Reducing risk on access to sensitive data.
2 Factor Authentication
Automotive, Design and manufacture of air suspensions
About the customer: DriveriteAIR Ltd.
DriveriteAIR is a leading international supplier of air suspension Systems. The organisation serves all market segments from the world’s largest automotive companies, truck and bus manufacturers to specialised suspension builders.
As DriveriteAIR extends their partnership program with the leading manufactures in the automotive industry including Renault and the VW Group. In order to work with these organisations DriveriteAIR had to pass their business audit process.
In preparation for this DriveriteAIR requested us to carry out a comprehensive risk assessment of their internal IT systems.
We identified some key issues and recommended solutions;
- • Security around internal access to data and physical access to data.
- • Weak Policy’s and enforcement of these policy’s
- • Authentication levels and classification of data types.
We needed to guarantee any potential new business partner entering into an agreement with DriveriteAIR that the company was able to give them the assurance that first their data exchange was secure and the storage and access to this very sensitive data will be controlled and managed. Based on this requirement we completed the following:
- • We established stronger group policy on their active directory by enforcing and disabling usb access to certain machines, enabling encryption of data and created a user account policy based on a mandatory ‘strong password authentication’.
- • We updated the network and computer policies and updated their internal policy handbook. We held on-site group meeting to make all staff aware of the policy changes, and we continue to update these policies and the users on an annual basis.
- • We implemented *2FA (Two-factor Authentication) across the group.
After addressing and highlighting security risks we successfully implemented 2FA for DriveriteAIR Ltd. To enabled them to demonstrate to any perspective partners that they were secure in accepting sensitive data and have taking the relevant steps to secure the access to this sensitive dataset. Earlier this year September 2014 DriveriteAIR were audited by the VW-group and successfully passed the audit.
What Our Client Said:
Our client told us that the VW-group were extremely impressed at the level of security and data management procedures in operation at DriveriteAIR by ONIT solution.
*By implementing 2FA it was a practical way to add further security to the user logon sequence. Traditional logon method for all local and remote user groups was to enforce the user to enter a password (the complexity of this password depends on your policy). In past this has been adequate but to secure and give confidence to the these bigger players in the automotive industry we need to increase the security level for these partners in three way
- • To show them we have a secure medium to accept there sensitive data
- • To demonstrate that the data stored internally was encrypted and protected
- • On access of this data we must increase the level off authentication.
One of the main concerns around the password policy was that there was no way of telling if the password being used to access sensitive data was from that intended user.
"To put this into perspective password are under attack"
What is 2FA
In essence this process gives an extra layer of security that is known as "multi factor authentication" or “two-Factor authentication” (2FA)
In today's world of increasing digital crime and internet fraud many people will be highly familiar with the importance of online security, logins, usernames and passwords but if you ask them the question "What is Two Factor Authentication?" the likelihood is they will not what it is or how it works even though they may use it every single day.
With standard security procedures (especially online) only requiring a simple username and password it has become increasingly easy for criminals (either in organised gangs or working alone) to gain access to a user's private data such as personal and financial details and then use that information to commit fraudulent acts, generally of a financial nature.
How does it work?
Two Factor Authentication, also known as 2FA, two step verification is an extra layer of security that is known as "multi factor authentication" that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand - such as a physical token, SMS message to the required user.
Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person's personal data or identity.
Using a Two Factor Authentication process can help to lower the number of cases of identity theft on the Internet, as well as phishing via email, because the criminal would need more than just the users name and password details.