Strengthened Security for Acclaimed Law Firm

Founded more than two centuries ago, Travers Smith is one of the City of London’s oldest and most respected law firms. The firm employs around 250 lawyers working out of offices in London and Paris, and includes 63 partners. The firm is divided into 13 specialist practice areas and has a total staff of over 400. Travers Smith was voted UK Law Firm of the Year in both 2007 and 2008.

The Challenge

The past few years has seen a surge in computer fraud. The simple combination of a username and password is now not enough to vex would-be fraudsters, and today strong authentication is increasingly being seen as the path to having peace of mind. Organisations the world over are working to reduce risk as far as possible, by confirming that users are indeed who they say they are before access to sensitive information is permitted. At the same time, these companies must continue to provide fast and convenient access to corporate systems and information.

Travers Smith wanted to remain ahead of fraudsters by further strengthening the security of their IT estate. The firm focused initially on secure messaging and whole disk encryption, and then turned their attention to enhanced user identity verification – so called two-factor or multi-factor authentication. This combines something a customer knows (such as a user name and password) with something a customer has (such as a one-time transaction password generated by a token or hand held device).

Derek Fox, Network Administrator at Travers Smith, explains: “Security is paramount to protect both staff and clients. We wanted to close as many doors as possible, put extra locks on them and keep potentially unwanted visitors out.” Derek continues: “We had already established a relationship with Gradian through the successful implementation of email and whole disk security solutions; so had a good level of trust built up. We were excited to see what authentication technologies they could introduce us to.”

The Solution

Following a workshop with Travers Smith to fully explore the requirement, Gradian proposed CIDWAY’s authentication solution, a strong two-factor authentication solution based upon the highly secure CIDWAY GAIA platform and the use of CIDWAY SESAMI Mobile based authenticators.

The CIDWAY SESAMI Mobile application is installed directly on the user’s mobile phone or PDA. The user enters a pin into the mobile device and gets a time -based OTP (one time password) that can be keyed into the computer keyboard.

The CIDWAY GAIA Server integrates into an existing network and application environment, taking users from Active Directory and providing support for industry standard authentication protocols, such as RADIUS and Web Services. The web based administration console makes supporting your users simple and straightforward with flexible reporting and auditing.

Results

Ann Cant, Head of IT, says: “Other two-factor authentication solutions we looked at were complex to implement, costly and ran the risk that users would lose the tokens. The biggest thing for us is that we’ve already invested in our BlackBerry estate. We haven’t got to spend a fortune, we’ve just bolted CIDWAY on to an asset we already had.”

The CIDWAY solution can be implemented very quickly with incredibly modest up front costs, by leveraging value an existing investment in mobile phones or PDAs. The fact that the technology is easily scalable means that the pace of implementation is dictated by Travers Smith’s own IT department. David Cassidy, Systems Administrator, explains: The nice thing is we didn’t have to suddenly switch this on. Being able to slowly build up our user base, run a pilot and a staged

An initial pilot of 20 users including nine partners was a huge success, and the firm is now ready to implement the technology across all remote users. Derek reflects: “CIDWAY is incredibly reliable and never let us down” A full roll-out to 200 users will commence in June, and be complete in August.

The technology has made no difference to the end user experience. Access is no more complex than before, but peace of mind has increased. Ann comments: “Our remote access is more secure than ever. CIDWAY technology means the loophole of users knowing other people’s passwords is closed immediately.”

Why Gradian?

• Innovative approach plus standing and experience in internet security
• Ability to present cost-conscious solutions with no compromise to security offered
• Good existing relationship coupled with extensive knowledge of Travers Smith systems and processes

Products & Services

• CIDWAY GAIA Server
• CIDWAY SESAMI Mobile

Why CIDWAY Technology

• Eliminates the need to source, distribute and manage physical tokens
• Unifies OTP token into users existing mobile phone environment
•  Easy integration in any existing corporate infrastructure
• Almost no maintenance needed on server and customer side
• OTP generated without need of mobile phone network
• Time-based passwords