Tuesday, March 16, 2010

Managing Remote And Offsite Employee Secure Online Communications

The latest trend is no longer allowing employees in general to login onto the corporate online environment from untrusted devices.

We see this trend not just in the Industry but also in (semi)government.

They want to make sure that only their trusted corporate devices are used. It results in a smile on the faces of the compliance auditors, but most importantly ensures that the used device has the latest updates when it comes to combating malware etc.

Especially with remote and offsite employees it does not suffice to just make use of regular strong authentication s combined with for example IP-number and Mac address. Most tokens entries can be intercepted using Man in the Middle, and mac and IP numbers can be spoofed.

Identifying a user's trusted corporate device is frequently done using a machine certificate. This really works well.... until the employee loses his device and certificates need to be revoked, and the new machine needs to be made trusted, not just by installing the right images but also a new machine certificate. This causes pain and in many cases a nightmare for both user and the IT manager.

In the last few years some companies such as www.TrustAlert.com have made solutions available which leverage any form of existing authentication, most common user/pwd and tokens, by allowing them only to be used from a single or a group of trusted corporate devices.

Generally the solutions allows for the mapping of trusted devices, provided they are online or network connected, at a speed of 64.000 machines per hour. Revoking a lost machine and issuing a new trust to a single new device takes around 5 seconds and can be automated depending on other forms of authentication (SMS, visual, phone etc).

An added benefit for the user is that no matter what form of (strong)authentication is used by the user, SSO is also enabled to for example VPN's and online applications, making the experience of the user a lot more positive as well.

Setting up such a solution takes 1-5 days.

Labels: , ,


Post a Comment

Links to this post:

Create a Link

<< Home