As all IT leaders working within the finance and banking space will agree, data security is paramount and there are many knowledgeable people working internally whose sole focus is on mitigating the ever-changing threat bad actors pose.
In our latest use case, we look at how one leading European bank has deployed MyID Enterprise to manage its strong authentication. A solution that continues to ensure the bank’s 12,000 employees can log in to internal systems using cryptographic based two factor authentication (2FA).
In this blog post we’ve taken some of the key points from our European bank use case to outline what IT leaders at similar organisations need to consider for best practice workforce authentication.
Don’t compromise on security
Cryptographic based authentication, using public key infrastructure (PKI), delivers the strongest form of 2FA. However, many organisations may look at other less secure methods for fear of the perceived complexity and cost of deploying and operating PKI. A certificate authority (CA) is required to be setup and managed, and a credential management system is also required to issue keys and certificates to devices, however this does not need to be unmanageable and expensive.
The infrastructure for a small-scale PKI deployment can often be scaled up for wider deployments when integrating the right credential management software. In the European bank use case, MyID utilised existing Microsoft CAs and hardware security modules (HSMs), to provide a best practice authentication system that avoided the requirement to change and invest in new IT infrastructure.
You can achieve 100% workforce deployment
In the case of our European banking customer, a solution that would enable universal adoption of 2FA across employees and contractors was a top priority.
PKI is often deployed in banking and financial institutions albeit across a small section of staff, commonly for the most privileged access users. Many organisations do not consider rolling PKI out across all members of staff due to concerns on how to issue credentials at sufficient scale, and how to manage the lifecycle of devices and certificates in a way that’s simple enough for IT teams and Help Desk staff.
With MyID the European bank knew that they had the software to issue credentials to their 12,000 employees. The user-friendly interface of MyID, together with its capacity to free up IT teams by enabling end users to self-serve by unlocking, updating, and resetting credentialed devices alleviated concerns on the management cost of the 2FA solution going forward. The possibility of MyID to allow the bank to issue credentials to mobile devices, USB tokens, and virtual smart card enabled technology was an added bonus for futureproofing the deployment.
Configurability is key
As we continue to work with many large banking and finance customers across Europe, USA, and Asia we are well versed in the challenges such organisations face, however it is safe to say that no one organisation is the same.
Technology, culture, strategy, IT teams and employees all differ from one organisation to another and so it is important to take an open approach that can best fit the needs of any given customer. MyID is developed to do just that thanks to its extensive interoperability and flexibility.
In our bank use case, the organisation operated with a de-centralised structure and so a configurable credential management software product that would integrate across its HR systems, LDAP and other processes while delegating control was essential.
Invest in a solution that will evolve with your organisation
All organisations evolve over time and so it is important to invest in infrastructure that will adapt and change to your needs. Credential management is no different and with MyID we continue to release quarterly updates to ensure our software meets the needs of customers now and in the future.
In the case of our European bank customer, MyID provided the integrations with existing technology and smart card printing infrastructure that they needed to roll out smart cards across their entire workforce.
Over time, as the requirements change and employees may require different devices such as USB tokens, mobile, virtual smart cards, or FIDO the bank know that with MyID they will have the capacity to evolve their deployment. Equally, if the bank wishes to include partners or suppliers into their 2FA environment they know they will be able to use MyID to achieve this. In addition, as compliance demands change the IT team know they will be able to update and set policies within MyID without any complications.