Kier Group plugs password security vulnerabilities

The construction firm, which employs 7000 people worldwide and has an annual turnover in excess of £1.4bn, had been relying on a managed dial-up service from BT with user authentication based on standard passwords managed on an in-house Radius Server. However, the company recognised that this infrastructure was becoming increasingly vulnerable and difficult to manage.

Kier Group IT director Terry Walker Kier said: "Our old system was vulnerable from a password usage perspective. Passwords are inherently weak as an authentication tool but it was just too difficult for us to change. Our internal helpdesk were struggling to manage password resets and we knew that many users' passwords were easy to guess, this was a major point of vulnerability."

Kier decided to migrate to a predominantly PSTN-based dial-in system as the basis for managing employee access to its systems, along with strong two-factor authentication system based on RSA SecurID tokens.

After comparing the costs and overheads of managing an in-house RSA SecurID system against a managed service from identity management firm Signify, the company opted for the managed service.

According to Walker, one of the key drivers in considering Signify for the authentication system was to separate out the provision of access circuits from the authentication process. 

"With an in-house authentication service we realised we would need to train our already overstretched IT team on new technology, and we'd have the logistical burden of rolling out security devices to a widespread user base and also the need to provide those users with ongoing 24x7 support. It would have been a challenge for us to offer this when we should be concentrating on our day job," said Walker.