Goals: To Leverage Government-Grade Security and Reduce Complexity
The growing risk of costly security breaches prompted a large health insurance company to seek a significant upgrade to its identity management solution. It turned to Axiad IDS to determine how to best leverage proven, government-grade security to comply with HIPAA and Hitech while simplifying deployment, maintenance and management of its system.
The health insurance company envisioned a solution that could combine physical and access control on a single device, increase the overall ease of deployment, administration and support, and work seamlessly with its existing infrastructure. It also wanted to cost effectively replace passwords/usernames with strong multi-factor authentication (MFA), leverage the “optics” of the Federal HSPD-12, and comply with NIST 800-63-2 Level 4.
The Solution: A Cloud-Based Platform with FIPS-Compliant Smart Cards
At each step, the company consulted with Axiad IDS’ team of experts for technical and procedural guidance. First, they chose a smart card-based solution that is one of only two methods meeting NIST 800-63-2 Level 4 authentication requirements — the highest security level available. The company was able to leverage a decade of investments made by the Federal Government into making smart cards secure enough for use by federal agencies.
To best protect its 6,400 users and company data, it opted for a strong MFA solution to be delivered via the Axiad ID Cloud. A virtual private cloud, the Axiad ID Cloud provides an added layer of security because there is no co-mingling of a company’s data with another organization’s data.
The solution included strong authentication to the company’s VPN, Wi-Fi and network, and login via a FIPS-compliant smart card plus an 8-digit numeric PIN, which eliminated the need to change passwords every three months.
The Impact: A Simplified, Cost-Effective Path to Higher Security
The company’s new high-assurance cloud-based system was operational within a day. Complete deployment, integration and rollout to end-users took only six months and cost effectively allowed the company to implement a mix of user credentials. Town halls revealed great satisfaction among users for a simplified and improved experience.
In addition, the Cloud-based solution lowered the company’s up-front investment by working with its existing technology infrastructure / ecosystem – including its physical access system, servers/clients and printers. With the assistance of Axiad IDS, the company benefited from a ‘turnkey’ version of PKI without the complexity of having to design and maintain it themselves.