Infosec Cloud
Solutions. Services. Training.

Meeting CoCo with 2FA

Meeting the Code of Connection (CoCo)

As part of the Government Code of Connection all remote access users connecting to the GCSx network, must use two-factor authentication instead of simple passwords. The preferred approach is to use a tokenless solution.

Tokenless authentication delivers a one-use passcode to the user’s mobile phone or any mobile device via an SMS text message. The user combines this passcode with their own PIN to gain access to the GCSx network. This approach is cost-effective and easy to use and manage plus there are no hardware tokens to purchase, deploy and control.

Over 20 local authorities currently use SecurEnvoy’s tokenless strong two factor authentication (2FA) solution, making SecurEnvoy the local government’s preferred supplier.

We offer a fully manged cloud-based service to further help meet budget cuts and the need for flexibility.  With no token deployment required, no additional databases or infrastructure, we can deploy strong two factor tokenless authentication for up to 20,000 users in less than hour and manage on your behalf using our online portal.

SecurEnvoy can also run alongside your existing authentication deployment for easy migration.

“The main goal was to achieve CoCo compliance, while keeping any new systems as user-friendly as possible. In this tight economic period we wanted to do this without wasting council money on unnecessary expenditure. Ultimately, we’ve saved money and our systems are more secure than ever, so we achieved everything we set out to do.” Cambridge City Council

You can read the full case study here: Case Study Cambridge City Council

Visit our strong authentication webpage for more information.

 

 

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks

    Meraki Webinar: Cloud Networking at Cirencester College

    Join us as Neil Sperring, Director of IT Services at Cirencester College, shares the story of the “easiest and most enjoyable wireless deployment” he’s ever done. Beacon status Cirencester College has rolled out fast and reliable Wi-Fi providing 100% coverage across multiple campuses serving 1,800 students using Meraki’s cloud managed wireless access points.

    Qualified attendees receive a free Meraki access point. Learn More

    Click here to register

     

    Concerned about BYOD Security?

    Employees expect to use personal smartphones and mobile devices at work. To ensure network security is not compromised, these devices need to be remotely managed – over their lifetime. Organisations need to implement BYOD governance policies such as: all devices must be configured with passwords, specific types of applications should be prohibited from being installed and sensitive data must be encrypted.

    Here are five of the most important BYOD security considerations recommended by industry experts:

    1. Mobile Usage Policy

    The Ponemon Institute 2012 Global Study on Mobility Risks showed that only a little over a third of companies in the U.S. have developed any kind of acceptable mobile device usage policy.

    Policies and proceedures should be created to address mobile device security risks and outline acceptable usage behavior by employees.

    Key policies should include; how remote wipe procedures are to take place, how devices connect to the network, what the strength of encryption algorithms will be used, how users authenticate and what kind of devices users can connect to company resources. And don’t forget employees will require training.

    2. Lost Device

    Mobile Device Management (MDM) should be used to to lock (and) wipe devices. Organisations also need to educate employees about what they put at risk when they lose devices and give them a way to report lost or stolen devices so those lock and wipe functions can be activated.

    With positive confirmation of a remote wipe, an organisation may be able to avoid having to report loss of sensitive data to regulatory bodies.

    3. App Safety

    Mobile device users are facing an increasingly hostile malware environment, particularly those using Android devices. Mobile devices connecting to company resources should have mobile security software installed and have their encryption features activated. Anti-phishing training is crucial to heading off future mobile attacks, but perhaps most important is policing how and where employees download their apps.

    Employees should only use app marketplaces hosted by well-known, legitimate vendors for downloading and installing apps. Mobile malware authors often use unregulated, third-party app stores.

    4. Data Security

    Organisations need to undertake a formal assessment of which employees need access to what data through their devices. You can then decide what security measures will be needed to protect that data, taking into consideration the potential security or compliance ramifications if that data is compromised.

    If you that have highly sensitive information that may be accessed on mobile devices owned by the employee, you need to look for ways to secure and protect those applications independent of the device itself, such that those applications have strong password controls, the necessary data encryption applied and are able to wiped from the device when the employee leaves the company, without wiping their personal data.

    5. Secure Connections

    How a device connects to corporate assets is also a critical consideration. Organisations allowing mobile access from mobile devices should consider minimising that risk by enforcing access to data through virtualization and enforcing VPN access to these resources with strong authentication.

