Don’t compromise your security for remote access
As organisations are increasingly using a mix of fixed and mobile communications as part of their daily operations, they need to ensure that security remains top of mind. This especially in light of the upcoming 2010 FIFA World Cup and potential requirements around facilitating remote access to company critical information. This is the view of Ian Shak, General Manager of Security Solutions at Internet Solutions.
“Our remote access solution, Secure Connect, has evolved from an old school traditional VPN solution, requiring the user to install software, to a browser based solution,” says Shak. “This has simplified the solution dramatically and allows the user to use any modern web browser to access the Secure Connect system.”
According to Shak there are a number of advantages to this. “Firstly you don’t have to install VPN software on the end user’s laptop, therefore when a laptop is lost or crashes, the company’s data can still be accessed via other means, such as an internet café or someone else’s machine,” he says. “We have also built in second factor authentication therefore security is not based purely on just a username and password.” Shak explains that there are a number of reasons why just a username and password combination is not secure enough. “Users sometimes write down these details in order not to forget them and key logger or malware installed on the machine allows for easy hacking and subsequently unrestricted remote access to the corporate network,” he says.
The second factor authentication can be done either using a token or a one-time password. “The end user will either have a physical credit card shaped hardware token, with a screen, battery and circuitry inside,” explains Shak. The user will then push a button on the corner and this will generate an alphanumeric code which changes all the time and becomes obsolete as soon as it is used. “The alternative to this is the mobile solution where we have integrated the FireID cellular phone application in the platform and the administrator enters users’ cell numbers,” he says. “The user will then receive an SMS and download details for the application.” Once downloaded, the application is completely offline and generates a random 6-digit code for single use when the user wants to log into the network.
Secure Connect is a managed service, completely outsourced to IS. “The customer does not need to buy any hardware or software, costs are managed and charged on a per-user-per-month basis and the solution is completely scalable, depending on the client’s needs,” says Shak.
With the South Africa about to host one of the country’s biggest sporting events ever, it is going to become even more critical for organisations to ensure that their network is secure. “You cannot just punch holes in your firewall, giving across the board remote access without running the risk of being compromised and hacked,” says Shak. “And while organisations will have to become more flexible in terms of remote access, security must remain a key priority,” he concludes.