Commerce Media Celo v2.0
Strengths: Does not require hardware purchase for tokens, uses something users already have.
Weaknesses: Takes time to get running; support and initial cost is high, but cost per user is reasonable, if closer to the 2,000 user level.
Verdict: Requires time to set up and initially configure, but is easy to use and manage after that.
SummaryCelo from Commerce Media is a tokenless, two-factor authentication product that can be deployed either as an in-house or hosted solution. It supports both SOAP and RADIUS protocols to use something you already have, instead of requiring a user to carry additional hardware. The focus of the Celo solution is to transform a mobile phone or other mobile device into a token to receive a one-time password (OTP).
The solution is delivered as software. We loaded the following modules on our test server: Celo SOAP Interface, Celo Admin web interface, Celo Radius Service and Celo Database. These modules sat on top of Microsoft IIS and .Net Framework, which we had loaded first. We also had to load an SQL server to support the database deployment.
Once deployed, the management interface was simple and easy to use. Some of the configurations to the server still require command line skills and were not totally integrated into the management user interface. The application did come with RADIUS support, but we did not see any integration with LDAP or AD for adding users to the system. Even without the integration, we were impressed with how easily we could create and manage a user via the web-based tools in the management interface. Logging and reporting were available and proved adequate for most basic management needs.
A nice benefit to both the end-user and the support staff is that password reset is achieved by the user repeating the request for a one-time password, thus eliminating the need to contact a help desk. Users can select between multiple transport methods for passwords, including SMS and email.
Documentation was installed with the application. We would have liked access to the user and admin guides prior to loading the software, but were unable to find them on the website. Basic support is provided for 60 days via the web, and upgraded options are available after that.
Once the initial setup is complete, the ongoing administration is very minimal, so the cost of operating this solution is very attractive. It requires time to set up and initially configure, but is easy to use and manage after that.