Lower costs and greater efficiency with mobile authentication

Stockmann integrated strong SMS authentication with VPN access to provide an intuitive, administration-free, and tokenless two-factor authentication for its mobile workforce and partners.

“We wanted an intelligent way to overcome the cost and delay issues in delivering hardware tokens to the fast growing remote users of our confidential data.”
-Tapio Tiittanen, IT Manager, Stockmann

Stockmann is a Finnish listed company engaged in retail trade. The company was established in 1862 and has around 44,000 shareholders and nearly 15,000 employees. Three business divisions include the Department Store Division and the Lindex and Seppälä fashion chains. The retail fashion units operate in Finland, Sweden, Norway, Russia, Estonia, Latvia, Lithuania, the Czech Republic, Slovakia, Ukraine and Saudi Arabia. Stockmann's distance retail business in Finland operates under the Hobby Hall and Stockmann brands.

With several subsidiaries and departments stores, Stockmann employs a mobile work force. It manages remote users not only internally, but also through subcontractors who require access to head office infrastructure via Virtual Private Network (VPN) remote access.

No Silver Bullets

Up to 2009, Stockmann used Cisco Remote Access VPN, which was exclusively bundled with RSA SecurID token authentication. While the use of RSA SecurID tokens proved feasible in the past, the growing number of mobile workers, partners and off­-site employees drove administrators to seek more agile and cost-e­ffective authentication methods. In today's networked business environment, a single authentication mechanism could no longer serve as a silver bullet.

Stockmann needed to find a supplementary two-factor authentication method that was at least as secure as the existing RSA solution, but did not create similar administrative overheads. Since hardware tokens were still the preferred choice of authentication for some Stockmann remote accounts, any new solution had to support the concurrent use of token authentication. Moreover, as the new authentication mechanism would be introduced to hundreds of remote accounts, deployment issues such as end-user training could not be overlooked.

The use of SMS text messages appeared to be the fastest and most convenient mechanism for delivering tokenless authentication, but Stockmann had concerns about the reliability of SMS delivery. With sites and users in many countries, services such as comprehensive reach, low latency, and guaranteed delivery could not be compromised and the choice of SMS authentication provider had to be carefully evaluated. For situations where a GSM signal was temporarily unavailable, a backup procedure was also needed.

Support for Concurrent Authentication Methods

Tectia provided Stockmann with Tectia MobileID, a multi-factor authentication and validation solution designed to support all known remote access services. MobileID was chosen for its proven reliability, versatility, and ability to support the messaging interfaces required for the desired SMS latency and reach. Another key factor that made Tectia MobileID the solution of choice was its ability to support traditional token authentication along with tokenless methods such as SMS. This allowed the customer to continue distributing tokens to employees who preferred more traditional authentication methods.

Tectia MobileID also complied with usability and deployment requirements. The swift deployment of the Tectia solution - or rather the lack of the need for deployment - allowed Stockmann to roll out SMS authentication just minutes after installation.

Required information such as the end users' mobile phone numbers was automatically retrieved from existing corporate directory services. When Stockmann employees authenticate via their remote access services, a PIN code is sent on-demand as an SMS, without any administrative preparations or deployment.

As a backup measure, Stockmann chose to use an automatically deployed one-time password list that could be used if employees found themselves temporarily out of GSM reach.

Proven Benefits

The tokenless approach of Tectia MobileID allowed the Finnish retail chain to reduce the administrative and financial overheads associated with the strong authentication of its mobile workforce and external stakeholders. The company also improved efficiency and enhanced operations by reducing delays in providing secure access to new remote users or business partners.