Digital transformation and the journey to Okta
While the cyberattack pressed the issue, Lineas had already been looking for ways to improve their security as part of a wider digital transformation. Lineas began life in 2017, but inherited some of its infrastructures and processes from its predecessors - themselves born out of the public sector, following the privatisation of rail transport across the European Union from 2005 onwards. Lineas were keen to adapt to the challenges of the modern world and, by the time Christophe joined the company in March 2019, cybersecurity and data privacy were high on the agenda.
Christophe worked with Upright Security, an Okta Elite Partner, to overhaul the Identity and Access Management (IAM) elements of its architecture. Prior to the attack, they had already devised a strategic roadmap to address the challenges Lineas faced, within a constrained budget and utilising a relatively small support team. Upright Security helped Lineas to manage their immediate response to the cyberattack, as well as guiding them through the days, weeks, and months that followed. “The service we get from Upright Security is quick and to the point,” says Christophe. “They’re a very knowledgeable partner. Since the attack, I’ve heard very little about our Okta implementation, which means I can rest easy knowing it’s all running smoothly. We have a very vocal team, and I know I’d be the first to hear if that wasn’t the case.”
Bart Cools, Managing Partner, Upright Security, also says the relationship his business has forged with Lineas has been fruitful. And, he adds, that’s thanks to the benefits of Okta that Bart and his team can offer to their clients. “We offer a really lightweight service where we hop on a call and can onboard an application within the hour,” he says. “And that's the real benefit of Okta and its SaaS nature, which allows us to provide rapid support at a really low cost.”
Working with Upright Security to boost cyber-resiliency
Due to the unusual circumstances of their implementation, Upright Security first helped Lineas implement Multi-Factor Authentication (MFA) for the app that was compromised during the attack. This involved migrating around 2,000 members of staff - including train drivers, technicians, and station staff - overnight. “One of the higher risks that we identified early on was the fact that we had no multi-factor authentication,” explains Christophe. “Our infrastructure was designed to be easily accessible remotely, but that left us vulnerable. We had planned to roll out Okta in October, but circumstances forced our hand. Personally, I think that - while the attack was unfortunate - we’re in a much better place today as a result.”
One of the key attractions of Okta for Christophe was the ability to ‘future-proof’ Lineas for the challenges ahead. They needed a platform that was resilient, with high data availability, and Okta fit the bill. The process of protecting all the apps used by Lineas - such as AWS and Salesforce - is now complete. Lineas has a total of 53 apps that are now protected with Okta Single Sign-On (SS0) and MFA and new apps are added to the Okta structure as they are introduced.
This means staff can log on to their regularly used apps from the Okta portal. And MFA authentication is largely carried out using the Okta Verify app, around once a day on average by office staff. Some train drivers, and other staff that work on the ground, find SMS easier due to the nature of their work, however.
Although bringing MFA particularly has added extra steps for staff to follow, the feedback from colleagues has been overwhelmingly positive, Christophe says. “Prior to Okta, password management and authentication was a disaster,” he adds. “We’ve only recently begun using the Okta password change process and it’s been a big success. And I’m a big advocate for the Verify app, because it’s so transparent and a lot quicker to use.”
Building towards the future with Okta
After the experience of coming under attack, Lineas is now much better protected against outside threats than before. And, with the average cost of a data breach in Europe standing at around €3 million, the financial value to Lineas is enormous. “Okta doesn't come free,” Christophe comments, “but we pay for the robustness and everything else that you get. We’re really pleased we took the decision to adopt Okta, and I can’t imagine what life would be like if we ripped it out and started doing it all like we did before. And now, if I mention Okta with the board, they still think about November and how quickly we were able to respond.”
Christophe sees Okta as a big part of the company’s plans and hopes to utilise more services in the future. Among them is Lifecycle Management, which Lineas already uses for its 0365 accounts, but the company hopes to better manage its licensing costs with all of its apps in the longer term. Advanced Server Access for Zero Trust SSH and RDP access to servers is another feature he is keen to explore.
“I'm really confident that further integration and automation with Okta is the way forward,” he adds. “Using Lifecycle Management to create better on- and off-boarding processes and experiences for staff is just one of the ways we envision leveraging Okta in the future to optimize our efforts even more. Advanced Server Access is also likely to be a priority in the future.”
