Imagine the following scenario: a police officer on patrol sees a man he believes to be a dangerous offender. Reaching for his laptop, he tries connect to his department’s database to confirm his suspicions. There’s just one problem – he forgot his RSA token at home. He calls IT to be given access, but by the time everything is sorted out, the suspect is long-gone.
For the Suffolk County Police Department, the story above was a daily reality. As one of the largest law enforcement organizations in the country, the police department is located on Long Island, New York, where it operates out of seven precincts. It also provides several specialized services such as marine patrols, airport operations, arson investigation, and search and rescue.
To effectively do their jobs, Suffolk County’s field officers require VPN access to the department’s database, which contains data such as arrest warrants and developing emergencies. Quick access to this information could make the difference between a successful arrest and a failed one – or even between life and death. Unfortunately, regulatory requirements presented a considerable roadblock.
“There’s a government mandate that says any device that will access a law enforcement database needs to have two-factor authentication,” explained Sergeant William Okula, executive officer of Suffolk County PD’s Technology Bureau. “A password just isn’t good enough anymore.”
Traditionally, this meant equipping officers with RSA SecurID Hardware tokens.
It was an imperfect solution, at best. Too complicated and cumbersome for field use, the fobs were also frequently forgotten or misplaced – wasting both money and man-hours. And RSA SecurID tokens are not only easily lost or damaged, but also need to be replaced every three years. It became clear that the police department needed an alternative – one that was easier to use than physical tokens, but also highly secure.
“We take a layered approach to cybersecurity,” explained Suffolk County PD Office Systems Analyst William Odierno. “We have a number of different tools for monitoring and management – some are appliances, while others are just software that looks for suspicious activity. Any tools we chose to incorporate had to work with our existing solutions.”
BlackBerry fit the bill, and the Suffolk County Police Department eventually deployed BlackBerry 2FA alongside BlackBerry UEM. 2FA allows officers to use their mobile devices to authenticate with the police department’s database, while UEM gives IT total control over the department’s mobile fleet, all from a single screen.
Simple and Secure
Thanks to BlackBerry, the Suffolk County Police Department has both lowered its security costs and gained greater control over its mobile fleet. Officers in the field can now connect to the department’s database the moment they require further information. Set-up and provisioning are also far easier, requiring only a mobile device.
“I set one user up, and the next day I had everybody in my office wanting to convert, to hand in their token and switch over to the phone,” said Odierno. “We’re basically [just] deploying a device – I set it up, my Active Directory guys throw the user in the right group, and everything’s good to go. The user’s up and running in a few minutes.”
In addition to BlackBerry 2FA and BlackBerry UEM, administrators at Suffolk County PD are considering a BYOD program alongside an eventual rollout of the Collaboration Edition of the BlackBerry Enterprise Mobility Suite.
“Between BlackBerry 2FA and BlackBerry UEM, we’re now in compliance,” said Okula. “We’re in a place where we could allow our users access to national information from their mobile devices using BlackBerry’s security.”
You can read the full case study here.