Global Chemical Company: Two-Factor Authentication Drives SAP Security and Stability

As global firms expand their IT systems and information flow among their worldwide operations, they face increased exposure to a wide range of security threats. Without adequate protection, hackers can deliver viruses, sabotage computer systems and steal information for purposes ranging from idle curiosity to industrial espionage. That’s why a leading global chemical firm turned to CSC to develop Global ACE Authentication System, a two-factor authentication solution.

The security challenge

One leading global chemical company has been carrying out multiple SAP implementations and e-business initiatives within its business units around the world. The result has been an immense growth in the electronic information flow throughout its IT systems.

As the number of users continues to increase, the challenge is to protect systems from predators and hackers, while allowing legitimate users to access information freely. In working to secure the environment, it became clear that static passwords were no longer providing the level of protection needed.

The chemical client turned to CSC to replace its static password technology with a two-factor authentication solution on all of its business-critical computing systems and platforms.

Securing business-critical systems

CSC’s Global ACE Authentication System is a highly effective security tool that is more secure than traditional login methods because it provides an additional layer that users must pass through for positive identification in order to access a client’s computer systems. It also overcomes the weaknesses of static passwords and requires that users remember only one user name, regardless of the system being accessed.

As a result, the chemical client’s information systems are less vulnerable to potential intrusions using "something you know" and "something you have." The two factors Global ACE Authentication System requires for authentication are:

• A Personal Identification Number (PIN) "something you know," that users must create themselves.
• An RSA SecurID® token "something you have," a card or fob that displays a continuously changing numeric code.

Securing SAP

One of the key business-critical systems the chemical firm sought to secure was its SAP application, which supported its primary business, accounting and manufacturing systems. But integrating the Global ACE Authentication System solution into the chemical clients’ complex SAP application required a more detailed strategy.

To overcome this challenge, CSC initiated a development effort with SAP’s preferred security vendor, SECUDE. The goal was to create the SECUDE Secure Login product. Use of the Secure Login product to implement the Global ACE Authentication System SAP solution provided all the benefits of a full Public Key Infrastructure (PKI) implementation, including the added security of two-factor authentication. At the same time, the administrative processes to manage and revoke permanent and long-term certificates were avoided.

Equally important, the solution used standard communication protocols built into SAP (i.e. its SNC protocols). This software integration allowed for an installation with minimal modifications to the SAP server and client environments.

Communication between the SAPgui client and the Global ACE Authentication System authentication servers was based on Internet- standard protocols and methods that allow the information to pass freely through firewalls between clients, partners, joint ventures, subsidiaries and third party connections.

As an added benefit, in the process of authenticating an SAP end-user, the Secure Login product created an industry-standard X.509 certificate that can be leveraged by other applications and platforms. Using this certificate and the option of add-on libraries from SECUDE, the Secure Login client can extend Global ACE Authentication System authentication to SAP applications that are only accessible through a web browser (e.g. mySAP.com and SAP Portal).

CSC’s Global ACE Authentication System solution also enables single sign-on into the SAP environment allowing users to access all necessary SAP systems after securely logging in to the system once.

Since CSC’s Global ACE Authentication System solution was implemented on the chemical client’s SAP system, the client has enjoyed the highest level of security and stability without any downtime. Global ACE Authentication System continues to provide two-factor authentication seamlessly, protecting the client’s ever-growing flow of information. The end result: legitimate users have easy access to SAP applications while predators and hackers are kept out.

Related Information

Learn more about CSC’s flexible cybersecurity approach.

Read more about CSC's Chemical business.

Contact us.