• Contact Sales
  • Subscription
  • Resellers
  • Support
Yubico Header Text LogoYubico Header Text Logo
Why Yubicoexpand_more
Why Yubico
  • Enterprises
  • SMBs
  • Individuals
  • Developers
  • Careers
  • Partner programs
  • Affiliate program
  • Contact Sales
  • Events
  • Press room
  • Yubico Blog
  • Yubico Executive Connect
  • About us
  • The team
  • Innovation history
  • Secure it Forward
Easy-to-use, secure authentication

With YubiKey there’s no tradeoff between great security and usability

Why YubiKey
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Proven at scale at Google

Google defends against account takeovers and reduces IT costs

Google Case Study
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Protecting vulnerable organizations

Secure it Forward: One YubiKey donated for every 20 sold

Learn about Secure it Forward
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Productsexpand_more
All products
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • YubiEnterprise Subscription
  • YubiEnterprise Delivery
  • Yubico Authenticator
  • Computer login tools
  • Software Development Toolkits
  • YubiCloud
  • Using YubiKey is easy
  • Find the right YubiKey
  • Works with YubiKey
  • Compare YubiKeys
One key for hundreds of apps and services

YubiKey works out-of-the-box and has no client software or battery

Yubico protects you
  • phishing-resistant MFA
  • privileged users
  • Public Sector
See YubiKeys as a Service
YubiEnterprise Subscription delivers scale and savings

Gain a future-proofed solution and faster MFA rollouts

See YubiKeys as a Service
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Solutionsexpand_more
Solutions overview
  • Zero Trust
  • Executive Order OMB M-22-09
  • Phishing-resistant MFA
  • Passwordless
  • Compliance
  • Cyber Insurance
  • Secure supply chain
  • Hybrid & remote workers
  • Secure privileged users
  • Mobile restricted environments
  • Call centers
  • Shared workstations
  • Microsoft ecosystem
  • Salesforce workspace
  • IAM solutions
  • AWS environment
The Bridge to Passwordless

Begin the journey to make your organization passwordless

Get the white paper
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Accelerate your Zero Trust Strategy

7 best strong authentication practices to jumpstart your Zero Trust program

Get the white paper
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Federal cybersecurity requirements

See guidance for CIOs and leaders to prepare for the modern cyber threat era

See Gartner® Report
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Industriesexpand_more
Industries overview
  • High tech
  • Federal government
  • State & local government
  • Education
  • Financial services
  • Manufacturing
  • Energy & natural resources
  • Retail & hospitality
  • Telecommunications
  • Healthcare
  • Pharmaceuticals
  • Cryptocurrency
  • Elections & campaigns
Manufacturing and supply chain security

Authentication best practices for manufacturing using highest-assurance security

Get the white paper
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Phishing-resistant MFA: Fact vs. Fiction

Meet requirements for phishing-resistant MFA in OMB M-22-09 guidelines

Get the white paper
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Secure energy and natural resources from cyber threats

Best practices for phishing-resistant MFA to safeguard your critical infrastructure

Get the white paper
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Resourcesexpand_more
All resources
  • Yubico Blog
  • Cybersecurity glossary
  • Authentication standards
  • Resource library
  • Developer program
  • Product briefs
  • Solution briefs
  • COVID-19 Resources
  • Case studies
  • Get a pilot started
  • White papers and reports
  • Webinars
BeyondTrust: secured with a subscription

A global leader in Privileged Access Management adopts YubiEnterprise Subscription to simplify its deployment.

How they optimized ROI
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Accelerate your Zero Trust Strategy

7 best strong authentication practices to jumpstart your Zero Trust program

Get the white paper
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Secure shared workstations against cyber threats

Shared workstations can be secured with phishing-resistant MFA.

Get the white paper
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Supportexpand_more
Support home
  • Find the right YubiKey
  • Set up your YubiKey
  • Downloads
  • Product documentation
  • Support articles
  • Support Services
  • Professional Services
  • YubiEnterprise Subscription
  • Sitemap
  • Cookies
  • Legal
  • Privacy
  • Patents
  • Terms of use
  • Trust
How to set up your YubiKey

Follow our guided tutorials to start protecting your favorite services.

Set up your YubiKey
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Find the best YubiKey for your needs

Take the guided quiz and see which YubiKey best fits your or your businesses needs.

Take the quiz
  • phishing-resistant MFA
  • privileged users
  • Public Sector
Accelerate your YubiKey deployment

Technical and operational guidance for your YubiKey implementation and rollout.

