aPersona Adaptive Multi-Factor Authentication Case Study
Challenge – Adding multi-factor authentication for corporate users and mobile users across a myriad of devices and unknown networks without adding steps to the login process. (def. MFA)
Solution – aPersona’s Adaptive Security Manager
Systems Protected – Vista HRMS®
CPC Logistics (CPC) was founded in 1973 by four individuals from diverse backgrounds and experience in private truck fleet operations, truck leasing, and labor law. As a result of strong, steady growth and strategic acquisitions, CPC has grown substantially over the last four decades to become the leading provider of professional driver services for many of the top private truck fleets in North America. CPC is an international organization, headquartered in St. Louis, Missouri with a network of over 20 regional offices strategically located throughout the United States, Canada and Puerto Rico to service its customers. CPC has over 3,000 employees providing its transportation services to customers in over 300 locations across the United States, Canada and Puerto Rico.
CPC utilizes Vista HRMS® Self-Service Security Model to enable employees to access personally identifiable information (PII) from CPC’s internal networks as well as over the Internet.
Knowing that two-thirds of data breaches were due to weak or stolen credentials, and having thousands of drivers and corporate users logging into their systems containing sensitive HR data, the leadership of CPC knew that usernames and passwords alone were not going to be enough to protect their customers.
"Our employees trust us to protect their private information," said Bill Steimel, VP of Information Technology for CPC Logistics. “However, our drivers have very diverse backgrounds and run the spectrum with technical savvy. Requiring complicated, long passwords that must be changed regularly was not the experience we wanted for our employees or drivers. At the same time, we realized that without additional security we could be vulnerable. We thought it was possible that our users used the same password for multiple work and personal applications. With all the breaches across the Internet, we have to assume our users’ passwords could already be known or available to hackers.”
With this user population, hard tokens and downloads were out of the question. The solution had to be simple to setup, easy to manage, user friendly, and cost effective.
Adaptive Multi Factor Authentication – THE SOLUTION
Bill and the IT team at CPC set out researching and vetting available products that met the criteria. Their list became extremely short very quickly as they realized many products claiming to be adaptive were not. The few truly intelligent, adaptive solutions they found were too expensive and too complicated, with one exception. aPersona's Adaptive Security Manager with its behavioral learning, centralized management, rich risk analytics, and affordable licensing fit perfectly.
“We looked at many solutions and ultimately chose the Adaptive Security Manager (ASM) from aPersona,” recounts Bill. “We were already in the process of looking at MFA with products like Microsoft Azure Multi-Factor, DUO Security and @Keeper and found that aPersona had the best combination of functionality, cost and flexibility.”
Once CPC decided on aPersona's Adaptive Security Manager, the CPC team had to integrate it with Vista HRMS®. While aPersona provides multiple deployment options for ASM, CPC chose to run ASM in their own data centers. aPersona and CPC worked with PDS to have ASM installed and integrated as a simple select option within Vista HRMS® as a custom solution/release. CPC simply added the custom Vista HRMS® aPersona Plugin, and with a few clicks, aPersona ASM was enabled for all internal and external employees.
On-Boarding & Operations
The next step was to tune the security policies as ASM began learning the behavior of their users. This was done by setting some ASM security policies to run in monitoring mode for about three weeks while running policies assigned to administrative logins in full active authentication mode. This allowed immediate protection for administrators while the security policies for other users were tuned for the desired user experience and security protection.
“The rich analytics and reporting built into ASM provided extensive visibility into exactly what was going on,” said Bill Steimel. “We could make an adjustment and watch the system learn in real time. We can see every transaction, how those transactions are evaluated, what decisions are made and ASM' rich analytics fully document our security policies for internal and external audit reporting."
Users were on-boarded and learned by ASM in real-time across five different uniquely defined security policies appropriate to their user roles. The on-boarding process was completely seamless and totally transparent to the CPC Vista HRMS® users.
THE WIN FOR CPC LOGISTICS
Peace of mind with a solution that was straightforward to integrate, easy to use, amazingly affordable, and easy to operate and manage were the major benefits for CPC. To add the additional layer of authentication, there was nothing for users to download and nothing they had to do. The product worked just as promised! CPC had achieved their business and security objectives in a very short time frame.
Bill Steimel summed it up this way, “We love that our employees didn’t have to do anything or carry anything additional to be protected. ASM’s simple management interface, ease of integration, built-in analytics, and the lowest TCO made our decision easy. The level of support and responsiveness from aPersona further confirmed we made the right choice.”