|
CRISIL is India's leading ratings, research, and risk and
policy advisory company. Until recently, the company was having trouble ensuring
that its stringent internal guidelines on data confidentiality were adhered to,
as more and more employees globally tried to get access to data from remote
locations.
CRISIL is a part of Standard & Poor (S&P), a global
provider of independent credit ratings, indices, risk evaluation, investment
research and data. It faced security challenges because of access of data by
users across the globe. CRISIL needed a solution that enabled its employees to
securely access business applications remotely. Authentication of employees
beyond a simple username and password was a priority. Most organizations use
passwords as a common form of authentication, making themselves vulnerable to
intruders. In addition, they are also vulnerable to hacking by various methods
such as keystroke monitoring, social engineering techniques or brute force
attacks.
As most of the data accessed was confidential, another level of
authentication through a different access medium was the need of the hour. While
email could be accessed by a simple web-based access, CRISIL decided that for
business applications, a stronger level of security was needed to help protect
its network, as well as help meet increasing regulatory requirements.
|
|
| At
a Glance |
|
Challenges
n
More and more employees globally were trying to get access to data from
remote locations
n
Absence of second level of authentication beyond user ID and password
n
Threat of keystroke monitoring, social
engineering techniques or brute force attacks
Solution
n
RSA SecurID two-factor authentication
Benefits
n
Identity management problem was fully addressed
n
Delivers a more secure environment for employees |
CRISIL started looking at various security options to add
another level of authentication. The organization looked at popular options such
as digital certificates and VPNs. While the first option was ruled out due to
hindrances of software installation at the client side, VPNs were ruled out as
they required a particular port to be opened which would have made CRISIL's
internal network vulnerable.
CRISIL with the help of local integrator, SK International,
decided to implement a combined solution from Citrix and RSA Security's secure
mobile and remote access solution. The company chose the solution because of its
portability, ease-of-use and its overall security protection. It also gave
CRISIL the assurance and security necessary to open its networks to outsiders,
while at the same time, extending to its employees the resources needed to work
and collaborate more efficiently.
The RSA SecurID two-factor authentication solution requires the
user to key in a passcode, a combination of a PIN (something the user knows) and
a one-time-password generated by the RSA SecurID token (something the user has).
The passcode is extremely difficult for an intruder to detect, as it changes
every 60 seconds, creating a unique identity for the user that is valid only for
that particular period of time. The technology is platform independent, which
ensures mobility. The user can access applications securely from any
Internet-enabled terminal, using an RSA SecurID authenticator and the Citrix
Secure Gateway.
RSA Security's integration with Citrix helped enforce security
at three levels-1) the standard user name/password level, 2) domain level
authentication, which is provided by the Citrix Secure Gateway and 3) the user
name and passcode.
"One of the biggest challenges in security is identity
management, which we have successfully dealt with using RSA Security's secure
mobile and remote access solution," says Hiren Shah, chief technology
officer at CRISIL. "The solution has provided us with a means to securely
provide access to business applications both reliably and
cost-effectively."
Sudesh Prasad
sudeshp@cybermedia.co.in Page(s) 1
| 
