SMS to replace token security

SMS to replace token security


System will cut costs and reduce IT workload

A text message-based network security system expected to cut costs by 20 per cent will go live at the London Borough of Kensington and Chelsea (LBKC) next month.

Since 1999, council staff have used traditional token-style two-factor authentication for secure network access. Under the new system, a passcode will be sent via SMS to the employee’s mobile phone.

The project will cut administration and improve security, according to LBKC network manager Russell Hookway.

“We need a more appropriate system that is better suited to the needs of our workforce,” he said.

With the old system, a staff member wishing to work from home needed to fill in a remote working access request form, and then make an appointment to pick up the necessary tokens.

One of the main drawbacks of the token-based architecture was the administrative burden it put on the IT department. There were also security implications if the physical tag was lost or used inappropriately.

“The idea of the text message system is to offer self-service to staff working remotely, and remove an unnecessary burden from the IT team at the same time,” said Hookway.

“We are also taking the responsibility of looking after a token away from the end user,” he said.

The system, forecast to be fully operational by March, will cover 700 of the council’s 3,000-strong workforce.

And as remote working gains popularity and becomes increasingly common, the council might need to extend the availability of the SMS system.

The software is being provided by SecurEnvoy.