HID

London-based Carphone Warehouse Group PLC is Europe’s independent mobile communications retailer. The company operates across 10 markets and employs over 8,000 people in more than 1200 stores and via online outlets throughout Europe. Its UK market share is over 22 percent. The Carphone Warehouse operates in other European markets as The Phone House, including Belgium, France, Germany, Ireland, the Netherlands, Portugal, Spain, Sweden and Switzerland.

Since 1989, the core business has been to provide reliable and innovative mobile communication products and services – accompanied by a commitment to the highest levels of customer support. Consistent with that philosophy, the company seeks to constantly arm its large workforce with productivity tools that give them maximum business mobility and agility, while simultaneously protecting corporate assets by securing dynamic communication and the company’s IT infrastructure.

Employees and partners require direct access to leading computing applications, online and retail sales and inventory data, and secure email. HID Global meets those stringent criteria with easy-to-use token authentication that verifies employees and partners are who they say they are for streamlined remote access to network systems and services.

The Carphone Warehouse was looking for a digital identity solution that would reduce the administration time for managing thousands of distributed token users

Secure remote access solution

Finding an easy-to-use and cost-effective secure remote access solution with its leading position among mobile phone and telecom retailers, The Carphone Warehouse is in constant pursuit of solutions that maintain its competitive edge and innovation. The previous ‘dial-up’ remote access system that was in place for many years had proven to be costly to the company due to mounting traditional phone line expenses, and frustrating to users due to limited bandwidth for supporting access and transfer of large files.

Also, the sheer magnitude and complexity of managing systems for a diverse and distributed workforce to remotely connect to IT systems presents a daunting infrastructure challenge, and led to a desire for a solution that would not require the installation of client software on user PC’s and laptops across the various corporate offices and 1200 store locations.

Unauthorised access and malicious activity

Acknowledging the unacceptable risk posed by weak and insecure static passwords (username-password) for the enterprise, the company sought a better way of validating the identity of users prior to granting mobile access. In addition to guard against unauthorised access and malicious activity, The Carphone Warehouse was looking for a digital identity solution that would reduce the administration time for managing thousands of distributed token users, and that would enable the company to know with certainty who is accessing the network from any location, at any time.

Those employees include management teams responsible for driving business at corporate, regional and branch levels as well as IT-focused staff – all of whom are users requiring fast and seamless access to databases, secure email, the Internet, sales applications, company data, and systems.

Juniper Networks Secure Socket Layer VPN solution

The Carphone Warehouse chose a Juniper Networks Secure Socket Layer VPN solution with Citrix server-based computing as a more secure and more accessible solution for employees and partners

The Carphone Warehouse decided to deploy a Virtual Private Network (VPN) in combination with strong token-based authentication of users to meet its remote access needs. They specifically chose a Juniper Networks Secure Socket Layer (SSL) VPN solution with Citrix server-based computing, over a traditional IPSec VPN, as a more secure and more accessible solution for employees and partners.

Unlike IPSec VPN’s, the web-based interface of the SSL VPN, coupled with strong security from HID Global, truly enabled employees to connect from any company office, retail store locations, from home, and the growing number of hotspots and web cafes. Remote users log-on to the system using HID Global’s Tokens with any PC or computing device through a web browser – and are transparently authenticated at the backend with HID Global’s 4TRESSTM AAA Server for remote access software.

After thorough piloting and evaluation, The Carphone Warehouse came to the conclusion that other solutions on the market for strong authentication were less efficient and costlier due to dual administration requirements.

Remote access integration with Microsoft Active Directory

In contrast, with HID Global there is no need for the addition of a separate user database for managing digital identities on top of the existing corporate systems. HID Global’s 4TRESS AAA Server for remote access integration with Microsoft Active Directory met The Carphone Warehouse’s requirements for centralised management, a single point of administration, and streamlined provisioning of user accounts – and also supported the planned migration from Windows 2000 to Active Directory. As a major consumer retailer, the company has a large number of external users made up of manufacturers, vendors, and IT product suppliers.

Authentication ‘On-the-Go’ is made possible with HID Global’s Keychain Token that solves the problem of weak static passwords in a portable strong authentication device

The Carphone Warehouse simply adds those third party individuals into Active Directory, based upon a designated role that defines what content and applications they can access. From the user perspective, authentication ‘On-the-Go’ is made possible with HID Global’s Keychain Token that solves the problem of weak static passwords in a portable strong authentication device.

Two-factor authentication for one-time-use password

HID Global two-factor authentication validates employee identity via something the user has (the token) and something the user knows (their PIN code) in order to produce a secure one-time-use password.

As its dynamic password solution, The Carphone Warehouse chose the compact form-factor that conveniently attaches to the user’s keychain. Unlike other keyfob tokens on the market, the user simply types their PIN into the trusted pin-pad on the device itself – instead of sending the sensitive PIN credential over the network.

ActivIdentity offers the advanced security benefits of challenge/response and synchronous authentication with a patented three-variable algorithm: time, event, and secret key.

Download PDF version Download PDF version

HID case studies

HID helps in automating the access control management at Żabka

Enhancing enterprise security is high on the list of priorities for businesses across sectors. Within the retail industry, there is an additional focus on enabling new ways of working through management tools. Integrated solutions and applications help to create a robust security landscape and ensure a future-ready posture as organisations look to address emerging risks and create better experiences for next-gen employees. Physical access control (i.e., the readers on the door and the credentia...

Avolon selects HID mobile access® to upgrade headquarter security

Founded in 2010, Avolon is the third-largest aircraft leasing company in the world with 824 aircraft and 145 customers in 62 countries. Its new global headquarters in Dublin is comprised of 6,967 sq m (75,000 sq ft) of secure office space across six floors that houses its IT, catering, legal, and communications departments. Need for a centralised monitoring solution Avolon’s new premises in the upmarket Ballsbridge area of Dublin provided an opportunity for the company to rethink its app...

Deskbee integrates HID mobile access for enhanced security

HID, a worldwide pioneer in trusted identity and access control solutions, announced that Deskbee, a global provider of corporate space management solutions, has integrated HID Mobile Access and Identity Positioning technologies into its platform. With an already robust workplace management application, Deskbee wanted to enhance security and optimise operational efficiencies by integrating digital credentials and real-time positioning into its platform. HID Mobile Access With HID Mobile Acces...