The Key To Data Security

Apr 1, 2007 12:00 PM, BY ASHLEY ROE

Virtual private networks, or VPNs, provide a secure point of entry to an enterprise network for the mobile workforce in a range of industries. Yet, some users of these networks believe they are creating more security problems than they are fixing.

VPNs typically require programs to be installed on each laptop or home computer in order to connect the user to the enterprise. However, once data leaves the internal enterprise network, it is at risk of falling victim to Internet viruses and other virtual threats.

Among the problems of VPNs today, Andrew White, president and chief executive officer of Route1 Inc., Toronto, cites cost as a major issue. “The costliness of the networks dictates limited deployment of them in larger organizations,” he says. “Only 10 percent of the work force in enterprises has some ability to connect remotely, and that is starting to decrease.” Moreover, White says that VPNs secure data only while it is in transit, leaving it vulnerable once it arrives to its endpoint.

The Florida Public Service Commission (FPSC), which regulates authority of Florida consumer utilities such as electric, natural gas, telephone and wastewater services, took notice of these problems when it was trying to find a connection solution for its auditors in the field.

FPSC field auditors conduct financial audits on regulated utilities. The commission also employs a group of safety engineers who inspect new construction for electric utilities, conduct operation and gas pipeline inspections and respond to customer complaints. “We needed to enable secure remote access, so our field employees could connect to our programs from anywhere, without putting our data at risk,” says Lee Kissell, director of the FPSC's Office of Information Technolgy Services.

In late 2005, the FPSC learned about MobiKEY, a portable computing device that connects users securely to their enterprise desktop and network resources from any Internet-enabled Windows-based PC. The device was developed by Route1 Inc. and is powered by the company's MobiNET communications and service delivery platform.

Although the FPSC's preferred connection was through a VPN, many of its applications were not accessible through the type of network. The various virtual threats to data caused the commission concern. “We also attempted dial-up access for our field personnel, but that proved very slow and burdensome,” Kissell says. After contacting a reseller of the Route1 solution, the FPSC began a month-long trial period with MobiKEY.

MobiKEY acts as an “entry key” to enterprise applications. Once MobiKEY's host software is installed, users plug the smart-card-enabled USB device into their personal computer. The user is prompted for a password, which is then validated by the embedded smart card. Route1's MobiNET platform manages user profiles and the services they are authorized to access. Once his or her identity is authenticated, the user selects their host enterprise computer and requests to establish a secure SSL connection. The device does not need to install applications or drivers on the user's computer, and no enterprise computer data is stored on it. This means that no temporary files that could contain confidential data will be left behind on the user's computer.

“With MobiKEY, our employees can access their spreadsheets securely on our corporate network,” Kissell says. “They get a broadband connection that is encrypted, and everything is running off a simple ‘key.’” The FPSC eventually decided to invest in the technology for its employees.

The device also eliminates the risks and potential losses associated with lost or stolen laptops because no trace of company data is left on the machine, and its MobiNET connection can be automatically switched off should a theft occur.

MobiKEY was launched in December 2005.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue