Q&A: Remote access and Entrust IdentityGuard

Mike Moir is a Product Manager for the Entrust IdentityGuard solution – a versatile authentication platform that meets diverse needs for strong second factor authentication. In this interview he tackles issue related to remote access and talks about Entrust IdentityGuard.

Because of a variety of potential security risks, in your opinion, does remote access bring more problems than it solves?
No, I believe that the benefits outweigh the risks. The ability for users to access internal information remotely has become very important to an organization’s success. It improves productivity by allowing real-time access to critical information wherever a user might be. It allows an organization to locate offices and employees closer to customers while maintaining business continuity. It improves the balance between an employee’s work and personal life which contributes to a healthy work environment. Finally, it allows an organization to continue operating when affected by events out of their control, such as pandemics and other natural disasters.

What are the most signification challenges related to managing remote access in the enterprise?
There are really two key challenges in this area: First, ensuring that only valid users can access the network – so managing and verifying identities. A user name and password is simply not secure enough today; and organizations can’t depend on that to control user access. A second factor of authentication is required. An organization, of course, needs to balance the security requirement (the risk associated with a breach) with the usability of the authentication method and its costs. This can have a significant impact on the benefit that the organization derives from providing a remote access solution in the first place. A second challenge is to identify what users need to access in order to do their jobs effectively without unnecessarily allowing access to sensitive information. By only allowing access to necessary information, an organization can mitigate the impact in the case of a breach.

What is the easiest way for an organization to comply with industry and government regulations?
While complying with industry and government regulations is important, organizations shouldn’t be looking for the easiest way to comply. For most organizations their information, whether it is customer lists, technical specifications or computer source code, is at the heart of their competitive advantage. The business impact in lost competitive advantage or lost customer confidence due to a breach will in most cases far outstrip any potential fine. Organizations can approach this area with a layered security approach – matching the protection to the access level of information. An authentication platform that offers flexibility is an important first step.

Introduce the main features of the Entrust IdentityGuard to our readers.
Entrust IdentityGuard is a second factor authentication platform that protects access through remote access VPNs, Extranets such as OWA or Citrix XenApp or to Microsoft Servers and Desktops. The Entrust IdentityGuard platform provides a range of authentication choices from digital certificates, hard and soft tokens, Entrust’s unique grid card, to transparent authenticators and mutual authentication options. The platform approach allows companies to deploy the appropriate authentication methods based on the risk associated with a breach, the usability requirement of the user, and the cost. This flexible approach has allowed it to be equally successful in small businesses to federal departments with hundreds of thousands of users; it’s also a key point in rolling out authentication in a way that is cost effective for organizations because the authenticator deployed can be tailored to the type of risk in a user’s role. It’s also important that the platform is open so that new authenticators can be added as the market evolves.

How does Entrust IdentityGuard integrate with an existing environment?
Entrust IdentityGuard leverages existing corporate infrastructure such as AD to minimize administrative overhead. Entrust has tested and can be integrated with the leading VPN and extranet vendors (web portal) to ensure a seamless integration into an organization’s infrastructure. Entrust IdentityGuard is a standards-based platform, uses straightforward APIs, and therefore contributes to a much easier integration and deployment.

What differentiates IdentityGuard from other products on the market?
Entrust IdentityGuard is an authentication platform. It has the broadest range of authenticators in the market today, including our patented Grid Card. The authenticators are managed through one administrative interface allowing an organization to match authenticators to different groups within their organization. The optional Self Service Module provides a user self administration interface reducing administration overhead while improving the user experience. Finally, as an open platform new authenticators can be added as the market evolves, providing organizations with considerable flexibility as their business needs evolve.