How the NHBC uses cloud-based technology for VPN authentication

The National House-Building Council is using cloud-based technology to offer almost 70% of its workforce authenticated remote access to its VPN using SMS and hard tokens.

As the UK’s leading warranty provider and standards setting body for new-build homes,the  National House-Building Council (NHBC), requires a network that can be accessed from any location, on any device, in a secure manner. With almost 70% of its workforce accessing its VPN remotely, using cloud-based technology seemed to be its best option. 

So NHBC worked with communications provider Virgin Media Business to deploy a new VPN authentication platform to secure employee access via VPN to the corporate network, irrespective of their location and device.

Michael Neve, head of services delivery at NHBC, said: “Our original 2FA solution had reached its end of life and was being withdrawn from the market. It was critical that the new solution would guarantee accurate authentication and would not need us to adapt our network settings.”

Following a procurement exercise, the council eventually chose to deploy Cryptocard authentication platform BlackShield Cloud, and tasked the vendor with implementing a cloud-based, two-factor authentication technology to secure access to the company network for its 750 field-based employees.

Neve said: “We are embracing the cloud cautiously within NHBC but, Cryptocard has delivered a true cloud experience, exceeding our expectations on all the requirements we had in terms of integration, the availability of SMS and hard tokens, value for money and the time to implement. Cryptocard was a replacement solution; therefore no further adaption was necessary.”

A key requirement for NHBC was to be able to provide its entire staff with tokens via SMS for  universal appeal across the employee base.

“The SMS solution was chosen as all field-based employees have mobile phones. The legacy solution made demands in as much as only certain models of mobile phones were supported,” said Neve.

Cryptocard has given hard tokens to a select few employees. For the rest, rather than relying on increasingly hackable static passwords, Cryptocard BlackShield Cloud issues a one-time-use password via the broadest set of hard, soft, phone and tokenless tokens on the market, providing robust yet flexible security to users.

Cloud-based VPN offers a new pricing model

Cryptocard BlackShield Cloud offers protection for cloud applications and network access on a pay-per-user pricing model, which is charged on a monthly basis.

There are no upfront infrastructure costs when it comes to implementing advanced automation for the management and deployment of tokens. Cryptocard claims using cloud-based systems like this provides the lowest total cost of ownership (TCO) in the authentication industry.

Cloud-based VPN: moving forward cautiously

Neve recognises these benefits but says the cloud still needs to be treated with a sense of caution. “It is my belief that Cloud technology will change the way we do things and have an impact as great as the introduction of the Internet itself.  However, it is still in the early stages of development and there are security concerns that still need to be addressed.”

Lee Ealey-Newman, business development director, Cryptocard, gives his advice to buyers: "What we're seeing is that security is gradually being turned more and more into a service -- that's a major trend. Instead of running all of the products on your network, you buy layers from cloud companies. Move slowly and observe updates as they come out.”

Read more on WAN performance and optimisation