The UK introduced the Public Services Network (PSN) to cut the cost of communication services across UK government and enable joined-up services. Shetland Islands Council sought to bring remote access to its corporate network up to that PSN standard. Two-factor authentication (2FA) solution was required. From the IT firm Infosec Cloud, the council chose SecurAccess from SecurEnvoy as the software enables secure log-in, without requiring dedicated tokens. The software developer instead uses smartphones. SecurAccess allows users to receive dynamically generated passcodes, for example via SMS, which they then enter besides user name and password to authenticate themselves. Michael Marriott, ICT Team Leader for Shetland Islands, said: “We needed a solution that was quick to implement, easy to use and would become part of the day to day login process of our staff. Taking a tokenless approach has saved us money and means we do not have to manage a physical token inventory.” The council ordered 50 licences for testing, then procured 1300 licences and distributed these to its staff. The district council’s IT department brought in the product as a cloud service with technical support from Infosec Cloud. However, the council was able to do the installation itself and integrated into the HP servers. The product was gradually rolled out over two months.
SMS option
Council staff mainly use the software’s SMS option when logging into the corporate network. Besides conventional login details, they receive the passcode required for 2FA via SMS on their smartphones. By entering this code users authenticate themselves when remotely accessing the authority’s network. The soft token app from SecurEnvoy works in a similar way. Users install the application on their smartphone or tablet and can use this to obtain a QR code. This is then scanned using a webcam on their computer or mobile device, thereby allowing the app to transmit information that establishes the identity of the employee.