    Additional segmentation within the network may also be necessary to accommodate riskier mobile connections.

    Third-party apps could perform malicious actions against internal corporate networks so an IDS and firewall placed between any BYOD network and the rest of the corporate network is recommended.

    Postini Replacement Offer

    Infosec Cloud announces competitive Postini replacement offer.

    Contract buy-out and free migration offered by IT Security Reseller.

    Email and Web security services expert, Infosec Cloud is offering Postini customers a six month buy-out offer and free technical migration service. Rather than adopting Google Apps, Postini users can easily switch to a superior service at a similar or reduced cost.

    Late last year, Google announced plans to shut down Postini, their email security and archiving service. Once Postini users receive their transition invitation notice, they will have 60-90 days to complete their migration to Google Apps for Message Security and Message Discovery. Message Encryption is not yet available and both Message Filtering and Postini Small Business Edition will be phased out.

    “Postini customers will need to make network changes when they move to Google Apps,” commented Pete Sherwood, Managing Director, Infosec Cloud, “so this is an ideal time to see what other services are available, particularly if free migration is included.”

    For Postini users looking for a cost effective, seamless replacement, Infosec Technologies offers a range of cloud-based services with maximum email availability and protection. These services will allow Postini customers to continue using their current Email platforms – such as Microsoft Exchange or Lotus Notes.
    Key benefits include:

    •     Competitive pricing – same or lower than Postini pricing
    •     Buy-out options – existing Postini contract buy-out options
    •     Instant deployment – free migration of legacy setting to new service
    •     Full Cloud Business Continuity – email backup with DR access
    •     Easy to use platform
    •     Additional Archiving and Encryption also available
    •     Increased and more advanced functionality
    •     IPv6 Support

    Last year the Infosec group migrated over three hundred Webroot customers and so is well positioned to support Postini users looking to switch to a better service.

    The company recently undertook a comprehensive technical and commercial review of the UK Email Security as a Service (SaaS) market. Infosec Cloud has completed intensive due diligence on all leading vendors to identify a range of services that best fit existing Postini users’ operational and commercial requirements.

    Camden Council secures information sharing using Egress Switch

    The latest issue of Computing Magazine features an interview with Camden Council discussing their use of Egress Switch, the leading Government accredited email and file encryption service, to secure sensitive information shared with external third parties. What started as a single Council project has now been embraced by Local Authorities, NHS Trusts, Central Government agencies and the wider Public and Private Sector network.

    Here are some of the article highlights.

    The Initial Challenge
    In 2007 Camden Council needed to find a secure way of sharing sensitive information with external third party personnel including social workers, police, volunteers, solicitors and agency workers. Everyone used different systems and the Council’s initial attempt to use an ad-hoc set of applications including WinZip and password protected Word attachments simply didn’t work.

    “Quite often, the third party simply wouldn’t have the right versions of the technology at their end to open the documents and in some cases these were life and death situations. They had to get a message through so they would simply send it insecurely. That was the way it was happening,” explained Hilary Simpson, Head of ICT Business Partnering at Camden.

    Camden also realised that they were spending approximately £40,000 a year on sending documents by registered post that were then getting lost or being sent to the wrong person.
    Realising that this problem was not exclusive to Camden, John Jackson, CIO at Camden and his team began exploring the possibility of developing a shared solution through a now defunct forum called Capital Ambition. Sitting down with IT leaders from 17 other London councils, Jackson built up a picture of what was needed and began looking for a suitable solution, with a bias against “humongous, one-size-fits-all solutions”.

    The Solution
    The initiative was dubbed the Secure Communication with Third Parties Project (SC3P).

    “We looked at eight products,” says Simpson. “The main requirement was that it had to be simple for council staff to use – we certainly didn’t want to have to send people away for training.

    It was Egress Software Technologies’ cloud-based Switch solution that finally emerged as the best candidate. A policy-based gateway and desktop email encryption service, Switch plugs directly into existing email solutions and is operable via nothing more than a drop-down menu. It was the “one click” approach Jackson and Simpson had been dreaming of. Another key attraction was the service’s “follow the data” audit feature, which would make investigating any accidental losses or breaches a relatively straightforward task.

    The SC3P team was also drawn by the fact that Switch does not require client software to maintain its encryption code.

    “The real innovation here was giving the recipients free access to the emails sent, and making them able to respond to them,” says Jackson.

    All 17 London boroughs adopted the service.

