NPF "Otkritie" has increased the security of remote and office work of employees

2023: Implementation of JaCarta Management System, Aladdin 2FA and JaCarta WebPass products

The non-state pension fund Otkritie (a subsidiary of Otkritie Bank, part of the VTB Group) has introduced a two-factor employee authentication system to strengthen protection during authentication during remote and office work of users with corporate services and the network. The project was implemented by ITPROTECT on the basis of Aladdin R.D. products. The solution is designed for the simultaneous work of up to 550 employees connecting remotely or located in 2 offices of the Fund - in Moscow and Tula. This was announced on May 17, 2023 by ITPROTECT.

As a result, NPF Otkritie received at its disposal a two-factor authentication system (2FA), built on the basis of the system, JaCarta Management System (JMS) mobile application as part of a solution Aladdin 2FA and - USB tockens. JaCarta PKI/WebPass The built-in solution provides protection authentication of employees on workers during computers local work from the office, as well as in services and - on VPN VDI"."infrastructures remote As a second factor of identity confirmation, a one-time either password PUSH authenticator implemented mobile in the Aladdin 2FA application or a hardware USB token can be used. JaCarta

The two-factor authentication system allowed to increase the level of control over access to the corporate infrastructure and reduce information security risks arising during the user authentication process. This reduces the risks of unauthorized access to the corporate network, data leakage and other incidents, especially involving remote work, told Nikolai Samodurov, head of the information security department of NPF "Otkritie."

The Foundation noted the flexibility of setting up the system, which allowed organically, with minimal changes to the existing infrastructure, to fit the 2FA solution into the operation of services. In general, the company switched to using two-factor authentication with minimal impact on. business processes Separately, it is worth noting an important question - import substitution the developer ON is domestic a company and has, certificate FSTEC commented Vadim Simanenko, head of the IT infrastructure department of NPF Otkritie.

As part of the implementation, iTPROTECT specialists conducted a survey of the customer's infrastructure, developed an architecture for connecting solution components, integrated the implemented system with adjacent infrastructure elements (user directory, RADIUS server and mail server) and configured all modules. The system operates in disaster-tolerant mode, its components are duplicated in 2 geodistributed data centers.

Proper access control is one of the most important aspects of the information security of any organization. The remote and hybrid work model is becoming more common, which leads to the need to implement additional protection measures for all employees, including those working locally. The usual password is no longer enough for reliable protection, because it can be intercepted or compromised by a potential attacker. Authentication using the second factor minimizes the likelihood of obtaining a one-time password, token or box from it. As part of the project, a number of components were introduced for NPF Otkritie, which minimize the likelihood of unauthorized access to customer services, stated Maxim Golovlev, CTO of iTPROTECT.

The products guarantee a high level of protection of the customer's infrastructure through the implementation of a set of measures to ensure multifactor authentication. The proposed solution includes JaCarta Management System (JMS) products with JaCarta Authentication Server (JAS), as well as a mobile application consisting of Aladdin 2FA (A2FA). These products form a solution to provide a second authentication factor to companies wishing to provide enhanced authentication using one-time passwords and PUSH authentication. The solution allows you to securely transfer a non-cloned user authenticator during the registration stage, monitor their activation status and remove them from the memory of the mobile device directly from the JMS console. added Timofey Alekseev, head of the product area of ​ ​ mobile solutions and electronic services "Aladdin RD."