Previous Articles >> On the Move Network security: World is the perimeter

Related Articles >> Zenith computers get Norton inside It's important for us to come out in the open' Cell phone coverage gets closer to border

CRISIL is India's leading ratings, research, and risk and policy advisory company. Until recently, the company was having trouble ensuring that its stringent internal guidelines on data confidentiality were adhered to, as more and more employees globally tried to get access to data from remote locations.

CRISIL is a part of Standard & Poor (S&P), a global provider of independent credit ratings, indices, risk evaluation, investment research and data. It faced security challenges because of access of data by users across the globe. CRISIL needed a solution that enabled its employees to securely access business applications remotely. Authentication of employees beyond a simple username and password was a priority. Most organizations use passwords as a common form of authentication, making themselves vulnerable to intruders. In addition, they are also vulnerable to hacking by various methods such as keystroke monitoring, social engineering techniques or brute force attacks.

As most of the data accessed was confidential, another level of authentication through a different access medium was the need of the hour. While email could be accessed by a simple web-based access, CRISIL decided that for business applications, a stronger level of security was needed to help protect its network, as well as help meet increasing regulatory requirements.

CRISIL started looking at various security options to add another level of authentication. The organization looked at popular options such as digital certificates and VPNs. While the first option was ruled out due to hindrances of software installation at the client side, VPNs were ruled out as they required a particular port to be opened which would have made CRISIL's internal network vulnerable.

CRISIL with the help of local integrator, SK International, decided to implement a combined solution from Citrix and RSA Security's secure mobile and remote access solution. The company chose the solution because of its portability, ease-of-use and its overall security protection. It also gave CRISIL the assurance and security necessary to open its networks to outsiders, while at the same time, extending to its employees the resources needed to work and collaborate more efficiently.

The RSA SecurID two-factor authentication solution requires the user to key in a passcode, a combination of a PIN (something the user knows) and a one-time-password generated by the RSA SecurID token (something the user has). The passcode is extremely difficult for an intruder to detect, as it changes every 60 seconds, creating a unique identity for the user that is valid only for that particular period of time. The technology is platform independent, which ensures mobility. The user can access applications securely from any Internet-enabled terminal, using an RSA SecurID authenticator and the Citrix Secure Gateway.

RSA Security's integration with Citrix helped enforce security at three levels-1) the standard user name/password level, 2) domain level authentication, which is provided by the Citrix Secure Gateway and 3) the user name and passcode.

"One of the biggest challenges in security is identity management, which we have successfully dealt with using RSA Security's secure mobile and remote access solution," says Hiren Shah, chief technology officer at CRISIL. "The solution has provided us with a means to securely provide access to business applications both reliably and cost-effectively."