MOBILE COMPUTING
From the December 2006
issue of Communications News
The key to secure remote computing
Ultra-portable technology allows users to access their enterprise applications.
by Andrew White
|
|
The issue of secure remote connectivity has always been a particular challenge for enterprises. Over the years, organizations have relied heavily on virtual private network (VPN) infrastructures to allow secure remote access, but as the landscape changes, so do vulnerabilities and the risk of this model.
The continuing threat of natural and manmade disasters has made the limitations of current security approaches wanting in many aspects. Added to that are increasingly stringent regulatory guidelines that have increased the complexity of the security management challenge.
There are a number of issues that have come to the forefront, leading enterprises to reconsider their policies and procedures on remote access. Most strategies in use today are expensive and confined to specific remote computers. With thousands of remote users to contend with, the need to individually program, administer and maintain each computing device to meet enterprise standards is becoming too costly and complex an exercise for IT managers to handle.
This approach is also restrictive from the user perspective. There are many occasions where connectivity to the enterprise is impossible, such as when a laptop is left at another location, or a remote PC is not functioning properly.
Despite everyone’s best efforts, IT managers are hard-pressed to keep pace with the new and prolific breed of viruses, malware, spyware and other malicious threats. Threats can be transmitted easily to the corporate network through inadvertent (or intentional) misuse of the remote device via VPN access. The simple act of downloading a seemingly harmless Internet application at home can open the door to a myriad of security problems when the user logs into the corporate network. In fact, VPNs, which were once considered to be the solution to security woes, are now cited as the most prolific source of viruses and worms on corporate networks.
Beyond the security issues, data transfer is becoming increasingly more difficult to manage as files become exponentially larger and demand for real-time delivery of information grows. Working on office applications from a remote device can consume enormous amounts of bandwidth, leading to downloading delays and the inability to run legacy applications such as CAD/CAM solutions.
Many enterprises today are tackling the security issue simply by scaling back or eliminating remote access. This, however, is a counterproductive tactic in a world where business interruptions are happening with greater frequency than ever before, which is driving a growing need to expand remote connectivity to ensure business continuity.
Smart card solution
In times of major upheaval, limited remote access could mean that the vast
majority of users would not be able to gain access to their applications.
Even the highest level of built-in redundancy does little for business
continuity if employees cannot access the resources and applications
necessary to carry on business as usual.
One way in which these limitations have been addressed is through ultra-portable technology that allows users to access their enterprise applications by simply “plugging into” any USB port on a remote computer. In this approach, a smart card-enabled, cryptographic device is integrated with a managed public key infrastructure (PKI) platform to provide fully secure connectivity to all enterprise applications from any PC.
PKI offers flexible and scalable access control, while providing the extra measures needed to identify and authorize users and applications. A key attraction of PKI is its ability to integrate two-factor authentication for identity management, as well as to determine the information the user is permitted to access.
PKI uses two asymmetrical, mathematically related keys (one public, one private). The public key, which is used to generate a digital certificate of identity, can be published and distributed, while the private key remains secret. Each party in the transaction has their own pair of keys. At the time of a transaction, or when communication is first established, one key can be used to verify the operation of another. Both the key and the password are required for enterprise access, rendering it ineffective if lost or stolen. Additionally, if the remote device is compromised, service can be suspended, deactivated remotely or even cancelled.
Using this approach, data never leaves the enterprise or travels over the Internet. Because all data remains within the boundaries of the corporate firewall, this type of solution re-establishes centralized control over enterprise security processes and policies. In addition, there is no need to install and manage thousands of individual software applications on remote devices, nor does one have to worry about the risk of rogue access points. Since data is never moved in or out of the enterprise, nothing is ever written to the hard drive of the remote device in use.
This approach to remote access has already delivered results to a number of industry sectors–from small offices to government organizations.
customer examples
The Florida Public Service Commission recently deployed the technology to
enable 45 remote users access to their desktop applications. In achieving
higher security levels for remote access, the agency is also able to open up
more applications to remote users beyond limited e-mail access, since data
is fully protected at all times and no data is transferred over the network.
Forty staff members at Canadian investment firm Octagon Capital use smart card-enabled computing devices for remote access, following a successful test run with senior management. Advisors carry the devices at all times to securely access their enterprise applications, check stock quotes and manage customer accounts. Previous privacy and security restrictions meant advisors could not access client files.
With a smart card-enabled, cryptographically enhanced device, however, users can access all required data in real time and data is fully secured at all times. This has improved productivity, while meeting stringent compliancy regulations, since traditional Web-based access was not only a security risk, but also meant delayed access to vital information.
In another example in the healthcare sector, a diagnostic specialist running two clinics is now able to securely access patient information at each site. Since the device enables two-factor authentication, and all information remains behind the corporate firewall, the specialist is able to conduct business from any location, while ensuring compliance with the elevated legislative requirements for privacy and security of information capture and delivery.
In addition to day-to-day convenience and improved employee productivity, remote access is a critical element in disaster recovery and business continuity planning. Recent breakthroughs in smart card-enabled remote access have been instrumental in addressing the cost, complexity and portability limitations of other remote access solutions, such as Web-based log-ins or VPNs.
Andrew White is CEO of Route1, Toronto, Canada.
For more information:
www.rsleads.com/612cn-251