Case studies from companies introduced
Indeed Identity to solve the information security tasks.
Biometric authentication by the fingerprint was selected for Bank Saint Petersburg from the wide range of strong authentication technologies supported by Indeed Enterprise Authentication system.
«Each technology has advantages and disadvantages. We preferred biometric authentication because authenticators (fingerprints) couldn't be detached from the user in this case. The fingerprint couldn't be passed to another person and it's falsification is very difficult because of the high level of the modern fingerprint scanners», — Anatoliy Skorodumov explained the choice.
According to the Bank estimations each operation to recovery access to IT systems expects 3-7 minutes from the administrator. Unified biometric authentication introduction into the main systems essentially reduced this time and decreased system administrators work related with password management.
Thanks to strong authentication based on Indeed Identity software the company essentially increased the information security level. We removed password compromising risks and excluded the possibility to guess the password or pass the password to colleagues, to write and save password combinations in notepads, calendar sheets or stickers on the monitor.
The project of strong authentication introduction in Gazprom sera company was implemented using Indeed Enterprise Authentication and Indeed Enterprise Single Sign-On systems. Authentication technology choice was determined by the impossibility to detach authenticator (fingerprint) from the user and by the clear authentication process. Searching the appropriate software, we were considering supported authentication technologies, if it is necessary during the company's information system development.
«Execution of information security rules and requirements became much easier for the users. Now they are not required to devise complicated passwords, regularly change and remember them. Access to PC is strictly limited and available for legitimate users only. Thus, the user gets access only for resources available for him. So, now the employees are not afraid of compromising there accounts», — said Ivan Chernoknizhnikov.
Fingerprint authentication made the users rejection from the performed actions impossible. It simplified the incident investigation if it is necessary.
The company succeeded in solving the password usage problems. Execution of the information security requirements and access regulations was automated and the human factor was excluded from these processes.
To solve the password authentication problems and enhance the employees' identity technology KIT Finance company chose biometric authentication by the fingerprint implemented by Indeed Enterprise Authentication and Indeed Enterprise Single Sign-On systems.
«We’ve built our policy so that all business important automated systems employ enhanced user identity by the fingerprint. This principle is used in ESSO techology that centrally stores all user's passwords in encrypted form. The system retrieves passwords on request only after strong requested user identity», — said Alexey Ivanov.
Fraud and any other actions using other's accounts became impossible when Indeed solutions were implemented. Passwords became more resistant to cracking because of no need to remember the password combinations for users.
Centralized access management process also solved the problems related with account blocking and excluded the costs for reset and changing passwords.
To solve the problems related with the users’ accounts and passwords management, the strong authentication technology implemented by Indeed Enterprise Authentication and Indeed Enterprise SSO systems was introduced in Krayinvestbank company. The contactless smard cards issued to the employees when hiring, were chosen as the autentication devices. It allowed to join logical and physical access and to exclude the necessity of the additional devices purchase.
«We’ve decided to look for the solution that would hide the explicit passwords usage and replace it with something less complex for the users, but more safer for the organization. Finally, this solution was found and passwords stopped to be the users secret and became the secret of the information security system. Now the users can easily forget all their passwords and even not think and worry about them. The employeers don't have necessity to change passwords in each system periodically (as it is required by the inner information security regulatory documents). Passwords are changed automatically according to the schedule», — said Alexandr Sinitsyn.
The users’ accounts and passwords management process related with the employee's career development became absolutely clear. Now the bank security service can quickly determine and configure access to the company information resourses. Moreover, the possibility of the instantaneous access blocking for all systems is appeared.
There is the considerable decreasing of the operational risks arised over the multiple attempts to get access into the third-party systems by the incorrect account data (for instance, into the bank transfer systems). When these systems are blocked, the downtime of the bank subdivisions arises.
To reject the passwords and to solve the problems related with their usage, OKBM Afrikantov company introduced strong authentication technology implemeted by Indeed Identity systems and based on the contactless smart cards.These cards join both the function of the employee's permit and the function of the authentication device to get access to the network and IT resources of the company.
«We’ve equiped each workplace with the contactless smartcards readers. The smartcards are also used as ACS (Access Control System) permits. Contrary to fears their cost was rather inexpensive», — said Yuriy Yurchenko.
Now to get access to the company IT resources the user needs just to put his permit (card) to the card reader and enter the appropriate PIN code. The login is automatically determined. Then access to all IT resources and systems looks completely transparent to the user.
Indeed Enterprise Authentication and Indeed Enterprise SSO systems introduction has provided the company with solving some important Information Security problems. It provided compliance with the information security requirements related with the necessity of regular password changing according to the complexity and uniqueness rules and other access regulations.