|
The need to secure access to enterprise applications is an ongoing battle for IT managers – and it is only getting worse in the wake of new security demands. The recent announcement of new federal mandates and deadlines for laptop encryption and two-factor authentication for civilian agencies for example, has placed increasing pressure on enterprises to act on their security initiatives more quickly than ever.
Among other recommendations, the mandate highlights the need for encryption of all sensitive data on mobile devices; token- or card-based two-factor authentication for remote access; and the tracking of data extracted from federal databases. While enterprises are more than willing, these security levels cannot be achieved overnight.
VPN security
For years, enterprises have relied on their VPNs (virtual private networks) as a foundation for secure access. As the demand for remote access has evolved however, VPN security has been unable to keep pace. Remote computing devices and random nodes appear on VPNs with great frequency, bringing with them a number of security threats. As a result of this lack of control over access, VPNs have now become the most prolific source of viruses and worms on corporate networks.
To address concerns in this area, some enterprises have resorted to “quick fixes”. These have included restricting access and/or privileges to a handful of authorized users, or simply eliminating VPNs and remote access altogether to ensure that everything stays within the boundaries of the enterprise. However, in a world that depends on an increasingly mobile workforce as well as online communications for conducting business, eliminating remote access in the interests of security is counterproductive to say the least.
Others have attempted to implement multi-password or challenge response schemes to improve access security. The complexity of these schemes can often frustrate users who have to enter multiple login details within strict time frames. Automating password generation on laptops or desktops simply opens the door to other types of security threats, such as man in the middle attacks.
The power of PKI
One viable way to secure access to corporate networks is through the adoption of a public key infrastructure (PKI) system. A PKI uses highly sophisticated two-factor encryption and digital signature services to enable communications in a highly secure environment. It is effective because it uses two asymmetrical, mathematically related keys (public and private) to generate digital certificates of authority. Each party in a transaction has their own pair of keys, so that one key can be used to verify the operation of another on the initiation of any communication or transaction.
PKI has been acknowledged by the industry as one of the most effective authentication services because it provides the extra measures needed to identify and authorize users and applications. In simple terms, it identifies that the user is who they claim they to be, and can determine the information they are allowed to access – both factors which are especially critical in securing remote access. Furthermore, the keys assist in deriving a symmetrical session key that is used to encrypt the entire communication.
The challenge for most organizations today is that PKI is both costly and complex, and takes a considerable amount of time to implement. In most cases, it would take more than a year to put together a proper PKI infrastructure. A good portion of that time must be spent on establishing procedural guidelines and laying the groundwork in the way of risk assessment and policy development.
Bridging the gap with smart card technology
In recent months the gap between security requirements and the need for remote access has been bridged with the advent of smart-card enabled, USB-based devices integrated with a managed PKI service. These solutions enable fully protected access to a user’s desktop applications from any location, and can alleviate the deployment time, administrative and financial burdens normally associated with implementing highly secure two-factor authentication. In addition, they provide IT managers with centralized control of security and policies.
The process of accessing desktop and network resources is simple. Users simply plug a key-sized device into any USB port of a Windows-based Internet-enabled PC. After logging in, users have fully secure connectivity to all desktop applications while data, and other digital assets, remains within the boundaries of the corporate firewall. Because the user is connected virtually to the enterprise computer, no data is transferred and nothing is ever written to the hard drive of the remote device in use.
Since the key can only be activated through a two-factor authentication process (both the key and a password are required for access to the enterprise desktop resource), it is completely ineffective if it is lost or stolen. It can also be deactivated remotely if required.
The bottom line
Security challenges are a part of everyday life for IT managers today. Restricting access to remote users in an effort to lock down environments may serve to reduce risk and keep threats outside the boundaries of the enterprise firewall, but it is simply not a feasible long-term approach. With today’s smart card enabled solutions, combined with the power of a PKI platform, it is no longer necessary to close the doors to remote access.
------
Andrew White is CEO of Route1, a trusted provider of secure, identity-managed computing solutions. He can be reached at [email protected]. Route1 solutions are sold through the company’s extensive network of highly specialized global channel partners, including Six X Telecom Corp.
|
Internet Telephony Magazine
Click here to read latest issue
CUSTOMER 
Cloud Computing Magazine
Click here to read latest issue
IoT EVOLUTION MAGAZINE
