Hughes Provides Secure Remote Access

In the world of broadband communications, Hughes delivers a range of innovative network and satellite technologies, managed services, and solutions for many of the world’s most successful and well-known hotel, retail, and restaurant franchises. Hughes services support critical business functions such as credit card transactions, point-of-sale and inventory management, and human resources. “Security is a huge priority for our clients. Many of them are transferring highly sensitive information such as credit card numbers and personal identification information over their networks,” says Heko Maiwald, senior project manager of Enterprise Services, Hughes. “We’ve built a reputation as the safe choice, and we’re well known as one of the most experienced national providers of PCI-compliant network services.”

Business Trigger: Secure Remote Access
For several years, Hughes provided two-factor authentication for network access, by requiring a onetime token (identification code) in addition to the username and password, with RSA’s SecurID tokens. As more clients began to request network access for users working from home or other remote locations, some usability problems with the implementation arose. For example, synchronization issues with the rotating six-digit codes on the key fobs given to users required a call to Hughes technical support and expiring tokens would cause remote sessions to end unexpectedly.

“Since remote access presented a new dimension to network security, we wanted to adopt the strongest authentication possible to help protect ourselves and our clients,” Maiwald explains. “It was important that we provide secure remote access to users with a seamless experience, as if they were connected directly to the local area network (LAN).”

Business Solution: Build Hughes Secure Remote Access Service
Hughes partnered with systems integrator Axiad IDS to design and launch the Hughes Secure Remote Access service, in which the McAfee One Time Password server is the system for two-factor authentication.

As Hughes phases out the use of RSA SecurID tokens, they have begun to issue Yubico YubiKeys to clients. YubiKeys are a small USB form factor that generates a one-time password that is verified by the McAfee One Time Password server, enabling a secure two-factor authentication login within seconds. Every time a new one-time password is generated, the McAfee One Time Password server revokes all previously generated passwords for that YubiKey—ensuring that old one-time passwords can never be used again to gain access to the network.

An important feature of the Hughes Secure Remote Access Service is a self-service portal that enables clients to enroll themselves and manage the YubiKeys assigned to their employees. “Before, with the RSA tokens, only IT could perform a PIN clearing or PIN reset. Now our clients can access the portal and perform the tasks themselves,” Maiwald states.

For businesses that depend on a high volume of credit card transactions, Hughes clients require the service to expire accounts for users that have not used their YubiKeys after 90 days. McAfee One Time Password provides this safeguard without any intervention from IT.

“With its strong two-factor authentication and ease of deployment and management, McAfee OTP [McAfee One Time Password] is an invaluable element in our Secure Remote Access service. McAfee gives us and our clients the peace of mind that their private data is protected.”

Heko Maiwald,
Senior Project Manager of Enterprise Services, Hughes

Business Results: Cost and Time Savings
With the combination of lower operational and hardware costs, Hughes is able to offer its Secure Remote Access service at a highly competitive price point.

With the burden of enrolling users and managing PINs lifted from IT, Hughes has noted a 30% reduction in support calls for one-time password access. “Instead of getting calls every day, now we might get one a week,” said Maiwald.

Partner Service: Axiad IDS
In addition to design and implementation services for the Hughes Secure Remote Access service and portal, McAfee partner Axiad IDS provides ongoing support.

During the implementation phase, Axiad IDS applied creative approaches to compartmentalized networks, supported a variety of environments, and met high security standards.

“The Hughes environment was quite complex from a security perspective and required us to make modifications to the McAfee OTP [McAfee One Time Password] system,” said Bassam Al-Khalidi, co-CEO and principal consultant, Axiad IDS. “I was very impressed by how quickly the McAfee engineering team was able to turn around the changes that were needed. Their fast response enabled us to meet our delivery timeframes and implement a solution that is very well integrated into the Hughes environment.”

“Maiwald added, “We can always count on Axiad. They consistently exceed our expectations.”

Peace of Mind for Service Providers and Clients
“With its strong two-factor authentication and ease of deployment and management, McAfee OTP [McAfee One Time Password] is an invaluable element in our Secure Remote Access service,” Maiwald said. “McAfee gives us and our clients the peace of mind that their private data is protected.”


Customer profile

Worldwide provider of managed broadband communications services to hospitality and retail industries and a wholly owned subsidiary of EchoStar Corporation, global provider of satellite operations and digital TV solutions



IT environment

Secure VPN and WAN services to meet requirements of government and enterprise customers


Upgrade hardware tokens and provide authentication foundation for new Secure Remote Access service

McAfee solution

  • McAfee One Time Password


  • Iron-clad data protection through strong two-factor authentication
  • Higher quality service through selfenrollment portal
  • Reduction of 30% in support calls
  • Cost savings passed on to customers
  • Support of customers’ PCI compliance requirements