How Nexus got rid of passwords and chose secure login solution for Office 365 and other systems
Many companies’ IT operations are based too much on manual work. In order to digitize and streamline, they need to stop installing Office by hand on each new computer, upgrade to next-generation IT solutions, outsource, and preferably buy cloud-based services. Today, Office 365 is an attractive option, but how do you choose a cloud service login solution that is both safe and easy to use? “As a security company, Nexus has high demands on secure login solutions to keep unauthorized users out and to protect customers and company data. At the same time, all of our employees around the world, with different prerequisites, must be able to log in to Office 365 at any time, to work as usual. That is why we chose a cloud solution,” says Peter Hellström, CIO at identity and security company Nexus Group.
The challenges for Nexus´ IT department were substantial. As an identity and security company, very high security requirements are imposed. Nexus has many customers with security-critical data and applications, which creates an endless array of issues, as the area is both complicated and complex. “Many still doubt that it is possible to “go cloud” without compromising security. There is a great skepticism about whether data can be protected and users will be able to work as usual,” says Hellström.
The biggest challenge is choosing a login solution, which can handle both ordinary users and administrators who have very critical access rights, while also being both easy to use and secure. Two requirements were indisputable. “The first requirement was to have one login solution for all systems, i.e. all employees have to be able to log in with the mobile phone, and the same goes for administrators who also must be able to use a smart card as an additional security supplement. The second requirement was that the solution could handle both outsourced systems and in-house systems,” says Hellström.
Learn more in our webinar: Find out how to implement 2FA in Office 365
Drop the passwords – choose a mobile solution instead
Decisions were made to stop using passwords when logging in and have the same login method for all systems and applications. Nexus needed to harmonize and handle secure login locally and in the cloud and at the same time find a solution that could also be used for digital signing. In addition, the new way of working would need to simplify employees’ everyday lives. “Today, we use a single sign-on (SSO) solution to all systems, via the Hybrid Access Gateway (HAG) login portal. The login portal manages all systems and applications, including cloud services such as Office 365 and Nexus GO Signing,” says Hellström.
There are several different solutions for authentication on the global market, but most of the solutions only work for authentication or signing. Nexus needed two types of strong authenticators via the mobile phone – a simple push based method where the user approves the login with a fingerprint, face or PIN code – and a method based on one-time passwords (OTP). The one-time password (OTP) is required when the user is in an environment without mobile connection, but still needs strong authentication. The option is then a one-time password that is valid for 30 seconds and that only lets the user access certain selected company resources. “These both methods are in the same mobile application, Nexus Personal Mobile. That it is the same app makes it easier for our users and our administrators to get one solution to maintain. Nexus employees can also use Nexus Personal Mobile to secure their private accounts for example. Google, Microsoft or Facebook. We urge them to think about safety even in their spare time”. Nexus is ISO-certified according to security standard 27001, which also imposes high demands on process and safety. In addition, we needed a mobile solution that works for those on the move or working from home. Mobile First is our motto for all systems, both self-developed and outsourced,” says Hellström.
One ID for everything
Nexus employees are located in 17 offices in 11 different countries. In addition to the mobile ID, must all employees always wear an identity card in the form of a smart card with a visual ID (photo). With the smart card, users enter their respective offices, log in to computers, print (follow-me printing) and sign documents. As some Nexus offices have development departments, the cards also have information about which zones people can access. “Our main focus during the implementation was our own employees, but also customers should be able to access things in our environments in a simple and secure way. The smart cards are safe and help us to give the correct access to the right person,” says Hellström.
Nexus bases all its products and solutions on proven and standardized technology. Everything implemented should be based on secure authentication that can be used smoothly. Customers’ environments are usually as complex as Nexus, which means that solutions must be both integrated and able to combine cloud and legacy solutions. “We at Nexus can offer a comprehensive solution based on a single ID – it´s our greatness and customers notice it when they test our solutions – that’s when we win the deals,” says Peter Hellström.