ZorgSaam is a Netherlands-based healthcare provider specializing in medical care for the young and old in the Dutch Flanders region and beyond. ZorgSaam provides hospital care, ambulance services, home care and elderly care and is one of the largest employers in Zeeland.
ZorgSaam focuses on care today, while always looking toward the future. Whether for medical technological innovations or advances in the care process, ZorgSaam follows them closely and is always looking for ways to excel at service.
Deploying Strong Authentication
When a company reconstructs its entire infrastructure, it is bound to learn a thing or two. For ZorgSaam, the lessons focused on the viability of Citrix-based desktops and information systems, and the low-cost powerful authentication security of Yubico YubiKeys.
ZorgSaam switched to Citrix in 2012, building an infrastructure that included the Citrix Netscaler to provide access to its secured environment. Everything that was outside Netscaler was considered hostile and insecure, so the company turned to YubiKeys to help secure log-ins originating from outside the environment.
The YubiKey is a small USB-based device that provides public key cryptographic security with the simple touch of a button, an ease-of-use that helped accelerate adoption at ZorgSaam.
The company found that once users become familiar with the concept and realized that the YubiKey is nothing more than a key to gain access to systems, they embraced it and started to wear it on their key rings.
“Although other systems in our organisation are now largely point solutions, we focused on the extended use of YubiKey whenever replacement of these systems is considered. It might even become the only key needed to gain access to ZorgSaam in time,” said Johan Terlouw, manager of back office ICT services.
Choosing the YubiKey for Two-Factor Authentication
To provide optimal user experience only one of two available profiles on the YubiKey is programmed for token generation. The second profile is “locked down” with a challenge/response configuration that future applications at ZorgSaam will use to verify the presence of a valid YubiKey.
ZorgSaam chose the YubiKey after turning away from RSA tokens and dismissing the UZI-pas, a multipurpose smartcard token used by some medical personnel in the Netherlands. The card was considered inapplicable because it is only available to those with a medical registration (BIG-register) and requires expensive readers on each access device.
The YubiKey passed all of ZorgSaam’s testing to become the default means for strong authentication.
Integrating the YubiKey
To support the one-time password (OTP) feature of the YubiKey Standard, ZorgSaam installed the Intel/McAfee OTP Server, which supports YubiKey and a variety of other tokens, including SMS. YubiKey, however, is the most popular, with over 3,500 in use today at ZorgSaam. SMS-based mobile phone tokens are not viable because few employees have company issued phones and employees don’t want to use their personal phones for work.
User Experience and Feedback
With the YubiKey, IT likes its ruggedness, lack of battery and moving parts, and its ease-of-use.
“Integration of the YubiKey was very simple after the first trial period,” said Jelte Ebbers, information security specialist at ZorgSaam. “We simply defined the programming and ordered our pre-programmed batches at our local distributor. We then imported the securely transmitted secrets in our directory and from then on the YubiKeys are available for self-service enrollment at a limited amount of locations within our organisation.”
Working with Yubico Resellers
Local Yubico reseller, Network Solutions Nederland B.V. (now Ngage), provided the solutions and support from start to finish.
“Our identity management plans over time may lead to an upgrade from the YubiKey Standard to the YubiKey NEO to allow integration with physical access based on NFC (Near-Field Communications) as well as for authentication with more IT systems,” concluded Terlouw.
Find out more about YubiKey for Businesses