DeviceID: Curing IT Insomnia in an Uncertain World

Time for a Wake-up Call

Things aren't always what they seem. Today, thieves use compromised personal information to steal identities and run up huge debts in others' names. At the same time, hackers use stolen credentials to impersonate trusted users and break into company computer networks. Computing has changed—and so have the rules for staying safe.

It's this last example that gives IT administrators sleepless nights, as they find themselves pondering whether it's possible to prevent unauthorized devices from intercepting communications or hacking into the enterprise.

According to the 2004 FBI/CSI Computer Crime and Security Survey, 53 percent of respondents indicated one or more security breaches during the preceding 12 months. For those reporting dollar costs associated with these breaches, the average annual loss for each company was just over $526,000. Hackers are out there. And they want inside your network. How can you ensure that those connecting to your network really are who they say they are?

The Rude Awakening of Traditional Solutions

Multi-factor authentication is the best approach to ensuring trusted connections. That is, using more than one authentication method to establish a user's identity. However, until now each new layer of security—whether software- or hardware-based—only addresses half of the equation by authorizing users, but not verifying the identity of devices. And these incomplete solutions have come at the expense of increased administrative overhead and decreased user productivity. In addition to these drawbacks:

Software-based approaches such as digital certificates and soft tokens, while adding authentication factors, can still be copied from systems and used to circumvent security policies.

Hardware solutions such as physical tokens typically provide more security than software-based alternatives, yet are expensive maintain and prone to loss.

So how do you know with certainty that those connecting to your network really are who they say they are? Security experts insist that you must take this a step further, by ensuring that mobile users access the enterprise via trusted, corporate-issued devices that adhere to your security policies.

Gartner Research highlights this latest security requirement in its recent research note titled Update Your Security Practices to Protect Notebook PCs¹. In this timely report, Gartner analysts recommend "using a combination of remote certificates and device 'fingerprinting' to determine whether a user is connecting from a known and secured, managed company device; from a registered and known personal device; or from an unrecognized third-party device."

DeviceID: A Dream Come True for Strong Authentication

Fortunately, now there's a solution to these challenges. DeviceID™ is new, innovative and quite affordable. And it's from iPass—a trusted leader in enabling secure connections without compromise.

This patented, software-based authentication technology offers an additional layer of security to users of the iPass Corporate Access™ service. DeviceID transparently matches individual users to specific PCs and ensures that only corporate-authorized devices gain network access and that VPNs are always employed.

Security experts insist that user authentication alone isn't enough. You must also ensure that mobile users access the enterprise via trusted, corporate-issued devices that adhere to your security policies.

¹Cozza, R., Gammage, B. and Girard J. "Update Your Security Practices to Protect Notebook PCs." Gartner Research Note G00124202, November 2004.