Multi-factor authentication for eyewear manufacturers

Attacks on IT infrastructure are a serious threat to companies. Silhouette Group, an international premium eyewear manufacturer headquartered in Austria, wanted to better protect itself against cyber attacks. For this purpose, the sustainable complete eyewear provider brought IPG's experts on board.

Following an audit, the cyber security service provider A-team.rocks advised the company to secure access to internal systems with multi-factor authentication (MFA). Previously, a user name and password were sufficient - with around 1300 employees, this was a security risk. To remedy this situation quickly, the timeframe for the global rollout was only three months. 
 
Karl Sulzbacher, Head of IT Competence Center and IT Purchase at Silhouette Group, led the MFA project. Based on recommendations, he and his team reviewed potential partners. IPG convinced with a positive overall impression, competence and a comprehensive performance record. Another important argument was the professional logistics involved in distributing the hardware tokens, including to China and Brazil.

First, the needs and possibilities in the various countries were clarified with regard to the MFA solution. The global infrastructure, a hybrid mixture of on-premise and cloud services, turned out to be extremely complex. Accordingly, the question arose as to whether a central installation made sense. In a workshop, IPG Austria, the partner for authentication solutions MTRIX and the Silhouette Group developed a concept. Then, based on this concept, the optimal MFA product was evaluated and Micro Focus Advanced Authentication Framework was implemented. The project team decided on a uniform solution, provided centrally from the headquarters in Linz, via which all logins were to take place worldwide.
 
Due to the great time pressure, the implementation - based on the concept proposal and the described procedure - took place directly in live production. It was confirmed that the planned approach was exactly right and the selected product worked excellently.

The best technology is useless without the involvement of the users. For this reason, a person was defined in each country to accompany the introduction of the MFA and support employees with any questions. The personal support, comprehensible instructions and needs-based training ensured a smooth and punctual rollout at all sites. Users can now choose from three methods for two-factor authentication: Hardware token, virtual token or smartphone push message.

The requirements for the central MFA solution were high: it had to replace a large number of existing authentication services, be uniform worldwide, and support various options for the second factor. Since a proof of concept was not required due to time constraints and the test phase was extremely short, the use cases had to be run through quickly and as realistically as possible. It was the only possible way to ensure functionality and consistency of the processes. Especially the integration for the worldwide secured access from external via VPN was very challenging. Thanks to the great experience and excellent cooperation between IPG, MTRIX and the Silhouette Group, the changeover went smoothly.
 
Multi-factor authentication is more complex than the previously used password login. The personal support of the employees and the preparation of the training materials took time, but contributed a lot to the fact that multi-factor authentication quickly became routine and is now well accepted by the users at all sites.

The Silhouette Group was able to introduce the required MFA within a very short time and significantly improve IT security. Not only the company itself, but also its customers and employees benefit from better protection against cyber attacks. 
 
Benefits at a glance:

• Improved data security 
• Increased resilience against cyber and phishing attacks
• Uniform solution for all subsidiaries in 13 countries worldwide
• No more insecure password authentication
• The chosen solution is low-maintenance