Protecting Mobility

Strong layered defense strategies help increase productivity

FROM Barcelona to Berlin and all across Europe, workers today need to access corporate information outside the workplace. Remote access frees workers from the restrictions of the corporate work environment. By working from any location and at any time, employees can collaborate more effectively, work more efficiently and ultimately be much more productive. The ability to develop a flexible personal work schedule is a major benefit provided by remote access—one that can have a major benefit on employee morale and productivity. Who hasn’t seen a coffee shop on a sunny day overflowing with workers accessing information on their laptops and other mobile computing devices?

For these reasons, many organizations are making the infrastructure investments to equip employees with the tools to work from any location at any time. However, the flexibility provided by remote access is accompanied by an important requirement.

What It Takes
Keeping proprietary assets, customer data and personal information secure from unauthorized access is of the utmost importance. As more mobile devices are deployed and used on a regular basis, the enterprise security architecture begins to lose the power to protect and prevent incidents.

Organizations turn to Virtual Private Networks (VPNs) to provide secure remote access. VPNs allow organizations to take advantage of the Internet, providing access to information for remote users and branch offices while helping reduce the communication costs compared to dedicated leased lines or the cost of establishing local and long-distance telephone connections. While not all laptops or PDAs contain sensitive customer data, online attackers know that devices used by mobile workers are often the path of least resistance into a corporate network. The security implications are obvious: Mobile workers are a weak link in network defenses.

Unfortunately, many organizations learned the hard way. Simple user names and passwords no longer provide strong enough authentication for users of these mobile devices. Implementing a solution that requires additional authentication of the user will add security and limit vulnerability to attacks for mobile workers.

Managing VPNs
Virtual private networks must be secured by multi-factor authentication to provide protection for sensitive corporate information and to prevent damage to the organization’s brand. A variety of security providers offer multi-factor solutions designed to help minimize the risk of fraudulent activity. Some solutions provide grid cards. Some provide hardware or software tokens, or one-time passwords, knowledge-based authentication and biometric solutions. Few vendors, however, provide all of these authentication options in an open authentication platform that can be tailored to the needs of specific user groups within an organization. And it is this flexibility that is essential.

For example, in many large-scale enterprise implementations, hardware tokens and biometric solutions may be too expensive to be feasible as a single solution for all users, but can be desirable for a specific subset of users who need the assurance tokens can provide.

Grid cards have become a popular alternative because they are efficient to deploy, inexpensive to implement—particularly with large enterprises—and simple for end users to use and understand.

An alternative to deploying a grid for authentication is the use of a one-time-password list. With this approach, end users are provisioned with a list of randomly generated passwords that are typically printed on a sheet of paper that is distributed to and carried by the end user.

Increased Verification
Another authentication method is the use of knowledge-based authentication. Knowledge-based authentication challenges a user to provide information that an attacker is unlikely to be able to provide. Based on shared secrets, this allows the organization to question the user, when appropriate, to confirm information that is already known about the user through a registration process or based on previous transactions or relationships. For example, during enrollment, a user may select and provide answers to easily remembered questions such as year of birth, origin of birth or favorite pet.

In addition to providing a range of authentication options, it is essential that a remote access security solution be compatible with leading VPN software from vendors like Check Point, Cisco, Citrix, Nortel and Juniper. The remote access security solution also should offer support for leading applications such as Microsoft Outlook Web Access and other commonly used business applications.

Mobile workforces demand the flexibility that remote access can provide in order to be more efficient and productive. It is the responsibility of IT to provide this access in a secure manner so that corporate information is not disclosed to unauthorized individuals. Careful consideration of security solutions is required. Select a remote access security solution that provides the broadest range of authentication options and that is compatible with leading VPN remote access software vendors and critical Microsoft applications.

About the Author

Steve Neville is the director of identity products and solutions at Entrust Inc.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.