The Challenge
Users accessing sensitive company data from their own devices posed a data security risk.
In some cases, users could also use devices used by other departments, exposing access to sensitive information from finance and R&D, for example.
This risk was compounded by the fact that users in several teams were not restricted to a single computer assigned to them.
The organization also ran security audits which flagged the lack of measures to ensure that users could access applications and data only through company-owned devices.
Each user was allowed to make use of any of the computers available at the office to improve operational flexibility, but this made security and transparency more challenging.
With a team strength of over 2500 employees spread across 42 office locations, implementing a single solution to address the range of challenges was proving difficult.
To sum up, the company needed to control the way its users access their apps and data in order to improve data security and meet compliance requirements.
SOLUTION
Akku’s Solution
Akku’s Solution
- A custom device-based restriction functionality was developed to implement controls on which devices employees could use for access. An Akku agent was installed on every company-owned device to capture the device’s serial number.
- During login, this serial number is compared with a complete list of serial numbers of all of the company’s devices, retrieved from an asset management system.
- If a match is found, this confirms that the computer is an approved company-owned device, and the user is permitted access. On the other hand, while attempting to log in from any other device, the user is prevented from logging in.
- This functionality was built to be highly flexible to allow the company to define different access rules based on the user role. Some users could be permitted access from any company device, others could be restricted to only devices assigned to their department, and some users could even be provided access only from a single device.
- Several of Akku’s other identity and access management products were also deployed to achieve the company’s goals.
-
- Multi-factor authentication was set up to reinforce security during login.
- IP-based restrictions were made available to permit user access only from the company’s office networks.
- Password policies were enforced to ensure users set strong passwords.
Real-world Outcomes
The custom device-based access control contributes significantly to data security by ensuring access to data only from company-owned devices. Security is further enhanced with department-wise and role-wise restrictions to further airlock sensitive data.
IP-based restrictions ensure that sensitive data is accessible only from the company’s 42 offices around the world.
Audits are now a breeze with compliance requirements met through the access controls implemented along with the enforcement of multi-factor authentication and a strong password policy.
Akku delivered a comprehensive solution to the client’s compliance and security needs with its flexible architecture enabling the development of the custom device-based restriction functionality while enhancing security and productivity with our plug-and-play products.