Professional Services
  • phishing-resistant MFA
  • privileged users
  • Public Sector
SubscribeStore
  • Home » Resources » Reference customers » Phoenix Software protects the public sector supply chain with YubiKeys
    featured customer

    Phoenix Software protects the public sector supply chain with YubiKeys

    Transforming workplaces across the UK public sector
    Man on laptop
    Secures privileged users
    Protects supply chain
    Passwordless login

    Phoenix Software enables digital transformation in the workplace, empowering UK organisations to innovate and transform with cloud technology, data, AI, security, and collaboration tools. By understanding the individual goals of its customers, Phoenix delivers strong, outcome focused IT solutions and services that allow UK organisations to make a difference to the lives of their employees, service users, and communities. As a reseller with direct access to customers’ IT systems, Phoenix is part of the supply chain, which means the company has an important role in protecting critical infrastructure—not just by offering clients high-assurance security services, but also by securing its own IT infrastructure.


    Key results:

    • Protects high security environments
    • Unified tool for smartcards and other platforms
    • Simplifies multi-user accounts
    • Reduces reliance on passwords
    Contact Sales

    Responding to the growing cybersecurity threat

    Shaun Tosler, Infrastructure Manager at Phoenix, works closely with the Phoenix CTO and Bytes Technology Group CISO to look after all IT infrastructure internally and those that run managed services. His challenge is to maintain a high-level of security while ensuring ease of access and usability for both their own systems and customer environments. “There’s an increased risk in working with the public sector,” admits Tosler. “Any breach, whether within our own organisation or to one of our suppliers, could affect, for example, the many hospitals we deal with. Our first priority is making sure that our access to customers’ systems is safe.”

    According to Tosler, Advanced Persistent Threats (APTs), where intruders lurk undetected in a network for extended periods of time, are “few and far between but they are probably the biggest threat because of the knowledge, funding and backing they have. While some attackers actively try to cause harm, we also have to deal with opportunists seeking to sell credentials and access.”

    Tosler sees the end user as the biggest vulnerability: “The days of simply having to protect your network boundary are gone. Of course, you still need to have firewalls in place, but it doesn’t matter how strong your firewalls are if a user gives out their credentials to a phishing attack. All it takes is for someone to be tired and make one bad decision. They may have all the anti-phishing training in the world. Everyone’s human.”

    “It’s about balancing between security and usability. We can have the most secure environment in the world, and that’s great, but not if no one can do anything. The YubiKey allows us to maintain that high level of security while still giving high levels of usability.”
    Shaun Tosler, Infrastructure Manager at Phoenix Software
    Shaun ToslerInfrastructure Manager at Phoenix Software

    Seeking an alternative to passwords

    Historically, Phoenix relied on passwords and legacy mobile MFA. Passwords had to be complex and rotated often, but Tosler found that users’ passwords quickly became predictable: “If you’ve got five passwords, all the user is going to do is add a number or a symbol at the end. Human nature will take the easiest route, and the easiest route is just to increment.”

    Determined to enhance security for privileged users, Phoenix saw weaknesses with mobile authentication: “It could be that multiple people have thumb prints on the phone and that’s all they need, really. I know you need to put in code but I have no trust in terms of who’s actually got the phone and is doing the authentication.” Phones also rely on battery and cellular reception: “One of the reasons we don’t use smartphones for MFA is that they are just one more thing to go wrong. We don’t like having to rely on the mobile.”

    Time-based One Time Passwords (TOTP) also didn’t appeal to Tosler: “You still need a password. It’s still ‘Password MFA’. The main driver for us is we want to be passwordless, or at least passwordless where it makes sense to do so. And the reason for that is if the user doesn’t have a password, they can’t get phished.”

    Phoenix began testing FIDO2 with YubiKeys: “We needed a solution that was simple enough to manage, simple enough for end users and provided the right level of security. FIDO was that tool. With the YubiKey the user has to be connected to their device, they have to put in a sixdigit pin and they have to touch the key.”

    “The biggest low hanging fruit for attackers is the end user. YubiKeys allow us to get rid of the human factor. If you don’t have a password, you can’t get phished.”
    Shaun ToslerInfrastructure Manager at Phoenix Software

    Deploying YubiKeys to privileged users

    Phoenix chose to purchase the YubiKey 5Ci for all users with administrative access into either internal systems or customers’ tenants. Phoenix use YubiKeys with multiple providers who support FIDO, including Microsoft 365, Twilio, and Cloudflare. If a user loses a key they can request a replacement from the administrator.

    Deployment was aided by the simplicity of the technology. According to Tosler, “We already knew that FIDO isn’t rocket science. You don’t have to set up a full PKI environment. You literally just plug a key in, set your PIN, register with the systems you want to use, and you’re done. On Day One, it only took 30 seconds.” Tosler is pleased with how the keys have performed: “It really did simplify multi-user management. I’ve got five accounts – now to access any of those accounts all I need is one six-digit pin and to touch my key.” A user can use a single YubiKey across multiple work and personal accounts and the secrets are never shared between services.

