Case study: Token effort at security

19 Dec 2005

Property agency Hamilton Osborne King [HOK] wouldn’t be the first company to see the advantages of broadband but it is definitely mindful of the additional security risks it can bring. It teamed up with Kerna Communications to manage and consult on those security issues, alleviating any potential headaches.

“The dial-up and leased-line connections we had weren’t able to handle the volumes we needed but then ADSL brought a security risk,” Kevin Gregory, associate, business and IT manager with HOK recalls. “We probably wouldn’t have gone through the process without Kerna to hold our hands.”

Kerna recommended that the company run a virtual private network across the ADSL links. The company wanted to ensure that the security system it put in place would act as a basis and not a hindrance for future expansion. Now, as new branches are established around the country, adding them into the network is a matter of plug and play. “So far it’s proved to be very successful,” says Gregory. The firm has offices in Molesworth Street and Dawson Street in central Dublin, as well as branches around the city in Clontarf, Phibsboro, Ranelagh and Blackrock. There are two more offices in Cork and Belfast. “We put Ranelagh and Belfast in this year and it was very straightforward,” he adds.

The technology market is in constant flux so there was comfort to be had in having a partner that was managing and maintaining the infrastructure. “Security changes to much, there’s always a patch for this or a firmware upgrade for that so we needed to have a partner we could rely on to keep us up to date,” says Gregory. “We get briefings and emails on a regular basis from Kerna, so we know what’s going on without having to worry about it.”

As well as protecting the always-on broadband connection, the second consideration in implementing security was that HOK employees have different levels of access depending on their role in the company. When logging on to the network from outside, those levels must still be applied so the system checks that whoever is trying to access the network from outside is recognised – if not, they are not allowed to go any further.

When HOK upgraded its email package to run Microsoft Outlook 2003, the software allowed for easy access to email from outside the company. Gregory decided this needed an extra layer of security and chose to put in place a way of authenticating ‘visitors’ to the network from the outside.

Key to this approach is a password-generating device from the Belgian company Vasco. This provides a one-time random code that users key-in every time they want to see their email when working offsite or from home. HOK now has more than 20 such tokens actively in use within the company and the company expects further adoption in the months ahead.

The emphasis, as before, has been on making the system easy to deploy for HOK. According to Gregory, it was deliberately planned that way so that scaling up to company’s needs won’t be a problem. “We thought this through right from the beginning,” he says. “We don’t need to go back to Kerna – it put the infrastructure in place and the basic administration we can do ourselves.”

Kerna played an important role in this planning stage and Gregory emphasises that at no stage of the process did the company ever push HOK towards a particular product in favour of another. “All along it has been giving us options, different brand names and discussed it but it’s always been up to us to make the decision. It’s a consultative sell – it is there for the long term and it’s very much a partnership approach.”

HOK is using a password generator like this (pictured) to give staff secure access to its network

By Gordon Smith