Modern government organisations depend heavily on the ability to maintain security in digital systems. Abraxas Informatik AG, a leading IT services provider in the public sector in Switzerland, is aiming to futureproof digital tax services through improved security and tighter integration.
Owned by Swiss cantons and municipalities, Abraxas has been delivering fast and efficient digitalization of government services for Swiss residents for years. Millions of people already rely on the smooth, secure and efficient operation of e-government services that the company provides. To protect even more effectively against proliferating cyber threats, Abraxas wanted to strengthen the security of key tax services used by a number of cantons and municipalities. Kurt Gantner, Systems Engineer at Abraxas Informatik AG, says: “To improve cyber protection, we wanted to enable more sophisticated password and security policies. One challenge was that we needed to find a way to harden our security measures in a cost-efficient way without having to manually update over 1,000 programs individually to benefit from state-of-the-art security.”
As Abraxas provides a wide range of solutions for cantons and municipalities of different sizes, the company needed a flexible security solution that could be integrated with various identity and access management solutions. René Seiler, Program Manager at Abraxas Informatik AG, confirms: “It was important for our business that we could configure the security policies separately for our various tenants and clients. We wanted to benefit from tried-and-tested standard solutions that would help us streamline compliance, boost security and modernise the login and user experience.”
Increases security with multi-factor authentication without changing code.
Enables highly flexible authentication with single sign-on.
As Abraxas was exploring its options, the team attended a Guide Share Europe (GSE) event where IBM Z Multi-Factor Authentication (IBM Z MFA) was presented and realized that the capabilities of IBM Z MFA met the company’s needs precisely. Daniel Cattin, Systems Engineer at Abraxas Informatik AG, remembers: “When we understood how easy it was to implement IBM Z MFA and what we could do with it, we decided to deploy a proof of concept.”
The team at Abraxas worked closely with IBM to integrate IBM Z MFA with its custom-developed identity and access management solution based on OpenLDAP software. Using the IBM Z MFA Out-of-Band authentication feature, Abraxas could flexibly add multiple factors depending on individual user and tenant requirements.
“With IBM Z MFA, we can simplify access management and enhance logon security,” says Kurt Gantner. “Our applications offer high security through the IBM z/OS RACF Security Server. By deploying IBM Z MFA, we can seamlessly add more complex security and password policies to increase security further and facilitate compliance.”
Following its initial proof of concept, the team plans to expand the solution and roll it out to more clients with a range of different user management solutions. “One of our large clients is using Microsoft Active Directory,” adds Daniel Cattin. “IBM Z MFA helps us to integrate easily with any identity and access management. This boosts security and improves the overall user experience with a simplified single-sign on offering, and potentially even highly secure passwordless authentication capabilities.”
Using IBM Z MFA, Abraxas can modernize the enterprise security and improve protection its applications running on IBM Z, without having to update and customize individual programs. “Thanks to IBM Z MFA, we do not need to change our program code on IBM Z,” confirms Kurt Gantner. “This makes it much easier and faster to meet new security requirements and customer needs by enabling more advanced password policies and a wide range of multi-factor authentication options.”
Abraxas is planning to roll out IBM Z MFA to one canton with about 1,000 users. “Our focus right now is on tax applications for our canton and municipality customers,” adds René Seiler. “The goal is to activate multi-factor authentication for around 7,000 users of our tax solutions.”
Integrating its tax applications with external identity management solutions also simplifies user administration at Abraxas. “We frequently have to deal with adding and removing users or adjusting permissions,” says Daniel Cattin. “We also have to handle support calls when users cannot log in. With IBM Z MFA, we no longer need to synchronise users across different systems and troubleshooting becomes easier, because the user configuration can be done directly by our clients. The ability to integrate our clients’ existing identity management systems reduces our administration and support workload substantially.”
A major advantage of IBM Z MFA for Abraxas is that the organisation will benefit from the ongoing release of new features and developments. “By using standard software for multi-factor authentication, we can futureproof our IT security,” says René Seiler. “As new ways to authenticate are added to IBM Z MFA, we will be able to leverage the latest security technologies – without having to develop and maintain our own integrations. Looking ahead, this will become especially important in the future when we might need to move towards quantum-safe security solutions.”
Kurt Gantner concludes: “Thanks to IBM Z MFA we can now support very flexible authentication options more easily. We can configure different factors for different clients and even require additional factors for individual users. These new cutting-edge login capabilities enhance the security for our tax applications without substantial changes in costs for us.”
Abraxas Informatik AG (link resides outside of ibm.com) is the largest provider of end-to-end IT solutions for the public sector in Switzerland. The company, headquartered in St. Gallen, employs around 1,000 people across all language regions. Abraxas connects Swiss administrations, authorities, companies and the population with efficient, secure and consistent IT solutions and services.
Legal
© Copyright IBM Corporation 2024. IBM Corporation, IBM Systems, New Orchard Road, Armonk, NY 10504
Produced in the United States of America, January 2024.
IBM, the IBM logo, ibm.com, IBM Z, RACF and z/OS are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.
The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.
The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
Statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.