Department of Defense contractor case study


Met security requirements
Secure manufacturing

About our customer Department of Defense

US Department of Defense (DOD) contractors are business organizations providing products or services to the US government. Products typically include military aircraft, ships, weaponry, and electronic systems. Services can include logistics, technical support and training communications support. In 2011, the US Department spent more than $300 billion on contracts.

After we were hit by the RSA breach it was essential for us be able to program, control and secure our own authentication token secrets. By replacing the SecurID with Yubico technology we were also able to cut down five people in support to one.”
Security Systems EngineerUS Department of Defense Contractor

Authentication requirements for DoD

In March 2012, a database with millions of RSA SecurID customer secrets was hacked in a major security breach. This breach raised concerns about the security processes for one time password (OTP) tokens. As a result of the incident, Yubico was contacted by multiple DOD contractors performing audits for hardware OTP tokens. The DOD contractors required that no copies of the token secrets were stored at the manufacturing facilities or at any other third party facilities. The tokens needed the ability to be easily programmed at their own facilities and the server software was required to provide total technical transparency, ensuring there were no hidden weaknesses. In addition, the tokens secrets needed to be protected in multiple servers in a cost-efficient way.

Yubico solutions and benefits

With the Yubico suite of hardware and open-source software solutions and best practice security processes, Yubico was the only authentication hardware vendor which met the DOD contractors’ security requirements. Yubico further offered significant cost savings in hardware, software and support compared to other authentication technologies and vendors.