Relies on central security structure for user-friendly access and good scalability

Raiffeisen Switzerland's previous system reached its limits in terms of efficiency and user-friendliness: When implementing new web applications, the group faced the challenge of having to set up a new login page each time. As a result, customers had to create and remember a lot of access data with different user names and complex passwords.

‘The Bicycle Model’

Raiffeisen set itself the goal of implementing a central security infrastructure: an authentication platform that would provide customers with secure access to all data, applications and Internet services after a single login. Stevan Dronjak, Team Lead Web Application Security Raiffeisen Switzerland, explains: ‘Each application is like a bicycle spoke and, in the middle, instead of the wheel hub, is the central authentication platform. Raiffeisen can always attach another spoke and always remains firmly connected to the hub. In this way, each application can access secure information. The idea was that applications no longer had to take care of all security aspects themselves but could use the corresponding services. These then take over the authentication of customers, application protection or fraud detection.’

Holistic protection thanks to Secure Access Hub

The solution to these requirements was an up stream security platform. With the integrated IAM system, administrators have the technology in place to manage users’ access permissions and requirements, in contrast to a classic IAM solution, where such a system is not directed inwards but outwards and is designed for a larger number of digital identities.

Another important element of this overall package is the integrated Web Application Firewall (WAF) because classic network firewalls do not protect against attacks at the application level. Only the combination of upstream WAF, outward-facing IAM and a higher-level authentication platform takes the wind out of attackers' sails and protects applications from the well-known Open Web Application Security Project (OWASP) Top 10 threats.

The Airlock Secure Access Hub was the ideal central and upstream authentication platform. ‘We had already used Airlock’s WAF and knew Ergon Informatik AG from previous projects’, reports Dronjak. ‘We had had good experiences with the Airlock experts and appreciate their knowledge and expertise with regard to quality and speed. After good discussions, we decided in favour of Airlock.’

Easy access to all services

The requirement for the central authentication platform was not only high security but, above all, user-friendliness: customers should be able to easily access all services via single sign-on and thus switch back and forth between Raiffeisen’s various digital applications and offers without having to log in again – unless they need a higher level of identification for a specific application of the platform.

In addition, the installation effort was very low, and the solution was implemented very quickly. ‘Once the configuration settings had been completed and initial tests had been successfully completed, we were able to go live with the Airlock Secure Access Hub very quickly. If we now have a new digital project on the horizon and a new service has to be integrated into the platform, i.e. a new spoke is added in the same way as The Bicycle Model, we're talking about an implementation within just two weeks’, says Dronjak enthusiastically.

In addition to single sign-on, the implementation of the authentication hierarchy was also particularly important. Depending on the requirements of the application, different authentication strengths are now possible. If a user has successfully logged in to a session with a strong authentication mechanism, no further login is necessary for all applications that require an equally strong or weaker authentication.

Airlock's solution enables Raiffeisen Switzerland to implement sophisticated rights management: administrators can transparently manage the authorizations and prerequisites for user access, which enables an optimal balance between compliance, user consent, IT security and an appealing user experience. Customers are securely authenticated by the IAM system before interacting with financial applications.

The application has been designed to be very intuitive for users. This is not a matter of course, especially for online offerings for financial transactions that have to meet the highest security standards at the same time, but it is decisive for success: as long as the customer has confidence in the company and the app can be handled easily and quickly, this has a positive effect on the use and attractiveness of the applications.