Secure Remote Access: Not A Token Gesture

Remote access to corporate networks has undoubtedly been a key shift in the function of IT networks over the last few years. However, for all its remarkable business benefits, the new plethora of mobile devices and facilities for remote access means that there have never been a greater opportunity for cybercriminals to target sensitive information (and harvest this stolen data for profit) of organisations that take full advantage of remote working.

Fears over network security are clearly founded – the European Commission (EC) recently announced its intention to create a new directive to tackle threats to information systems, following a rise in attacks across the continent. The directive has been suggested to replace the EC’s 2005 framework decision, which attempted to coordinate laws on hacking across Europe. The EC suggests that because of new methods of attack and advances in technology, there needs to be improved measures to combat this.

Naturally the IT industry is acutely aware and united in recognising the potential dangers, but there is a level of debate over the best ways to tackle threats. Recent surveys suggest network managers’ consider their greatest challenge to be providing safe, secure but highly usable and effective remote access to their network clients. Striking a balance between offering the full range of network services and making sure the company’s most valuable asset, its data, is not falling into the wrong hands is becoming the holy grail for many IT managers.

The traditional password authentication approach used for remote access gives a degree of security but is unfortunately susceptible to fraud and can suffer from users’ repeatedly re-using the same details over and over again. The next step is a 2 Factor Authentication (2FA) system and for many solutions this involves using a personalised ‘token’ to authenticate users. Whilst using a token-based system improves security, it can be an expensive and resource intensive exercise to implement and maintain (especially for SMEs on tighter budgets) and makes it more difficult for authorised remote users to use easily.

There is an alternative of course and like the all the very best solutions it looks at network security as a whole. Using the latest type of token-free 2FA in combination with a secure Virtual Private Network gives an organisation far more protection than simple password authentication alone. It allows an organisation to cost-effectively implement a strong solution for any networked end-point device attempting to access corporate resources.

This improves the protection and the integrity of the IT network, whilst improving the quality of access to it. Using this kind of 2FA requires only a standard web-browser for any end-point device to be thoroughly authenticated (over a secure SSL-VPN connection). It is ideal for any organisation whose workforce and business partners require fast, reliable and secure anywhere access to resources held on the corporate network.

Finding the right combination and making it user-friendly, as well as secure and fully compatible with the rest of the network is vital. To achieve this, for example, Microsoft Forefront Unified Access Gateway (UAG) pairs with Swivel Secure’s PINsafe on the same appliance, to create an integrated network perimeter defence system that uses an innovative, fast and simple to use One Time Code system.

When an individual wishes to connect to the network they simply combine the ten-digit security string (sent to them via SMS or phone app) with their standard four-digit PIN number to derive a One Time Code, which is used to swiftly authenticate their access rights. This level of authentication provides a much greater level of security than passwords alone, as the administrator can be confident that the user is who they say they are.

Ensuring security of remote access to a company network is always going to be a question of ‘horses for courses’. IT managers need to determine the needs of the business and to find the right level of security – which can range from simple password systems right up to the latest in 2FA security or a combined combination of best-in-breed solutions.

The assumption that having the best in 2FA technology means cumbersome and complicated systems that are costly for the user and organisation simply isn’t true. Using a combination of a top-notch Virtual Private Network and the latest generation of 2FA offers authentication that provides a much greater level of security than passwords alone and it is easy to manage centrally, whilst still offering users a level of access that allows them to make full use of the network and its resources.

Steven Hope has spent many years in IT infrastructure with a focus on Microsoft technology, which lead to a focus specifically in the security field. Early in his career, he could be found building XT PCs as a hobby, which eventually found Steven working for various large system integrators, including Siemens Nixdorf and the Datatec group, where he focused on major finance and public sector projects. In 2001 Steven joined Microsoft UK for a 5-year period, and was member of a consulting group focused on security. Since leaving Microsoft he has been involved in various projects on behalf of the company whilst also founding Winfrasoft, a security software company that builds value-add products for the Microsoft Platform. Steven is both Managing Director and Chief Technical Architect at Winfrasoft, with the aim of growing the organisation in the security solutions space.