With 1 million policyholders across Hungary, insurance provider Generali Biztosító needed to improve its security posture and adapt to the ever-evolving threat landscape to keep its data safe.
“We wanted to ensure we are doing everything possible to protect our policyholders’ data,” says Sándor Hornyák, Head of Identity Management for the Generali Operations Service Platform, which supports the Generali Group in optimizing its services to meet the changing needs of customers, agents and employees.
“To do this, we understood we needed to go beyond traditional perimeter defenses,” he says. “Many cybercriminals exploit user credentials to get access to an organization’s data. Having a secure access solution to verify user identities at each point of access has become a necessity.”
The company also wanted to ensure it was following best practice recommendations for IT security promoted by the Hungarian National Bank. The bank recommended that organizations have measures in place to help protect their and their clients’ data at every access attempt. As a result, shielding any and every application from compromised credentials and securing access to virtual private networks (VPNs) to protect against credential theft was high on Generali Biztosító’s agenda.
An organization of the size and scope as Generali Biztosító constantly needs to optimize its services to meet the changing needs of customers, agents and employees without creating additional friction for them. So, increasing the level of security without compromising the end-user experience was crucial.
“As this was a greenfield deployment of a secure access solution, we’ve put an extra emphasis on the end-user experience. Both enrollment and authentication had to be easy to ensure a quick adoption process,” Hornyák adds.
Speed of deployment was also high on the agenda. Generali Biztosító was working towards a very tight deadline and selecting a solution that would provide visibility and control rapidly was key.
Early on, Generali Biztosító identified their priority use case: protecting the company’s VPN to prevent attackers from remotely accessing internal resources.
Generali Biztosító shortlisted a few secure access solutions. And, after evaluating their capabilities, the company gravitated toward Duo.
“One of the primary values of Duo was the ability to integrate with any application, regardless of platform or technology base,” Hornyák says. In addition to protecting all cloud applications, the company favored Duo’s ability to seamlessly integrate with major remote access gateway and VPN providers.
“While many MFA solutions struggle to protect VPN access, especially if RADIUS is required, Duo integrates seamlessly with Cisco's AnyConnect VPN which we’ve been using for a while,” Hornyák says.
“Duo’s push functionality, flexible authentication options, in-line enrollment, support and user documentation also played a part in the selection process,” he adds.
Being a greenfield deployment — adopting a solution where none existed before — Generali Biztosító knew that a well-planned and -executed communication with its users was a must. The company developed a communication plan to inform users about upcoming changes and actions they needed to take.
“Within four weeks, we deployed Duo to 2,250 users in Hungary. Self-enrollment and out-of-the-box integrations took some of the burden off our IT staff,” Hornyák says.
IT Security Best Practices Recommended by the Hungarian National Bank
By implementing multi-factor authentication to protect its remote access technology, Generali Biztosító now follows best practices for user authentication across its entire user base in Hungary.
With Duo, Generali Biztosító is protecting its IT admin credentials alongside its VPN and a variety of applications such as Microsoft 365, Outlook Web App and CyberArk.
By providing controlled access to applications that contain sensitive data, Generali Biztosító doesn’t only follow the best practice around secure access, it also provides assurance to its policyholders that their data is secure.
“The successful rollout required a close collaboration among a few of our departments — networking, our CISO team, end-user services (including our helpdesk), and marketing and communications,” Hornyák says. “The collaboration, together with concise communication that focused on the importance of security, have helped our users embrace Duo from the outset.”