    The Egress Trust Network – The next Facebook?
    After 13 more London boroughs joined the Network, SC3P and Egress decided it was time for the project to go national with a new name: the Trust Network.

    According to Egress CEO Tony Pepper, the initiative’s success is largely down to the vision and drive of the Camden team. “They provided the framework, but now Wales is on board, Scotland is interested, and then immediately outside of London, Surrey’s licensed their entire council of over 8,500 users and Guildford’s done the same. And it’s all because of the work Camden did leading the broad London network.”

    Jackson describes the spread of the Trust Network as being “like the early days of Facebook; when everyone realised it was there and it just… took off”.

    The Trust Network versus the Public Services Network
    The Trust Network’s success contrasts with the rather more sedate progress being made by the government’s Public Services Network (PSN).

    “The PSN has nowhere near the take-up,” says Jackson. “I don’t want to ‘diss’ the central government initiative, but in a sense what is happening is we’ve seen a speed [with Switch] of execution and scale.”

    “This contrasts with some of the big suppliers in local government, who won’t move without a purchase order or change a line of code without a £25,000 development fee, which is quite typical in some cases for even minor changes,” adds Simpson.

    Egress Switch – Delivering the true Cloud
    Jackson says the project has caused him to see the Cloud in a new light.

    “I’m slightly cynical about the hype around cloud,” he says. “I always think it’s just another word for outsourcing really, but I think what’s interesting with Egress is it’s delivering what I’d call the true Cloud – a capability we can plug into existing infrastructures and make it work correctly.

    “Just a drop down bar in our email system, and – bam – it’s gone. So it’s bringing cloud capability in without having to move your entire hosting environment to, say, Capgemini. It really is flexible and does what it says on the tin.”

    Over the next 12-18 months, Pepper hopes to see “every single local authority in England, Scotland and Wales using the product to share with third parties”.

    To read the full Computing article, visit: http://www.computing.co.uk/ctg/feature/2234710/secure-communication-camdenstyle

    Article author – Peter Gothard

    Cloud Expo Europe 2013

    Cloud Expo Europe 2013

    Cloud Expo Europe offers a world-class conference programme, with 9 streams and 8 dedicated theatres, including top industry CTOs, important analysts and over 50 case studies. The biggest gathering of thought leaders and practitioners in Europe.

    About Cloud Expo Europe

    Cloud Expo Europe is Europe’s premier event for cloud computing organised by CloserStill Media Ltd, is in its 4th year. In July 2012 it was honoured with the prestigious Best Trade Show, Association of Event Organisers (AEO) Excellence Award. The 2012 event successfully differentiated itself by hosting five of Tech Target’s 2010 & 2011 top ten global leaders and being the only event of its kind with an independent BPA audit of its total attendance of 4,750 delegates.

    Cloud Expo Europe represents the fast-paced, dynamic and ever changing cloud computing industry; its conference content and show features continually evolve to mirror the needs of the cloud industry and those businesses implementing the latest cloud technologies.

    Gartner acknowledges SecurEnvoy as ‘one to watch’

    Gartner reviewed vendors in the two factor authentication market and acknowledged SecurEnvoy as ‘one to watch’.

    Smartphones and tablets are changing the landscape for how authentication is best performed in the enterprise. The phone-as-a-token authentication method is well-established as an alternative to legacy one-time password (OTP) hardware tokens for consumer-facing Web applications and corporate remote access.

    Although some enterprises elect to implement multifactor authentication based on their own risk analysis, others implement it because a regulatory standard or compliance objective has mandated multifactor authentication.

    Mobile devices have become, for some people, an inseparable appendage in their lives. For others, it’s a common personal and business tool that travels most places easily. The wide acceptability and abundance of mobile devices are key reasons for their consideration as an authentication token

    A key factor driving adoption of phone-as-a-token methods among business buyers is the measurable cost savings they can offer, which reduces the cost of tokens, distribution, provisioning and maintenance.

    SecurEnvoy focuses its efforts on OOB methods of authentication, using both SMS and smartphone-based applications to enable the phone as a token for a wide variety of mobile devices.

    This low-touch approach to authentication allows for rapid onboarding of new devices and user self-management of replacement devices.

     

    References: *Gartner, Inc., Market Trends: The Impact of Mobile Computing on User Authentication, Eric Ahlm, Ant Allan, August 29, 2012.

    By SecurEnvoy