For Bev Enke, an infrastructure support specialist in Columbia County, Wis., moving to a two-factor authentication system was simply a matter of adhering to the federal government's requirements for secure remote access over wireless.
Enke says once the county decided to move from its radio modem network and run over aircards, it had to adhere to the FBI's Criminal Justice Information Services (CJIS) security policy for remote access, which requires two-factor authentication.
Two-factor authentication -- which asks a user to present his or her password (what they know) and the unique ID code on the token (what they have) -- provides an extra layer of security beyond the usual password for network access.
To gain approval from the Justice Department, Enke had to map out exactly how the system would work and how remote officers would connect wirelessly. This detailed planning phase made the implementation go smoothly, so officers were up and running within a few months.
Now, the lieutenants, detectives and officers use cellular modems with a Utility Associates booster called the Rocket, which is essentially a wireless hub. The technology was deployed in 40 county squad cars, nine municipality squad cars and two units in the mobile command center. This setup is further enhanced by RSA SecurID tokens, which allow for remote access to the county's server via NetMotion Mobile VPN and Active Directory. Another 11 municipality squad cars will be deployed by mid-March.
"If you're in a situation like they are in the sheriff's department, you'll want something that's always going to be available and reliable," says Ant Allan, research vice president for security, risk, privacy and compliance at Gartner, an information technology research company.
All officers and detectives now use the new system. It offers easier network access and eliminates some of the administrative duties that sheriffs and detectives would normally have to do back at the office.
"It's like night and day," Enke says. "They can receive e-mail out in the cars now, which was something we were never able to do. Now they can spend more time out in the field."
The percentage of organizations surveyed that use just a single password to secure remote access to their intranet
Source: Forrester Research
RSA Secure ID tokens also resolved different compliance requirements for Logan Kleier, information security officer, in Portland, Ore.
The tokens were initially deployed two years ago to comply with the Payment Card Industry Data Security Standard (PCI DSS), which mandates security measures to ensure the adequate protection of cardholder data. This standard covers the secure collection of debit and credit card numbers that are used to pay for on-street parking and other permits.
"It resolved the compliance challenge, which was important," says Kleier. The tokens also provide secure network access for more than 1,000 city workers, all of whom need access to information inside the city's network.
The two-factor method paired nicely with the city's SSL VPN browser-based remote access. "When we switched over from an older remote access, we had a client-based form without two-factor authentication," Kleier says. "Only 200 people were using that, but with SSL VPN and the RSA tokens, we can support over 1,000 users."
Bev Enke, an infrastructure support specialist in Columbia County, Wis., has two pieces of advice for those looking to implement a two-factor authentication system: plan and test. Do the planning up front and test the system once it's in place to see what challenges need to be overcome.
It's also important to have the people who will use the system involved during the testing phase. The other piece of advice: Start with only a few users, rather than bringing everyone on all at once.
Logan Kleier, information security officer in Portland, Ore., agrees, pointing out that every organization needs to consider its users when implementing a solution. Cost is also an important factor.
For example, some systems have low upfront costs and high back-end costs after the first year or upon license renewal. Some two-factor solutions have five-year licenses with significant license renewal costs in year six. "If you don't look at this, you're setting up your organization or successor for a big budget surprise down the road," says Kleier.