Secure telework without a VPN
- — 20 October, 2009 00:27
How to provide a secure telework environment without much overhead? That was the question facing Octagon Capital, a Toronto brokerage firm that ended up choosing an unusual hardware-and-cloud service from Route1.
Route1, also of Toronto, sells MobiKEY, a user authentication device that looks like a thumb drive. Users simply insert this USB device into any Internet-enabled computer, type in their passwords, and they can securely pull up all of the applications and data from their desktops. MobiKEY works from home, a client’s office or even an Internet café.
The MobiKEY device ensures that no trace of an end user’s session remains on the computer that is used, and it encrypts all communications between the computer and the desktop machine in the office. It can be integrated with other smart card technologies such as the U.S. federal government’s HSPD-12 identity cards.
Where MobiKEY saves companies money is that it eliminates the need for them to buy VPN hardware or software. The company simply installs the MobiKEY host software on an employee’s desktop computer, and the employee can access the applications and information from any other computer by typing in two layers of password protection.
“Through MobiKEY we didn’t need to set up any VPN,” says Iman Azghar, manager of IT at Octagon Capital. “MobiKEY is the best solution for us because it is very simple installing it – users can do it themselves—and troubleshooting it is very simple.”
The lack of overhead is important for Octagon Capital, which has 80 employees in Toronto, Calgary, Vancouver and Boston. The firm has an IT shop of two full-time and one part-time person.
Route1 officials say MobiKEY is more secure than traditional VPNs, which are often the source of security breaches. Indeed, unsecure remote access is one of the most common ways that hackers get into corporate networks in order to steal data.
“We’ve never had any security issues,” Azghar says, adding that a hacker would get only four attempts to guess a MobiKEY password before the system would lock up.
Tanieu Tan, director of marketing for Route1, says other hardware-based telework solutions aren’t as secure as MobiKEY.
“Our PKI infrastructure has proven to be impenetrable,” Tan says. “That’s why banks, enterprises and multiple government agencies around the world use it.”
With MobiKEY, Octagon Capital employees can access their Microsoft Word, Excel and Outlook as well as human resources and trading applications. Octagon Capital has a Multi Protocol Label Switching (MPLS) network from Telus.
“I use the MobiKEY almost every day,” says Michael Ohnona, an investment advisor with Octagon Capital. “It’s very simple to log on. It feels just like I’m working at the office because I have access to the same applications. The real benefit I find is when I have access to my work computer when I’m on vacation or at my client’s office.”
Ohnona says clients are impressed when he can access their files while he’s sitting in front of them. With a traditional VPN solution, it would be more difficult for him to get through his client’s firewall settings to pull up the information, he says.
“With MobiKEY, the computer I use is irrelevant as long as it has a USB port,” Ohnona says.
MobiKEY also saves employees from lugging around laptops on business trips.
“I don’t carry my laptop,” Azghar says. “I just have my MobiKEY. If I’m visiting friends, I can access my desktop because everybody has a USB port and an Internet connection.”
Should an employee leave the firm or a device gets lost, Octagon Capital can disable MobiKey immediately.
Octagon Capital spends $24 per user, per month for the MobiKEY system, which is sold as a cloud-based network infrastructure service.
The alternative for Octagon Capital would be managing a complex VPN system or a desktop virtualization offering from a vendor such as Citrix.
“I’d have to get two Citrix servers for redundancy, configure the firewalls for ports in and out, and in addition some applications may not be running well on Citrix and then remote users would not gain access to their desktops at work,” Azghar says.
Azghar can’t think of a downside with MobiKEY, which is not only the company’s telework solution but its disaster recovery solution, too.
“It’s very handy. It’s very easy to use. It’s very easy to troubleshoot,” she says. “I don’t have to be at my computer to troubleshoot it. I just ask the user two questions, and I know what the problem is.”
It’s not just small companies that are interested in MobiKEY. Qwest is reselling MobiKEY to U.S. federal government agencies for telework and business continuity applications.
“The Department of Homeland Security is a big customer and user of MobiKEY,” says Diana Gowen, senior vice president and general manager of Qwest Government Services in Arlington, VA. “It’s relatively new technology…and we have an exclusive relationship with Route1.”
Gowen sees potential for MobiKEY to help agencies not only provide telework opportunities but to prepare for pandemics and natural disasters. The issue, she says, is to get beyond the federal government’s cultural resistance to work-from-home arrangements.
“There are many federal employees who don’t want to work from home. They don’t want to take a laptop home,” she says. “The technology is there, it just has not been as rapidly adopted as in the commercial sector.”