    Phoenix have also been able to utilise YubiKey’s Smart card/PIV functionality for internal support: “When someone logs into an end user’s machine through our new support tool, this can pass through smart cards. We still do need to have a legacy approach in place for smart cards and this is a better way of managing it because I don’t need to give users a physical card and a YubiKey. YubiKeys provide us with a unified platform for both our smart card and FIDO-based authentication processes.”

    “At the end of the day, we’re happy. There’s not a challenge we’ve had that YubiKeys themselves can’t provide the solution to. Whenever we’ve asked ‘Do YubiKeys work in this situation?’, the answer has always been yes.”
    Shaun ToslerInfrastructure Manager at Phoenix Software

    YubiKeys deliver a fast and easy user experience and drive productivity

    The response from end users has also been positive. Kieron Stone used the YubiKey in his role as a technical support analyst at Phoenix: “The YubiKeys have been really beneficial to our way of working and when you’ve got a multi-user account it really does simplify things. The YubiKey gets rid of any time spent trying to remember your passwords or having to reset everything because you’ve forgotten it. That was all time wasted that you could be doing something else and that time has monetary value. In that way they drive productivity, as well as making life easier.”

    Down the line, Phoenix plans to extend their requirement to use hardware security keys to all third-party consultants. According to Tosler, consultants have already seen how YubiKeys are used internally and have been keen to learn more: “They wouldn’t necessarily use them in the same way we do, but people see how easy it is to secure both their personal and professional accounts. Even if they just use the keys for a password manager, it can give them added protection and save them time.”

    Any MFA is better than a password, but not all MFA is created equal

    Phoenix are not just happy customers–they have also begun selling YubiKeys themselves to their clients in the UK public sector to help them establish phishing-resistant MFA in their environments and raise the bar for security beyond basic legacy MFA. Tosler explains, “Our requirement for highest-assurance security is shared by our clients. We look after the emergency services, local governments and others for whom security is absolutely critical.” YubiKeys meet the requirements for public sector organisations set out in the Government Cyber Security Strategy and, for healthcare, recommendations put forward by NHS Care Identity Service 2 (NHS CIS2).

    However, Phoenix sees YubiKeys being valuable even for clients outside the public sector: “The level of security they provide is suitable for small companies all the way up to much larger enterprises than us. They don’t just solve for very specific things for a particular sector – they are just very good at securing everything. They provide that level of trust, since the password is offline, and there’s not a challenge they can’t handle. So any organisation could roll them out.”

    Sources

    Phoenix Software protects the public sector supply chain with YubiKeys

Yubico Footer Text Logo
  • RSS
  • Twitter
  • LinkedIn
  • Facebook
  • Instagram
  • YouTube
  • GitHub
  • Product finder quiz
  • Find set-up guides
  • Buy online
  • Contact sales
  • Get Yubico updates
  • Careers
  • Events
  • Press room
  • About us
  • Partner programs
  • Affiliate program
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • YubiEnterprise Subscription
  • YubiEnterprise Delivery
  • Yubico Authenticator
  • Zero Trust
  • Phishing-resistant MFA
  • Passwordless
  • Cyber insurance
  • More solutions
  • Industries overview
  • Yubico blog
  • Resource library
  • Cybersecurity glossary
  • Authentication standards
  • Developer program
  • Works with YubiKey
  • Help center
  • Downloads
  • Product documentation
  • Support Services
  • Professional Services
  • Professional Services
  • Contact support
Yubico © 2023 All Rights Reserved.
  • Sitemap
  • Cookies
  • Legal
  • Privacy
  • Patents
  • Terms of use
  • Trust
We use cookies to ensure that you get the best experience on our site and to present relevant content and advertising. By browsing this site without restricting the use of cookies, you consent to our and third party use of cookies as set out in our Cookie Notice.

PreferencesAccept all
Yubico Privacy and Cookies Policy

Privacy Overview

Yubico.com uses cookies to improve your experience while navigating through the website. When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies.

Click on the different category headings to find out more and change our default settings.

Blocking some types of cookies may impact your experience on our site and the services we are able to offer.
Strictly necessary cookies
Always Enabled

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Functional cookies

These cookies enable the website to provide enhanced functionality and personalization. They may set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Performance cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Targeting cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Uncategorized

Undefined cookies are those that are being analyzed and have not been classified into a category as yet.

Matomo Anonymized Tracking
Save & Accept