News
T-Mobile uses SecurEnvoy to provide secure data access for 15,000 employees
February 2013 by Marc Jacob
T-Mobile is the first mobile telecommunications provider to have implemented a new remote authentication solution that utilises mobile telephones. For this, the world-renowned company has put its faith in the expertise of security experts from SecurEnvoy. The company’s SecurAccess and SecurICE solutions are based on the principle of tokenless two-factor authentication. T-Mobile staff will be able to identify themselves from anywhere when logging in using their mobile phone they will use a password and a dynamically generated passcode on the phone. This will ensure highly secure remote access to the corporate network.
T-Mobile is one of Europe’s leading mobile operators. The company wanted to enable members of staff working remotely to securely access corporate resources using a simple method involving their mobile phones. During the assessment phase, SecurEnvoy was quickly identified as the prime candidate, not least because the company became, many years ago, the first provider of solutions based on tokenless two-factor authentication. The use of the SecurEnvoy technology means that users at T-Mobile do not have to carry additional devices with them for identification purposes if they wish to access the corporate network. The only requirement is a mobile phone, which every member of staff generally has with them anyway.
The SecurAccess solution is now being used by 15,000 staff. The users have the choice for either receiving an SMS to the phone or an app for smart devices; this.t transforms mobile telephones into virtual tokens. In addition, 2,000 T-Mobile employees have become the first users of the SecurICE (In Case of Emergency) solution. This is an emergency situation service from SecurEnvoy, via which users can immediately and securely access the company’s network if they are temporarily unable to get to the company’s premises.
Mobile phone rather than a physical token
Instead of using physical tokens or smart cards, T-Mobile staff can now log into the network via SecurAccess using a highly secure two-factor authentication process: the first factor is a password defined by the user and the second factor is a passcode generated dynamically by SecurAccess, which the system can send via e-mail, SMS or an app to the user’s mobile telephone. If the employee wants to log into the corporate network, he or she is prompted to enter both factors. As soon as the passcode generated by the system has been used, SecurAccess then sends a new code to the user’s mobile telephone, thereby ensuring that the T-Mobile employees always possess a currently valid access code for the corporate network. As each employee is the only person that knows their respective two factors, it is ensured that no unauthorised third parties can access the network and remove data.
Regular remote users use SecurAccess whereas office based workers have been registered for SecurICE for use in the event of emergencies or other incidents, such as bad weather or traffic problems, that prevent them reaching work as planned.
Since introducing the SecurEnvoy solutions, T-Mobile has benefited from considerable time and cost savings, as there is no need for the expensive acquisition of additional hardware tokens. And time-consuming training sessions are also no longer required.
