Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

SD Worx secures multiple applications with VASCO’s Digipass 300 and VACMAN Strong Authentication

November 2007 by Vasco Data Security SA

SD Worx is an HR services company offering a complete range of services and products relating to the employment of personnel. To serve its 31 000 clients better, SD Worx decided to incorporate the Internet into its client services mix. SD Worx offers in-home developed software packages to its clients so they can pass on their payroll data electronically to the social secretariat of SD Worx. The payroll packages e-Linx and e-Blox are installed on SD Worx servers and are currently being used over the Internet by 6 500 HR-employees.

As the payroll data are being transferred over a publicly accessible network as the Internet, SD Worx realized a need for absolute security and confidentiality.

“Our clients’ HR-staff provides us monthly with necessary and confidential data, so we can do the payroll processing for them,” says Koen Kips, E-infrastructure coordinator at SD Worx. “Because the software packages can be used over the Internet, we need to guarantee an absolutely secure and confidential way of exchanging this information. Besides that, we also want to know who sends us this information, in order to allow us to check whether this person is authorized to do so.”

Security Awareness

SD Worx consulted their trusted IT-partner Telindus to find the ideal way to secure the exchange of these data.

“SD Worx is very security aware,” says Jean Philippe Van Aelst, Account Manager at Telindus. “The data which SD Worx receives from its clients are very confidential and that is why they are also attractive for fraudsters. These critical data magnetize criminals: it works like a red rag on a bull.”

Strong authentication was the right security path to follow for SD Worx. With strong authentication, the user has to authenticate him self through two independent factors. Something you know (a password) can be one factor used together with something you have (a physical device) as a second factor. This contrasts with traditional password authentication, where the user only needs a static password to identify him self. Together with Telindus, SD Worx decided to work with VASCO’s Digipass Strong Authentication and VACMAN Server for Radius.

How does it work?

SD Worx assigns a Digipass 300 to everybody who is authorized to use or enter data into the software packages. To login to such a package, the user needs an Internet connection, a username, a PIN code and Digipass 300. After entering the PIN code (first factor) on the keypad of Digipass 300 (second factor), the device/software generates a unique password. This password needs to be entered into an applet, together with the username, in order to get access to the payroll software.

With a unique password that is generated every 36 seconds, Digipass puts fraudsters out of action. Even if fraudsters can retrieve the password someone used to login, the criminals won’t be able to re-use it, as Digipass produces a new password for every login.

“For Telindus, VASCO is a preferred partner,” says Jean Philippe Van Aelst. “We know their products and technology very well and we were confident that the solution would suit SD Worx’s needs.”

“Two important factors to opt for VASCO were VASCO’s proven track record in the financial world and the ease of use of Digipass 300,” comments Koen Kips. “To know that already a lot of banks used this security solution, assured us of the added value of Digipass Strong Authentication. The easy use of Digipass 300 stimulates its adoption. No technical skills are required to use Digipass 300. Therefore we could distribute it to all kinds of users.”

Digipass secures multiple applications

SD Worx uses Digipass 300 not only to secure the input of data by clients, but also for a number of other applications. Internally, SD Worx employees use Digipass 300 for remote access and to connect securely to the corporate network through a VPN connection. Digipass is also being used to give SD Worx employees access to their web mail.

SD Worx has an eye for the visually impaired

SD Worx tries to set an example for its clients with its own HR vision and policy. Therefore the company takes its social responsibility seriously and offers blind and visually impaired people the same job opportunities as everyone else. For these employees, SD Worx opted for VASCO’s Digipass 300 Comfort Voice. This way, they can securely access the same applications as other employees can.

To assist visually impaired people, Digipass 300 Comfort Voice has extra large buttons and every key press is followed by an acoustic feedback. The calculated unique password is being read by Digipass to the user through a built-in speaker or via a headset. That way the user can insert the password as he or she hears it.

The voice of the end users

Currently, SD Worx has distributed 10 500 Digipass devices and this number grows 500 to 1 000 Digipass every year. “We have never questioned our choice for Digipass and VACMAN in the 7 years we have been working with it. We are very happy with the product and so are the end users,” says Koen Kips. “End users describe Digipass 300 as user friendly, compact and easy to take with you, wherever you go. The hardcover that protects Digipass 300 when it is not being used is been found very utile, like the fact that people can attach Digipass 300 to their key ring. Digipass is also being perceived as very durable: people drop the device, accidentally roll over it with their desk chair... and it never breaks.”


About SD Worx

SD Worx is a HR Services Company that is founded in 1945. Currently, the company has 19 offices in Belgium, Grand Duchy of Luxembourg and The Netherlands and works through partnerships in other European countries. SD Worx employs 1 300 staff, has a customer base of 31 000 organizations and manages the payroll process for over 615 000 employees. The company specializes in payroll administration and personnel management.


Related articles:

See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts