SecurEnvoy makes the use of dedicated tokens superfluous
Date: Nov 18, 2013
Guest post: Johann Baumeiste, CIOL
There is continuous demand for mobile access to centrally stored information. More and more employees want and need access to corporate data when on the move. For this purpose, one usually uses VPN or similar secure channels. To make sure the connection is secure, traditional authentication methods are used.
But, as is already widely known, a simple access security measure such as a username and a password can hardly be classified as safe. In order to make access safer, there should be a double layer of security – two-factor authentication. For this, a combination of “knowledge” (password) and “possession” (hardware token) is usually used. This combination of different criteria (2-factor) provides the best possible security.
Tokens are considered to offer greater security, but have the disadvantage that they must be procured, distributed and administered. In addition, small tokens can be lost or stolen. To circumvent this disadvantage, SecurEnvoy uses common devices such as mobile phones or smartphones as tokens in its SecurAccess authentication method.
As with a hardware token, the user receives an access code that is sent to the phone. There is also less risk of loss or theft than with a dedicated hardware token, as the absence of their mobile phone or smartphone would be noticed very quickly by most users.
The SecurAccess architecture is based on a radius access server, which serves as the starting point for user authentication. The software itself is easy to use and understand. The access data and all other information are stored in existing directories, such as Microsoft Active Directory or Novell eDirectory.
SecurEnvoy supports all common directory systems: as well as the Active Directory and eDirectory already mentioned, compatible systems also include the LDAP Directories, Open LDAP, the Sun Directory Server and Lightweight Directory Servers.
SecurAccess can send the access code to the user via various channels, such as to a mobile telephone via SMS or as a smart token using a special app for smartphones. As already mentioned, these various channels involve the use of various technologies to make the access code available. Furthermore, the security tool enables a wide range of code types and validity periods to be utilised. SecurAccess uses the term ‘token type’ in this context.
One of the special features of SecurAccess is this wide range of communication channels and token validities. SecurEnvoy thereby aims to cater for all manner of scenarios.