longer unambiguously identify themselves, and were therefore denied network access. In addition, each loss required the acquisition of a replacement token and thus additional costs were incurred along the way.
One-off passcodes make logins safer
The management at Lockton were not prepared to tolerate this double burden any longer. While looking for an alternative solution, the employees discovered SecurAccess from SecurEnvoy. What is particularly special about this solution is that it does not require a dedicated physical token. Instead, staff identify themselves using mobile terminal devices such as smart phones and laptops etc. They utilise a six-digit numeric passcode which must then be entered when logging into the network in addition to their user name and password. For added security, the codes are valid only once: As soon as they are entered, the numerical sequences expire and are immediately replaced by new ones. Codes that have already been used are thus ineffective and newly received codes only allow access when the user also enters his/her user name and password correctly.
"Since starting to use SecurAccess, we have benefited from the considerably accelerated incorporation of new users," comments Peter Singleton, Infrastructure Manager at Lockton. "With the previously installed solution, SecurID from RSA, we struggled with the high level of administrative effort required. Since virtually every associate possesses a mobile phone, it is much more convenient for them to obtain the code on this device, which they normally carry with them at all times anyway - as opposed to having to use a plastic token."