Latest news
BYOT: Bring Your Own Token
Posted on 19 April 2012.
SecurEnvoy revealed details of its latest release that gives users full flexibility of the device they use, while ensuring complete security to the organization.
At the click of a button users can have their authentication token as an SMS on a mobile, an app on a smartphone or tablet, or a soft token on a laptop – with the ability to swap between devices at will.
It addresses the trend of users demanding the flexibility to use their own device in the workplace (BYOD) and puts them in control of which device they use on a daily basis. Unlike alternative solutions, when a user upgrades their smartphone or even changes their mind, the system moves their account to the new device and automatically creates a new local seed record for it without any additional costs incurred.
As security is paramount, users can only use one device at a time. If they elect to change the device the system automatically decommissions and wipes the previous key to prevent identity splatter.
Andy Kemshall, co-founder and technical director for SecurEnvoy said, “This really does signal the end for physical tokens. For many organisations there was always a small pocket of users who either didn’t have a mobile phone or couldn’t receive SMS signals. SecurBYOT changes that as now any device, that can be used to connect remotely, can also receive and act as an authentication token. At the end of the day the user knows best how they’d like to work, and with what devices, and allowing them to administrate it themselves means fewer calls to the helpdesk. That said, if an organisation deems a particular type of device unsuitable, they still retain the right to block it."
"Finally, as we don’t believe in ripping people off, we work on the principle of one licence per user so when they change or upgrade their device the licence simply moves with them without incurring additional expense unlike some other solutions on the market that require you to percuss new soft token seeds every time a user replaces their phone. It really is the answer to secure authentication,” he added.
With SecurBYOT, SecurEnvoy has also introduced ‘group deployment’ in parallel to the original provisioning wizard. Organisations can define a single group in the company’s directory - e.g. Active Directory, Novell E-Directory, Sun Directory Server or OpenLDAP – so that anyone in the group is automatically and seamlessly provisioned. If the system already has a mobile number for the user they are sent an SMS, others are sent an email, providing the first passcode. From this point the user can log into the system and change to which token type they want to use.
By automating the process, roll out is fully automatic, scalable and fast – up to 100,000 users per hour. If a user is removed from a group, the licence is instantly freed up and can be reallocated without the need to try and get a ‘token’ returned.
At the click of a button users can have their authentication token as an SMS on a mobile, an app on a smartphone or tablet, or a soft token on a laptop – with the ability to swap between devices at will.
- Additional administration is unnecessary, and calls to the help desk reduced, as the user controls and manages the process
- There are no additional licences to purchase as the system recognises one user, not each device
- The organisation retains control to allow, or block, devices according to its policy
- SecurBYOT dances on the grave of the physical token.
It addresses the trend of users demanding the flexibility to use their own device in the workplace (BYOD) and puts them in control of which device they use on a daily basis. Unlike alternative solutions, when a user upgrades their smartphone or even changes their mind, the system moves their account to the new device and automatically creates a new local seed record for it without any additional costs incurred.
As security is paramount, users can only use one device at a time. If they elect to change the device the system automatically decommissions and wipes the previous key to prevent identity splatter.
Andy Kemshall, co-founder and technical director for SecurEnvoy said, “This really does signal the end for physical tokens. For many organisations there was always a small pocket of users who either didn’t have a mobile phone or couldn’t receive SMS signals. SecurBYOT changes that as now any device, that can be used to connect remotely, can also receive and act as an authentication token. At the end of the day the user knows best how they’d like to work, and with what devices, and allowing them to administrate it themselves means fewer calls to the helpdesk. That said, if an organisation deems a particular type of device unsuitable, they still retain the right to block it."
"Finally, as we don’t believe in ripping people off, we work on the principle of one licence per user so when they change or upgrade their device the licence simply moves with them without incurring additional expense unlike some other solutions on the market that require you to percuss new soft token seeds every time a user replaces their phone. It really is the answer to secure authentication,” he added.
With SecurBYOT, SecurEnvoy has also introduced ‘group deployment’ in parallel to the original provisioning wizard. Organisations can define a single group in the company’s directory - e.g. Active Directory, Novell E-Directory, Sun Directory Server or OpenLDAP – so that anyone in the group is automatically and seamlessly provisioned. If the system already has a mobile number for the user they are sent an SMS, others are sent an email, providing the first passcode. From this point the user can log into the system and change to which token type they want to use.
By automating the process, roll out is fully automatic, scalable and fast – up to 100,000 users per hour. If a user is removed from a group, the licence is instantly freed up and can be reallocated without the need to try and get a ‘token’ returned.
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
