The Customer
Founded in 1916 as a professional organisation for trained nurses, the Royal College of Nursing has evolved into a successful professional union. For almost a century the RCN has pioneered professional standards for nurses in education, practice and working conditions. Today, as the 'voice of nursing', the RCN has over 400,000 members and a widespread workforce, many of whom work from home or remote locations away from its headquarters in London.
The Challenge
In 2010, a routine audit of the organisation's IT infrastructure identified that additional levels of authentication were required regarding remote access. This would assist the RCN to comply with data protection regulations and security compliance standards; providing better control of network access and protecting confidential personal information of staff and members through firewall control.
RCN Network and Telecoms Manager, Geoff Lewis, explains: "One option we considered was the adoption of an RSA SecurID token based system. However, with a need to improve our compliance and drive down cost, rolling this solution out to over 950+ users was cost prohibitive. We needed something more creative."
The Solution - Virtual Private Network
Geoff engaged with proactive IT service, support and solutions provider, Probrand The solution consists of SonicWall's Aventail SSL Virtual Private Network (VPN), which encrypts data traffic, and strong two-factor token-less user authentication using the Swivel platform.
The team configured two Sonicwall Aventail appliances to provide fail-over as a replicated pair, co-located at separate data centres in Cardiff and London.
Instead of costly ID tokens, Swivel users have a registered four-digit PIN and a random ten-digit security string that is different for each login session. Easy to read by the user, the string is displayed as a masked image using irregular fonts and randomised pattern backgrounds to prevent OCR and screen-crawler malware from capturing it. The string and the PIN are combined to generate a One-Time-Code to authenticate each login session. The security string can be delivered to the user in a variety of ways, using existing mobile phone or Internet technology.
For the RCN, users securely access the network remotely by clicking an 'Aventail' desktop icon and logging-in to an SSL VPN form supplying their everyday log-in details. The user then inputs their 'One-Time-Code' for further authentication and immediate access.
Importantly, a dedicated token is not required.
The Benefits
Geoff Lewis, Network and Telecoms Manager, said: "Fundamentally, we have generated real savings in terms of upfront investment and on-going support costs with a faultless solution that has future proofed the RCN's progressive aspirations for growth, compliance and cost reduction.
"We no longer need to worry about further hardware expenditure if we want to scale the deployment of new remote users. Provisioning a new user is simply point and click through a central management dashboard linked to our Active Directory user database.
"The greater resilience and enhanced business continuity afforded by this truly next generation approach has taken us a step well beyond current standards.
"Change management can often be a concern when deploying new methods or processes of working, however, calls to our helpdesk regarding remote access have dramatically reduced. This is testament to the very user friendly approach the solution provides. Our relatively non-technical home based members of staff have adapted to the new process very quickly."