websights Matmut secured its unmanaged workstations with TrustBuilder

Looking for inwebo.com? You are in the right place! Read all about it in our blog post

Come and join us in person at upcoming industry trade shows and conferences

How the mutual insurance company Matmut secured its unmanaged workstations to maintain its activity

Matmut, which was undergoing a business continuity plan (BCP) in the face of the Covid pandemic, deployed the TrustBuilder.io MFA strong authentication system on a large scale and within a few days to secure remote connections via the VPN (teleworking).
Cédric Chevrel, CISOof the Matmut group shared his experience with us during a RETEX workshop at the 2020 Security Conference.

Matmut, a " life partner " for its members

matmut-logo-w350

A major player on the French market

Matmut was founded in 1961 by Paul Bennetot, whose aim was to offer automobile insurance to employees in the private sector. Today, the group is known for being a major player on the French market with more than 6,300 employees in France and more than 500 agencies.

With nearly 3.9 million members and more than 7.4 million contracts, Matmut provides a complete range of property and personal insurance products (car, motorcycle, home, boat, hunting, liability, family protection, health insurance, legal protection, assistance) as well as financial and savings services (car loans, consumer credit, savings accounts, life insurance, loan insurance, etc.) to individuals and professionals, companies and associations.

The security of the information system within the BCP framework

Teleworking has become an essential part of the response to the Covid pandemic. Remote connections, on equipment not always controlled by the companies, raise security issues that must be addressed, especially to adapt the system to the explosion of phishing attacks.
Cédric Chevrel, CISO of the Matmut group, reviews his experience with TrustBuilder as part of the group’s Business Continuity Plan (BCP) in the face of the containment caused by the Covid pandemic.

Cedric-Chevrel-Matmut

Cédric Chevrel

CISO of group Matmut

"Very suddenly, everyone's home. We had to find a way to telecommute all the employees who didn't all have company-owned and operated mobile devices."

Project

Remote work and business continuity

The lockdown occurred very suddenly, leading to many questions about how to maintain activities. ” At that same period, the group was in the process of renewing its workstations” reveals Cédric Chevrel. He added that until then, employees had been working on fixed workstations. ” We were also in the early stages of deploying Windows 10,” he points out.

 

Connection to the IS during the lockdown

In a very short period of time, “the IT Security Department stepped in to boost the technologies used to manage security issues, i.e. IPSEC VPN, SSL and VDI explains Cédric Chevrel. The objective was to ensure that employees could telecommute within the best security conditions”.

What the Group was looking for ...

"We had this issue related to VPNs security: highly exposed and vulnerable to attacks by Brute Force, but also to ID leaks".

Security risk analysis

Early in the project, the CISO carried out a risk analysis and rapidly established a number of measures to control them. For instance, Cédric Chevrel explains that “the geographical connection location was limited to France”.

Naturally, the group wanted to control connection attempts from unauthorized devices. After all, the installation procedures sent to employees could be duplicated. It was therefore necessary to maintain visibility of who was connecting, when, and from where. Lastly, the risk of ID leaks and the lack of control over the devices authorized to connect also had to be covered.

"We needed to implement a MFA solution without further delay. And it needed to be attached to a user and a device in order to address the specific needs and risks with regards to the lockdown situation.”

Solution

A benchmark had previously been carried out by the group and TrustBuilder.io MFA was deemed worthy of future needs. In fact, the solution ticked off all Matmut requirements: cost-efficiency, flexibility, rapidity of implementation and deployment, protection against security risks related to the lockdown and post-lockdown, as well as ease of use and installation for the end-users.

 

“We were looking for a solution that would be flexible and responsive. This would allow us to adapt it over time. […] The ease of use and installation for employees was also a key feature for us.”.

"Anyone who wants to log in in the morning receives a notification on their device (tablet, smartphone or PC) where they are asked to enter their PIN code. From there, the SSL VPN solution connects automatically thanks to a link established with TrustBuilder using a RADIUS protocol".

Ultra-secure MFA

TrustBuilder's strong multifactor authentication enables Matmut to cover security risks caused by remote work.

Simple integration and administration

TrustBuilder.io MFA makes it easier for the IT team, i.e integrators and administrators. The solution integrates with the company directory without the need to recreate accounts for all employees. In addition, it is also possible to customize the communication to users directly in the solution (enrollment, confirmation emails, etc.).

Simple and fluid user experience

TrustBuilder.io MFA is passwordless for a seamless user login experience. Employees can easily and quickly enroll in a few clicks from a received email. Key factors for making the solution adopted by all end-users.

"We were able to implement the solution within 24 hours thanks to the synergy between the technical and purchasing teams of the IT department, the group's information systems security (ISS) and TrustBuilder's team.”

Results

Matmut sequenced the deployment of inWebo’s MFA solution. “We started with 1,000 users and ended up with 5,000 users” pointed out Cédric Chevrel. During this roll-out phase, the group assisted its employees by sending out installation procedures and by reinforcing its support team.

Cédric Chevrel shares the group’s satisfaction regarding inWebo’s MFA solution. “There has been no incident, and this is an extremely positive thing”. He adds that “the solution has globally met the needs of the risks to be covered.”

As regards to the user experience, “with inWebo, there is only a PIN code to enter whereas before employees had to fill in their first name, last name and password every day” says Cédric Chevrel. It is so much easier for them and yet much more secure.

Lastly, Matmut was able to keep track and have a very good visibility, remotely, of connections, enrollments, and so on. “We have created very precise dashboards of the registrations made, the effective connections and those that were not made”

Going forward

Once the lockdown was over, Matmut was able to very simply and quickly adjust the scope of the solution. The SaaS model and the responsiveness of inWebo’s teams made it possible to adapt, in a very reactive manner, to new changes in scope brought by the latest economic events, use cases or by the company’s security policy.

 

Finally, the migration to Windows 10 was done smoothly with inWebo MFA. “As soon as an employee is deployed, we make a new enrolment so that we can set the new device which will be allowed to connect” states Cédric Chevrel.

Strengthen the security of remote access (telecommuting) with inWebo strong authentication

Contact us for a demo or to start your free trial.