Case Study - Safe as houses

Powered by SC Magazine
 

Bob Baucom, director of operations and technology at Consolidated Multiple Listing Service in Columbia, S.C., heard lots of horror stories from others in the real estate industry.

There was the disgruntled employee in a nearby state who logged into the
web-based multiple listing service (MLS) application, which lists properties for sale, and put her former boss's house on the market. Another irate ex-employee elsewhere made random changes to listings. Up north, a teenager accessed the system to find vacant houses and host parties in them.
Baucom and other Consolidated MLS board members, intent on preventing such breaches of their service, opted to take a proactive approach and beef up security. "It's all about trying to protect the data," says Baucom, who is also the owner and broker-in-charge of RE/MAX Midlands Realty.
Consolidated MLS, which serves more than 2,400 real estate agent houses, is one of approximately 800 multiple listing services in the U.S. providing listings of available properties.
A few years ago, most MLSs switched to web-based systems, which relied on a simple user name and password for authentication, says Amy Geddes,
operations director at Clareity, an IT
consulting firm serving the real estate industry. Consolidated MLS followed that trend.
Before switching to a web-based system, Consolidated MLS used a program that included client software on individual machines. That program also relied on usernames and passwords for authentication, but offered a bit more security, because a user needed to be at a system with that software, says Baucom.
"If I gave you my login name and password, it wouldn't do you any good unless you were sitting at a machine that had that program loaded on it," he says.
"Once we went to a web-based system, we were more vulnerable."
Agents could easily share passwords with non-members, clients, or others, putting the listings – which contain some sensitive data – at risk.
Listings for agents might have information such as burglar alarm codes, private showing instructions, or whether a house was vacant. All this means that listings held "any number of things that you wouldn't want the public to know if you have your house listed," says Baucom.
With a background in law enforcement, including 13 years with the FBI, Baucom says he is, perhaps unsurprisingly, "more paranoid than most people" when it comes to security.
So he and other board members at Consolidated MLS decided to get ahead of any problems and began checking out strong authentication solutions from various security companies.
They selected Secure Computing's SafeWord PremierAccess with SAFEMLS-branded hardware tokens from Clareity. Agents now access the web-based listings by providing a username and PIN code plus a one-time password, which is generated by pressing a button on the token.
"It's something you have, combined with something you know," says Geddes.
SafeWord PremierAccess is event-based, which means that users get a new password each time they press the button on the token, she explains.
Other two-factor authentication solutions are time-based – they flash a new password every 60 seconds, which can result in synchronization problems and "password not accepted" errors, she says.
Another plus of the SafeWord technology is that the tokens do not expire, unlike other solutions, says Jay Goldlist, vice-president and general manger of Secure Computing's enterprise security division. And replacing expiring tokens can be a real chore, especially if users are as dispersed as they are for Consolidated MLS, he adds.
Baucom says the strong authentication system stops abuse by preventing password sharing or theft.
The system is not infallible – no system is, he notes. But while someone could potentially share their one-time password with someone else, the system does not allow duplicate logins and the person with unauthorized access could be tracked down, says Baucom.
Consolidated MLS, with help from Clareity, was the first in the real estate industry to roll out strong authentication, he adds. The process went "surprisingly well" and, in three days, 70 percent of the service's users were on board.
An education session led by Clareity on some of the security breaches experienced by other MLSs helped to convince agents of the need for the extra security.
"They were asking: 'Why are we doing this? This is just something else to carry around'," recalls Baucom.
"An hour later, they had bought totally into the system... The horror stories were extremely important in getting our people to buy into the program."
Another factor that helped deployment is the integration of the top MLS systems with the authentication solution provided by Secure Computing and Clareity, notes Goldlist. Agents use the same systems they had before, so no new training is necessary. Secure Computing and Clareity teamed up last year to provide security solutions specifically designed to protect MLS data.
Secure Computing also offers a self-enrollment capability, which allows users to register tokens via the web instead of needing to come into the office.
To further enhance protection of its data, Consolidated MLS has also deployed ListSecure from Threewide, which works alongside Threewide's ListExporter to provide secre distribution of real estate data to numerous destinations. ListSecure combines encryption, data tags, image watermarks and other methods to secure delivery and tracking of sensitive data.
But this is a young process. Geddes says strong authentication is a fairly new concept for the real estate industry.
"They're just realizing they need to secure their industry with more than just a name and password," she says.

Copyright © SC Magazine, US edition


Tags
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  21%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1456

Vote