Strong two-factor authentication is increasingly replacing simple password protection for new VPN deployments according to Signify.
This view is backed up by industry research* commissioned by RSA, The Security Division of EMC, indicating that up to 80% of all new corporate VPN installations are using two-factor protection including tokens, one-time passcodes and USB devices.
The research is based on interviews with 20 leading SSL and IPSEC VPN vendors including Juniper, Checkpoint, Cisco, SonicWall and their distributors, to establish the proportion of corporate scale VPN systems being implemented with some form of two-factor authentication.
"With increasing demand for anytime, anywhere access to corporate resources and the growth in wireless networks, the message that passwords are not enough seems to be getting through to larger businesses and government departments,” says John Stewart, director of sales and marketing at Signify.
“They know that strong authentication is now essential for any remote access system. Relying on basic passwords to secure a sophisticated SSL VPN is like putting cheap tyres on a Ferrari – it might save you money in the short term, but you’ll lose control in the first rainstorm!”
The task now is to get the same message through to the small to mid-sized organisations who are now investing in VPNs. They face exactly the same threats to their businesses and need to eliminate weak passwords.
One of the barriers to two-factor authentication has been the perceived cost and complexity to deploy and manage the technology and to support a 24x7 remote user community.
To overcome this, Signify delivers a fully managed, two-factor authentication service that makes it quick, simple and affordable for organisations of all sizes to eliminate passwords and deliver flexible and secure remote access.
It takes just a few minutes to configure any VPN server to connect to the ‘On-Demand’ Signify service and there is no new hardware or software to install on the customer site.
The Service offers flexible contract terms to suit short or long term projects and a choice of token and tokenless authentication options.
Users can choose either to carry an RSA SecurID token that produces a new one-time passcode (OTP) every 60 seconds, or they can opt for the Passcode OnDemand service that delivers an OTP on request to their mobile phone, PDA or email box by SMS or email.
Passcode OnDemand is ideal for applications such as checking web email from home, short term access for contractors and part-time staff, providing Extranet access to clients and partners, and on-line banking, betting or retailing.
Hundreds of organisations have secured their VPNs using the Signify Managed Authentication Service including Eversheds, Kier Group, Norwich and Peterborough Building Society, Accord plc, Serco and London Borough of Tower Hamlets.
“SSL VPNs are making it far easier to connect to core business systems from any web browser, but they leave you vulnerable to identity theft,” says Signify’s John Stewart.
“All organisations of any size that are considering deploying an SSL VPN without two-factor authentication should seriously reconsider and look at the option of outsourcing this activity.”