The Kraftanlagen Group established itself in the 1920s as a leading German supplier in plant and pipeline construction and today, as part of the French Bouygues Group, is a leading service provider for industry, energy and building technology.
The challenge
The Kraftanlagen Group faces the challenge of guaranteeing its employees secure access to Microsoft 365. A remote access solution poses a security risk, especially for those who work from home or are on the road. Passwords alone no longer offer sufficient security, as frequently used passwords are often too simple or well-known and major password leaks have increased the risk. In addition, traditional password management involves a great deal of administrative effort and security problems, making multi-factor authentication urgently necessary.
"When we first tried out the REINER SCT Authenticator before the launch, we were immediately impressed by how easy it was to use!"
Alexander Siegelin, Head of IT
The solution
In response to this problem, the Kraftanlagen Group has introduced the REINER SCT Authenticator. This device enables two-factor authentication using TOTP without the need for a smartphone. The simple handling of the authenticator facilitated rapid acceptance by employees. In addition, the REINER SCT Authenticator does not incur any running costs and can also be used privately.
The results
By introducing the REINER SCT Authenticator, the Kraftanlagen Group was able to increase the level of security and increase user acceptance among employees. Alexander Siegelin, Head of IT at the Kraftanlagen Group, reports little administrative effort when introducing the authenticator and a very positive response. The solution is not only used to secure access to Microsoft cloud services, but is also part of a future single sign-on system via Azure Active Directory. The REINER SCT Authenticator is already being used successfully for access to the social intranet and will also be integrated for other applications in the future.
Easy-to-implement two-factor authentication for SMEs!
The Kraftanlagen Group needs secure access to Microsoft for its employees Employees who are out on site or working from home use company resources via a remote access solution. The company uses the REINER SCT Authenticator, which allows secure two-factor authentication without a smartphone using a one-time password (TOTP) that is only valid for a short period of time. The solution was quickly accepted thanks to its ease of use and helps to increase the company's overall security level.
Logging on to computers and services with a user name and password is a tradition in companies. However, it has long been outdated. For years, security companies have been publishing lists of the most frequently used passwords - which are always the same or at least very similar. Added to this are the major password leaks in recent years from frequently used online services, the rapid shift of workplaces from the office to the home office and the increasing number of mobile employees with access to the company network. This also means that the supposed security of logging on to the local computer in the company network no longer applies. In addition, there is considerable administrative effort with traditional passwords, for example because users forget them during their vacation or do not change them in time. The task of enforcing supposedly secure passwords is not easy either. It is even almost impossible to check whether users use the same passwords at work and at home to make them easier to remember - which is a considerable security risk for many privately used services due to password leaks.
Multi-factor authentication becomes standard For all these reasons, security experts - including the German Federal Office for Information Security (BSI) - have long recommended the use of two-factor authentication. The BSI even tightened this recommendation once again at the end of July 2021: the authority now includes it among the minimum standards for the use of external cloud services. Microsoft 365 is a particularly successful external cloud service in companies. Although the company offers its own solution for this with Microsoft Authenticator, it is not suitable in all cases. In its shared responsibility model, Microsoft makes it very clear that the responsibility for user accounts and identities as well as the identity and directory infrastructure lies entirely or at least partially with the customer. There is therefore an urgent need for action here.
REINER SCT Authenticator at the Kraftanlagen Group The Kraftanlagen Group recognized this early on and now relies on the REINER SCT Authenticator, a hardware for two-factor authentication with TOTP (Time-based One-Time Password). The Kraftanlagen Group established itself in the 1920s as a leading German supplier in plant and pipeline construction and is now a leading service provider for industry, energy and building technology as part of the French Bouygues Group. The group's headquarters in Germany are located in Munich. It employs around 2,200 people, of whom around 1,600 regularly work with Microsoft products - more and more of them with Microsoft 365 and Microsoft Teams. Around 600 people have a company cell phone. In this case, the procedure offered by Microsoft is possible by entering a user name and password and confirming with a code sent to the smartphone via SMS. However, Alexander Siegelin, Head of IT at the Kraftanlagen Group, had to come up with something else for the other 1,000 or so employees. "Not using multi-factor authentication today is almost grossly negligent," warns Siegelin. "We therefore took action as part of the conversion of our Microsoft 365 client to that of the parent company Bouygues E&S."
As is often the case, the first impulse was to use Microsoft's on-board resources for authentication. "However, 50 percent of the participants in a preliminary survey of our employees who do not have a company cell phone did not want to use their private cell phone for authentication," reports Siegelin. They are also not obliged to do so, as they would at least have to send their private mobile phone number to Microsoft.
And it is not only works councils that are often critical of mixing private and professional use. Security aspects also speak against it - after all, the company has no control over what employees do with their private smartphone or where and how they use the login. This quickly results in a confusing mix of private and professional use, which harbors additional security risks and is difficult to untangle later - for example when an employee leaves the company. Solutions that rely on a USB stick for authentication were tested but rejected: In some cases, access, for example to Microsoft Teams, should be exclusively via smartphone. These solutions are not practical. At the Kraftanlagen Group in particular, there is also the fact that some employees work for customers in areas where smartphones are not permitted for security reasons, but where they still need to access company resources for their work. This access should, of course, be secured with two-factor authentication in the same way as access to the Microsoft cloud.
Practical tips for the introduction of two-factor authentication "When we first tried out the authenticator before the launch, we were immediately impressed by how easy it was to use," explains Siegelin. Users simply log in to their company account once with the device. Then they switch on the Authenticator, select the account and confirm with "OK". The TOTP code displayed is valid for 30 seconds. Once they have entered this, they receive the desired access. All the necessary licenses are already included when the device is purchased and there are no ongoing costs. Siegelin has now ordered around 500 devices. He appreciates the short delivery times and good availability of the manufacturer from the Black Forest. To ensure that employees who don't work on a PC every day don't have any reservations about using the Authenticator, Siegelin and his team produced a one-minute video explaining how to use it. This was well received by the employees. "We hardly had any questions about using the product," reports Siegelin. Acceptance was also increased by the fact that employees are also allowed to use the Authenticator privately. It supports up to 60 accounts per user with a constantly growing list of services. "I also want employees to behave securely in their private lives," says Siegelin, "because if they are aware of IT security in their private lives, they won't switch it off at work, so it benefits the company too." Based on the positive experience to date, the Kraftanlagen Group also wants to use the REINER SCT Authenticator for other applications. It is already in use for logging into the social intranet. A single sign-on (SSO) via Azure Active Directory is also in preparation. Multi-factor authentication is mandatory here. It is therefore already foreseeable that other employees will also be equipped with the handy and reliable password generator from REINER SCT.
You are currently viewing a placeholder content from Facebook. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
