Case Study - Costa Rica General Directorate of Civil Aviation

The Costa Rican General Directorate of Civil Aviation Prioritizes the Adoption of MFA

Introduction

The Costa Rican General Directorate of Civil Aviation plays a crucial role as a regulatory body. As part of the Ministry of Public Works and Transport, it takes on administrative and regulatory responsibilities under the regime set forth by the Federal Aviation Administration (FAA), the

International Civil Aviation Organization (OACI), and Central American agencies such as the Central American Corporation for Air Navigation Services (COCESNA). It controls four airports in Costa Rica, two of them international, and it works in close collaboration with privately-owned organizations as well as immigration and government authorities.

Challenge

The attacks suffered by the Costa Rican industry triggered internal and public audits, revealing specific user-related vulnerabilities. This resulted in efforts to find efficient tools to encourage users to adopt security practices.

Although the directorate has its own headquarters, it also manages many external areas considered part of the security network: two data centers and thirteen communication links outside the infrastructure that the organization must protect.

Both the occurrence of cyberattacks and the complex environment under control of the General Directorate were catalysts for the implementation of multifactor authentication.

Solution

Despite their enormous responsibility, the Directorate only has skeleton IT and security teams; therefore, it is essential for them to invest in systems that can increase efficiency and provide a comprehensive protection framework for all users.

The implementation of AuthPoint MFA started with 700 licenses and 500 physical tokens for 800 users. The key strategy was to focus on user experience to ensure greater adoption rates. The physical token became a differentiating factor, since the Directorate was searching for alternatives to maximize adoption.

The implementation of AuthPoint brought to light integrations with WatchGuard that benefit the organization and even allow achieving improved synergy with other vendors. For instance, the consolidation of the administrative and operational aspects under a single platform is highly valuable for achieving even greater efficiency. Likewise, monitoring and prevention tools are key priorities for the Directorate.

Strong emphasis has been placed on changing the organizational culture in order to reduce human error. Even though there are solid structures (many government officers), the lack of knowledge and established best practices on safe technology usage is obvious. Thus, the implementation of AuthPoint MFA has had a significant impact on how users interact with technology in a more secure way, protecting the staff that works in remote areas.

Results

  • Improved security position: Implementing AuthPoint MFA has significantly improved system and critical data access security at the Costa Rican General Directorate of Civil Aviation.
  • Reduced vulnerabilities: User-related vulnerabilities were identified and addressed via internal and public audits, strengthening the security position of the organization.
  • Successful adoption of Multifactor authentication (MFA): The deployment of 700 licenses and 500 physical tokens for 800 users is proof that the multifactor authentication was successfully adopted, adding an extra level of security to user accounts.
  • Focus on user experience: A user experience-centric strategy was emphasized, using physical tokens as a differentiating factor and offering alternatives to maximize the adoption of new security measures.
  • Remote user protection: This implementation has not only protected users in the headquarters, but it has also had also a positive impact on staff members working from other locations, proving the efficacy of the implemented security measures.

New opportunities due to implementing MFA

  • Efficient integration with other tools: AuthPoint was shown to have efficient integrations with other tools, proving that the organization can adopt solutions that can be effectively assimilated into its technological environment.
  • Consolidation and operating efficiencies: Due to this implementation, the General Directorate of Civil Aviation is prioritizing solutions that merge operational tasks into a single platform, thus improving efficiency, saving costs, and streamlining security management.
  • Prioritizing of monitoring and prevention tools: The Directorate has prioritized monitoring and prevention tools, adopting a proactive approach towards the identification and reduction of potential threats.

Share this: