SCSK secures remote workforce security at a lower cost with the YubiKey

SCSK Customer Support department faced a need to elevate remote workforce security 

The SCSK Group (“SCSK”), formerly Sumitomo Computer System Corporation, provides a broad range of IT services and solutions domestically in Japan as well as to Japanese companies in the USA and across Europe. As an IT service provider, SCSK was well positioned with both the knowledge and reseller relationships to respond when the pandemic demanded an immediate transition to remote work.

SCSK’s Information Systems department faced a shortage of resources to enable and secure remote work across the organization, which created an expanded, distributed security perimeter. For many SCSK employees, the transition to remote work was supported by mobile-based authentication. However, mobile authentication was neither available nor secure for all use cases, including those of its Customer Support department. 

The SCSK Corporation Customer Support department is on the company’s front lines, responsible for answering questions and troubleshooting issues for all the hardware and software products sold across the entire group. Shifting these customer service interactions from in-office shared workstations to telework required that SCSK find an alternate multi-factor authentication (MFA) solution to support secure access to their database. 

Delivering the highest assurance, phishing-resistant MFA with YubiKeys

As an IT service provider, SCSK was already aware that the highest assurance phishing-resistant MFA came from hardware security keys, like the YubiKey. As a result, SCSK chose to implement the YubiKey 5 NFC, a multi-protocol hardware security key that supports OTP, U2F, Smart Card and FIDO2 authentication, leveraging Yubico OTP as a second factor in a two-factor authentication scheme, creating unique OTPs directly from the YubiKey without any client software needed. 

The YubiKeys were deployed directly to remote employees, who were able to set up their new authentication flow with simple written instructions and without support from the Information System division, helping keep deployment costs very low. 

“We needed to transition to a telework environment as quickly as possible. The YubiKey was quick to deploy, even to employees who are not specialized in IT skills.”

The YubiKey protects sensitive customer data by stopping remote attacks

In order to deliver world class customer service, agents have access to large volumes of sensitive data, including product details and customer information. Remote work exposes new vulnerabilities arising from unsecured home networks, unpatched personal devices, shared devices and the Internet, all of which amplify the insider threat and the risks of cyber attack. 

A YubiKey OTP is a 44-character, one use, secure 128-bit encrypted Public ID and password, making it near impossible to spoof. Users simply need to touch their YubiKey when the OTP is requested within their authentication flow. This provides proof of user presence, preventing remote attacks. The YubiKey’s multi-protocol support offers a bridge to future investments in modern phishing-resistant authentication, including FIDO2/WebAuthn. In addition to the security benefits, the YubiKey provides significant productivity savings over the previously used matrix authentication.

“With YubiKey, strong security policies are possible because it is a product specially made for security. Even if a YubiKey is lost, it does not become a security incident because no sensitive data is contained on the YubiKey itself.”

The YubiKey as a cost-effective MFA solution

The YubiKey is designed to be easy to use and deploy at scale, but it is also a cost-effective solution. For SCSK, the cost of the YubiKey was 1/17th (or 6%) of the hardware cost (capital expenditure or CapEx) of a corporate-owned smartphone, not to mention the ongoing operational costs (OpEx) of device ownership including hardware, service costs, device management solutions and ongoing replacement costs. “The cost advantage of the YubiKey increases with the number of years of use because it requires no running costs,” shared Yoshida.

“The YubiKey is very inexpensive, a few thousand yen per device. The difference in initial costs is roughly a factor of 10 compared to smartphones, which is tens of thousands of yen per device.”

SCSK gains peace of mind with a future-proofed MFA solution that stops modern cyber attacks

Any MFA is better than a password, but not all MFA is created equal. With an eye to raising the bar for security for their remote workforce, handling sensitive customer data, SCSK’s investment in modern hardware security keys, offering the highest security assurance with a lower total cost of ownership (TCO), established a way forward for a future-proofed environment that can handle growing sophistication of modern cyber attacks and stopping account takeovers in their tracks. Given the ease of use and fast and easy user experience, the YubiKey continues to be a critical tool in maintaining a remote or hybrid workforce into the future at SCSK.