At the click of a button users can have their authentication token as an SMS on a mobile, an app on a smartphone or tablet, or a soft token on a laptop – with the ability to swap between devices at will.
- Additional administration is unnecessary, and calls to the help desk reduced, as the user controls and manages the process
- There are no additional licences to purchase as the system recognises one user, not each device
- The organisation retains control to allow, or block, devices according to its policy
- SecurBYOT dances on the grave of the physical token.
It addresses the trend of users demanding the flexibility to use their own device in the workplace (BYOD) and puts them in control of which device they use on a daily basis. Unlike alternative solutions, when a user upgrades their smartphone or even changes their mind, the system moves their account to the new device and automatically creates a new local seed record for it without any additional costs incurred.
As security is paramount, users can only use one device at a time. If they elect to change the device the system automatically decommissions and wipes the previous key to prevent identity splatter.
Andy Kemshall, co-founder and technical director for SecurEnvoy said, “This really does signal the end for physical tokens. For many organisations there was always a small pocket of users who either didn’t have a mobile phone or couldn’t receive SMS signals. SecurBYOT changes that as now any device, that can be used to connect remotely, can also receive and act as an authentication token. At the end of the day the user knows best how they’d like to work, and with what devices, and allowing them to administrate it themselves means fewer calls to the helpdesk. That said, if an organisation deems a particular type of device unsuitable, they still retain the right to block it."
"Finally, as we don’t believe in ripping people off, we work on the principle of one licence per user so when they change or upgrade their device the licence simply moves with them without incurring additional expense unlike some other solutions on the market that require you to percuss new soft token seeds every time a user replaces their phone. It really is the answer to secure authentication,” he added.
With SecurBYOT, SecurEnvoy has also introduced ‘group deployment’ in parallel to the original provisioning wizard. Organisations can define a single group in the company’s directory - e.g. Active Directory, Novell E-Directory, Sun Directory Server or OpenLDAP – so that anyone in the group is automatically and seamlessly provisioned. If the system already has a mobile number for the user they are sent an SMS, others are sent an email, providing the first passcode. From this point the user can log into the system and change to which token type they want to use.
By automating the process, roll out is fully automatic, scalable and fast – up to 100,000 users per hour. If a user is removed from a group, the licence is instantly freed up and can be reallocated without the need to try and get a ‘token’ returned.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.