For 50 years, Cresta World Travel Ltd have been one of the UK’s leading independent travel companies. Focused on delivering customer value to the travel trade, Cresta World Travel Ltd, together with their tour operator brand Jetset, enable agencies to source the very best products for their customers, be it individual components or tailor-made packages.

The travel and tourism industry is no stranger to cyber risk, with the sector being a major target for cyber-attack due to the sensitive customer information held. To protect customer data and drive operational efficiencies, James Serjeant, Head of IT at Cresta World Travel Ltd, led the Identity Management project that delivered a step-change in the organisation’s security posture and helped deliver peak sales performance through improved user productivity. Faced with the overnight relocation from an office-based to home-based workforce, outside of the corporate network, James also utilised My1Login to facilitate remote working, enabling business continuity and ensuring his users were not exposing the firm to cyber risk through credential harvesting.

 

Challenge

Data Breach Risk Due to User Bad Practice
James Serjeant, Head of IT at Cresta World Travel Ltd, recognised there were a number of insecure practices being employed by users that put the business at risk. James explained “We have a number of applications that our users need shared access to. Our users would share these identities with colleagues, for perfectly legitimate business reasons, but in insecure ways. So, we would have users emailing passwords to each other for example, creating a significant risk.” James added “Notwithstanding our password policies, when using third party applications and websites that we couldn’t control, our users were choosing weak passwords, and on the occasion when users chose strong passwords, they would then store them in insecure ways, such as writing them down or storing them in insecure places, leaving us open to a breach.”

User Friction & Operational Inefficiencies
Cresta World Travel Ltd and its multiple brands pride themselves on first-rate customer satisfaction. A challenge James identified was the inefficiencies for his customer success team due to the time it took for them to authenticate with systems and applications. James explains “Our employees need application access to do their job, and on many occasions are on the phone to customers while needing this access. Users forgetting passwords and being unable to access systems was having an impact on customer hold and resolution times – something we pride ourselves on being good at. Additionally, should one of our users have to change an application password, this would then lock other users out of that application until the user notified other users of that change. Again, this would typically be done in an insecure way, creating more risk. Manual password updating and sharing of these identities was not scalable for the business. All of this presented a significant operational challenge and was causing inefficiencies and ultimately, revenue.”

Managing a Remote Workforce
2020 changed the way a number of organisations had to work and James explains how it affected Cresta World Travel Ltd, “We found ourselves with a workforce that had to move to remote working pretty much overnight. My challenge was to ensure business continuity and that our users would not revert to bad practices and put the business at risk, especially being outside of the corporate network. Managing application access, provisioning and revocation was also going to be an issue with a remote workforce.” James added “I also needed to provide immediate access to applications for employees on new devices that were purchased for them to use for remote working. This access had to extend to new suppliers and partners, many of whom would need shared access to applications.”


Solution

Cresta World Travel Ltd chose My1Login’s Identity as a Service (IDaaS) to significantly improve their security posture, drive operational efficiencies, reduce user friction and securely enable remote working as part of their business continuity strategy. James explained “We needed a solution that solved the security challenges but was also easy for users to adopt and provided seamless access to all applications. Having looked at the market, My1Login stood out due to its ease of use and its security architecture. It’s not enough that data is encrypted, I recognise the importance of where that data is encrypted and who has access to the encryption keys. I did not want to introduce a solution that actually created an additional attack vector to our data on the Identity & Access Management vendor’s servers. My1Login’s client-side encryption architecture meant that our Identity Management vendor did not have access to our passwords. It was genuinely safe.”

James added “My1Login was easy to get up and running and when we were forced to move to a remote workforce, it actually took less than an hour to get our users up and running on their new laptops and give them access to their applications in an environment they were familiar with. My1Login being in place enabled our teams to hit the ground running when we went fully remote and it didn’t require them to change the way they worked. We have in excess of 1200 identities in use across the business and being able to facilitate access to them all is critical.” James added “The working relationship with My1Login has been great. They provide excellent support when required and I am impressed that the original team I spoke to pre-sales were still through implementation and beyond, this is typically not the case when adopting new solutions. I feel there’s been real cohesion during the whole process and it has been a factor in delivering the results we set out to achieve. My1Login was quickly up and running, our users gravitated to using it well and there has been excellent adoption.”

Benefits

James Serjeant, who headed up the Identity Management project, explained “My1Login enabled us to eliminate password-related cyber risks while reducing user friction. Our users no longer use insecure practices to access shared privileged accounts, as they can do this via My1Login in a secure way. A huge benefit is that any changes to application passwords are now automatically synchronised for all users who have shared access to that application. We now have a solution that enables us to address the risks of relatively weak passwords being used to protect sensitive, corporate data, which is critically important for audit and compliance purposes.” James adds “Passwords were a huge challenge for the business, but My1Login has been successful in removing this friction, both for users and the IT department. Our employees are more productive, and we have seen reduced customer wait and call times. My1Login helped facilitate our best sales period by giving our users quick access to applications, enabling a more efficient workflow and stopping our users being locked out of apps – all significant points of improvement, especially when our users are on customer calls.”

When the business was forced to move to working from home in 2020, James added “My1Login’s Identity Management enabled secure remote working, ensuring the business was in control of application access and identities even though our users were outside of the corporate network. Without My1Login, facilitating remote working would have been a significant operational challenge. With My1Login, it’s of no consequence whether our users are in the office or in their homes. They have the same frictionless user experience to access apps, and we as IT have the same control over that access. We now have full visibility of application access by users and can ensure that access is strictly controlled, and that no user has unnecessary access to apps. For new suppliers, we can also quickly provide them with access to apps in real time and then revoke that access once it’s no longer required.”

Conclusion

Cresta World Travel Ltd successfully executed their Identity Management strategy that delivered a step-change in security posture and improved operational efficiencies. James explains “I chose My1Login because it was easy to use for our employees and solved our challenges in a secure way. Our employees are more productive as a result and we have reduced customer wait and call times, to the extent that My1Login played a significant role in enabling the business to hit record sales numbers during our peak period. Faced with the overnight relocation of a workforce based in office to one based at home and outside of the corporate network, My1Login enabled us to easily transition – taking less than an hour to get our users up and running with their new laptops, and give them access to their apps in a familiar way, helping remove the security risks often associated with remote working. My1Login’s solution has helped the organisation hugely in the pressing times of 2020 and I would recommend it to my peers in the industry.”

cresta world travel
cresta world travel

 

Industry
Leisure, Travel and Tourism 


Challenge

  • Data breach risk due to user bad practice
  • User friction & operational inefficiencies
  • Managing a remote workforce


My1Login IAM Products


Benefits

  • Step-change improvement in security posture
  • Helped deliver peak sales performance
  • Drove operational efficiencies
  • Enabled secure remote working

 

Customer Team

James SerjeantJames Serjeant
Head of IT,
Cresta World Travel Ltd

  

  

crestaq 

 

crestaq

 

 

crestaq