Cantonal Tax Authorities Secures Business Applications With Nevis Security Suite
Initial Situation
While KStA employees have long been using a SmartCard with an electronic certificate for identification and to gain access to tax office web applications, municipality employees have thus far been forced to rely on the comparatively less secure ID and password login process. Now, they’ve also been provided with a secure and passwordless login process to access business applications. Nevis, the Swiss market leader for Identity and Access Management, and its partner AdNovum, which has been working closely with the Tax Authority since 2005, were entrusted with the execution.
Secure login for municipality employees is the latest element of the eIAM infrastructure, the central access and authorization system of the Cantonal Tax Authority Zürich for web applications, which has been steadily developing since 2013. In addition to nevisProxy and nevisAuth for authentication and authorization, eIAM also includes nevisWF and a web application (GUI) for maintaining permissions, including the consent process. This was the basis for the decision to implement 2FA for municipality users with the Nevis Authentication Cloud and an access app.
Solution
The Nevis Security Suite is a combination of the Identity Suite and the Authentication Cloud, which can be flexibly adjusted to a range of diverse requirements. The suite is installed upstream of the existing infrastructure and adds an additional layer of security by controlling all user access to the business applications. Authentication and authorization are at the heart of successful Customer Identity and Access Management. Nevis consists of a secure entry gateway, combined with a web application firewall and an authentication service.
The FIDO-certified Nevis Authentication Cloud extends the KStA infrastructure with passwordless authentication and transaction signing as a service. This makes it possible for employees to sign in without a password. Since they only need their mobile phone with a security chip for the multi-factor method, the process is more comfortable and more secure than outdated username and password processes.
The entire execution and implementation of the solution began in spring of 2020 and lasted around six months. Since the go-live in August 2020, around 350 municipality employees have been using passwordless authentication. At the same time, KStA employees can still use the secure login via their SmartCard with a certificate.
