Reference Case: COMback

The IAM Revolution Gets an Ally

Identity is the new perimeter is becoming truer by the day as more and more research shows Identity and Access Management (IAM) will be the most important cybersecurity trend out there. And as a German MSSP called COMback shows, by using Clavister technology, those solutions can be delivered as a service.

It took some years but there’s no denying it anymore: we need to start dealing with a passwordless society. The password—that simple, ubiquitous personal property we use almost a hundred times a day to access our online accounts and networks—is reaching a dangerous point of no return in terms of both personal and business security. Consider these two examples: that of the Dropbox data breach that resulted in 60 million user credentials being stolen started with an employee reusing a password at work. Or another business example shows the financial cost of the password problem. Not applying a simple security patch cost Equifax somewhere between USD450 and USD600 million and countless hits to its reputation.

The World Password Survey from 2018 shows how we, everyday password users, simply can’t cope with this password onslaught. Consumers who responded to the survey have an average of 23 online accounts that require a password, but on average only use 13 unique passwords for those accounts. 31% only use two to three passwords for all their accounts so they can remember them more easily. And lists are far from dead, as the most common way to remember passwords is to keep a written or digital list of all passwords (52%). Verizon Data Breach Investigations Report states that over 70% of employees reuse passwords at work. The report finds a staggering “81% of hacking-related breaches leveraged either stolen and/or weak passwords.”

Luckily, an answer is at hand. The solution is called Multifactor Identification (MFA), one of the tools of IAM to solve the problem of authentication and who the user actually is. It’s based on a simple principal of something you know (your user ID) + something you have (eg a smart phone) + something you are (a biometric print). Using MFA can drastically reduce the threat surface and as such, is attracting a massive amount of attention. PAC UK and KPMG have research which shows that 92% of respondents to their survey stated IAM spending will maintain or increase in the next three years. And tellingly, the report shows that MSSPs will be a substantial part of this investment as deploying IAM solutions bespoke is a very complex and costly exercise. 57% of the survey were considering adopting a solution at least partly managed by a Managed Security Services Provider (MSSP) for their next IAM investment.

The report finds a staggering “81% of hacking-related breaches leveraged either stolen and/or weak passwords.”

Enter COMback, an MSSP that started in the 1990s and has positioned themselves as security experts to a select clientele that includes banks and financial institutions, healthcare providers, automotive and more. They’re experts at managed security and hosting (cloud housing). They grew steadily and added on new services like datacenters in Oberreichenbachand and Hannover in which to better provide security and competency. “We have our headquarters in Stuttgart but we have a reach throughout Southern Germany to help support our customers,” says Sebastian Maurer, Managing Director. “We’re recognized as a specialist in all sectors of IT Security in Germany and very proud of our complete support of customers from C level to engineering incl. consulting business for IT security, privacy and compliance. COMback is based on the principles of a security-centric organization” he says assuredly. This focus led COMback to be recognize in 2011 as part of the Baden-Württemberg Security Prize and in 2013 they were awarded 2nd place together with SAP.

In 2018 they started hearing about IAM, primarily at the German partner days of Clavister. They heard about Clavister’s new product, Clavister EasyAccess which provided MFA with a focus on biometrics but having the flexibility for other OTP deliveries. They could see the high level of innovation and technological sophistication and were intrigued to try it out and to see if it could be rendered as a service. “We built up a high availability Clavister EasyAccess environment at COMBACK datacenter and tried it out ourselves and were satisfied with the results. We then were ready to offer it as a service. We had a hosting price per user plus a required service level agreement (SLA).

The hosting is rendered on a dedicated EasyAccess Server in the COMback Cloud Environment. From there we offered it to some of our customers as a service in that cloud environment as well as an on premises offering. We waited to hear their feedback after they deployed the solution,” he describes of the journey.

The reports started to come back, the customers delivered their thoughts. Maurer, ever sensitive to customers trying new security technologies, nervously opened the first emails.

The reports were positive. He knew that he’d found an IAM solution that he could expand and recommend to his entire customer network. “Currently we have about 200 users secured with EasyAccess and OneTouch, with Yubikey Passcode as additional methods at various customers. And we have at least three more projects in the pipeline and we’re confident more will come. There’s a great customer interest in multifactor authentication and the level of enhanced security that it renders. It’s very satisfying to have an answer to a customer’s critical need. Clavister EasyAccess fulfills that requirement very well,” he declares. The COMback story proves that, by using an MSSP approach, MFA can be deployed as a very cost efficient, robust solution that will help companies join the IAM revolution.

About COMback

Our experienced experts implement our managed services for you. Thanks to regular product training, our employees are always up to date with the latest technology and have a high level of knowledge. All COMBACK employees are security-checked according to strict criteria and publicly obliged to comply with federal and state data protection laws.

For more information visit: