Top Five U.S. Financial Institution
One of the largest financial institutions in the US deployed HYPR to secure desktop and remote login, and enable seamless, safe access to their central, cloud-based digital workflow provider, while eliminating password fatigue. The company also wanted to close a security gap posed by password-based access to their remote application portal.
Users report that HYPR is a ‘gem of a product.’ Everyone is ecstatic that they no longer have to enter a 16-character password on their mobile devices.
The company had already deployed legacy authentication solutions, including implementations of several SSO products, with requirements to log into those systems several times a day. To further enhance security, the company had gone from twelve to sixteen-character passwords for workstations as well as SSO access, which meant employees needed to enter long strings, multiple times per day. These changes became a significant source of friction, particularly among users working on shared workstations. Password and authentication fatigue were on the brink of becoming unmanageable. Internal call queues to the help desk routinely exceeded 45 minutes as users found themselves locked out of accounts. The situation was both frustrating to employees and increasingly costly to the company, as help desk calls cost approximately $100 each.
Making the situation still more involved, employees accessed applications via a publicly available portal that could be reached by remote workers without the need for a VPN or LAN-based connection. Access to the portal was essential, but the implementation was not secure. To make the challenge even more daunting the company was about to deploy a cloud-based digital workflow solution, ServiceNow, as well as a new ERP/CRM solution, Workday, and wanted to step-up access protection with three factor authentication (3FA).
The issues with security were significant, but making changes was not simple. In accordance with state regulations, employees could not be forced to use their personal smartphones for a new authentication process; they had to opt-into the program. The combination of these factors, highlighted by the pandemic, made the need for a secure, frictionless authentication method mandatory.
The CISO chose to view the confluence of events as an opportunity to implement a better, more impactful security system, starting with the complete elimination of shared secrets. Leadership also realized that a “smooth and cool” solution users could get excited about was key to drive adoption of the new processes, particularly because users had to opt-in.
The company turned to HYPR for a variety of reasons, including the fact that the solution is FIDO Certified from end-to-end, met their granular security specifications, and supported the company’s varied use cases, including remote access via VPN, RDP and VDI.
HYPR True Passwordless MFA is used for both Windows and Mac workstation logins, eliminating the need to remember long passwords while providing strong user-based multi-factor authentication (MFA). This ensures that employees log in with their own unique credentials and permission levels, even on shared workstations. The solution also delivers the flexibility to move between different identity providers without impacting the user authentication experience. To enable 3FA passwordless access to ServiceNow, the security team chose to use a combination of HYPR’s biometric capabilities plus a decentralized PIN, available via the HYPR mobile app.
The firm took a phased approach to the solution rollout, first implementing HYPR to secure access to ServiceNow and the general application portal, followed by deployment for Workday.
HYPR did not disappoint. The company saw over 9,000 users opt-in within three weeks of deploying HYPR passwordless MFA; excellent uptake particularly as rollout occurred during the pandemic shut-down. Further month-over-month adoption, driven primarily by employee word-of-mouth, is almost 700%. As one member of the security team told us, “Users report that HYPR is a ‘gem of a product.’ Everyone is ecstatic that they no longer have to enter a 16-character password on their mobile devices.”
In addition to employee satisfaction, the financial savings has also been substantial; given that each help desk call costs approximately $100, the sharp decline in help desk calls is saving millions every month. Equally important, remote access to the employee application portal is now secured by phishing-resistant MFA through HYPR, mitigating a serious security and regulatory risk for the company.
HYPR also allowed the company to accelerate its digital modernization initiative. The company had planned to begin their ServiceNow deployment on-prem and move it to Software-as-a-Services (SaaS) at some point in the future. HYPR’s FIDO, SOC2 Type II and ISO 2700 certifications allowed them to meet the system and data security controls required to move directly to the preferred cloud deployment.
For the next stage, the company plans to extend its use of HYPR to additional systems and further consolidate its authentication infrastructure by moving to a virtual desktop thin client model for most employees — HYPR ‘s workforce authentication capabilities are key to enabling that transformation.