GASA BØG GROUP is one of Europe’s leading distributors of flowers and floral products, based in Denmark, with four main disciplines: wholesale, retail, garden centres and young plants. Part of the DLG Group - the 14th largest company in Denmark, GASA BØG GROUP has multiple offices both here, around Europe and the world - including Holland, Germany, England, Poland, Italy and Sweden. It has grown both organically and through acquisition, the most recent being Bøg Madsen in 2012, with the merger expected to be completed by January 2013.
Today GASA BØG GROUP employs approximate 550 people, of which 420 require access to its central data centre. The company has a second, smaller data centre as a back up facility in case of emergency.
The Challenge
As with many organisations, GASA BØG GROUP wanted to provide secure access to its data centre. Previously it had been using a physical token solution for two factor authentication (2FA – the presentation of two or more of three authentication factors: something you own, something you know, something you are) but it was becoming expensive and complicated to control.
A further consideration for GASA BØG GROUP was remote access. It faced a proliferation of devices, in many different locations, that the workforce used to connect to the infrastructure. This could be an internet cafe in Costa Rica where it has an office, corporate owned laptops and even personal devices from netbooks to tablets.
Whatever alternative it selected had to be flexible, secure and ultimately future proof to accommodate technology ‘down the road’.
Jacob Overby, Head of IT and Technical Manager for the group, explains, “The system we had was working fine, in terms of security, however we did have some frustrations - the main one being when an employee started with the organisation. Often the first IT knew about it was when they were in the office and couldn’t gain access to the system. If the person was in the same building it could be resolved fairly easily but if it was in one of the other offices, or even another country, it would lead to delays and frustrations.”
Knowing there had to be an alternative, Jacob started by asking some of his peers how they overcame this scenario, and he was introduced to SecurEnvoy by Rantek A/S
The Solution
SecurAccess from SecurEnvoy allows GASA BØG GROUP to provide remote access, with industry standard 2FA, without the pain and cost of deploying legacy hardware tokens. As the inventors of tokenless authentication, SecurEnvoy’s solution turns any phone that can receive SMS texts into an authentication device.
One key feature of SecurAccess stood out for Jacob, “I had started to look at other solutions, but was slightly concerned that the code was delivered by SMS at the point that the user started to log in to the system. If there was a delay, or the user had poor reception, there could be a problem. Conversely, SecurAccess sends the passcode for the user’s next session as soon as they’ve successfully logged in. This means the user always has a passcode ready to go so, if there is a delay or poor reception, it does not delay the user from gaining access to the system at the vital moment.”
GASA BØG GROUP decided to implement SecurAccess concurrently with its existing token based system, ultimately to help users migrate across, but also to make sure there were no sticking points.
Starting with one office, so assistance could be provided if complications were encountered, users were provided a brief manual explaining the system. As SecurAccess seamlessly integrates with all leading remote access servers and web services the ‘log in’ portal remained the same, regardless of which token was used. This means users were familiar with the process making the migration painless.
Once all users were transferred the expired tokens were collected and returned to Jacob. He adds, “Looking back perhaps we made it more complicated for ourselves, having both options running at the same time, but it was easier for the end user. All in all it took a month to migrate everyone across, continuing company by company, but getting quicker with each subsequent group. In hindsight, we would do it differently. We would start with the trial company and then, having realised there were no complications, we should have switched everyone else over in one day and avoided prolonging the process!”
Looking specifically at cost savings, Jacob finds it hard to quantify the savings made as it’s not a like for like comparison. He explains, “We’re spending about the same on SMS messages as we were on tokens but we have far more users than we had with the previous system as many were not connecting from home or elsewhere. Today it would be far more expensive to use physical tokens.”
For GASA BØG GROUP the driver for change was to enable faster provisioning of users and that has been achieved with SecurAccess. Jacob confirms, “What we have saved is time. If you think about it, with a physical token, when you need to add a new user you have to program the token, you have to put it in an envelope, you have to send it to the user and if they’re not in the same office or country then there’s obviously implications of that. What we also found is that when the token arrived many didn’t work because they’d been damaged in transit and we’d have to start all over again. Today, if we receive a call to say that someone has joined the organisation or simply wants to work from home then, having confirmed it’s okay with the line manager, we provision them and they’re instantly up and running.”
In summary, Jacob concludes, “I believe we not only got a good price, but we also got the better product.