When considering security in any area, be it IT, ATMs or even opening your own front door, there is always one weak spot: it has to involve people. Despite all the research, we are years away from being able to recognize a person's identity with 100 per cent certainty (even if using finger-printing, retinal scanning or DNA testing) in real time.
Unfortunately, the drive to encourage remote working means that more and more people need access to the corporate network, with all of the security risks that that entails: how can you be sure who the person is on the other end? One solution - or rather, preventative measure - is to simply publish only necessary information on an extranet, but even then, this can still be confidential data and a risky business.
Rainbow Technologies has tackled this problem with its NetSwift iGate appliance, which is specifically designed to secure web-based applications. This token-based authentication device is designed to sit between the web servers hosting your extranet and the firewall.
The NetSwift iGate has been designed to be as close to plug-and-play as possible: Rainbow Tech nologies claims that it can be 'dropped in' without the need for any time-consuming reconfiguration of your existing network. This gives it an advantage over many VPN solutions, which, while offering the same secure tunnel between user and corporate network, often require quite painful integration.
Installation is indeed rather painless. Rainbow Technologies has broken the process down into seven steps, and from beginning to end it takes no more than an hour. After physical connection and installation of the software, you then define the security policy for your extranet. Using the very simple Java-based management application, you add each user, and then specify their access rights to various parts of the extranet.
You can be as broad as defining entire extranets, or fine-tune it to individual web pages. The management tool also allows you to import user names from a Windows directory, which is a considerable time-saver.
All information that passes between the network and the remote user is encrypted using SSL acceleration, which is provided by Rainbow Technologies' proprietary NetSwift methodology. It can only be decrypted at the user's end if they are in possession of two things: a token (called an iKey) and a numeric pin. The token is attached to the remote user's machine via a USB port. Only while it is attached can the user access the areas of the extranet that you have protected. Without both, users are locked out.
Of course, there is always the possibility that users will either forget their PIN, or lose their iKey. Rather than forcing them to wait for another token, administrators also have the option to override two factor authentication and enable password-only access - although the encryption protocols of SSL still maintain security.
It is not just companies with a remote workforce that can benefit from the NetSwift iGate. It can be used internally to provide a 'one-stop-shop' for partitioning and securing intranets as well, with the added benefit that users only have to remember one numeric PIN (which does not have to be changed at regular intervals) rather than a host of different passwords - or, just as worryingly, one single (and crackable) password.
Documentation is extensive and very easy to follow, especially the step-by-step quick start guide, which guides you through installation in a manner that even a novice will find simple to understand.
Unfortunately, there are a few drawbacks to the product, which must be considered before plumping for the NetSwift iGate. Because it is targeted at access to web-based applications, this obviously means that your corporate data must be available in that format. If it is not, you either have to go to the trouble of creating an extranet, or decide that the NetSwift iGate is not for you and plump for a more traditional VPN-based appliance.
Furthermore, the NetSwift iGate is far from inexpensive, which must be factored in. Finally, the architecture does necessitate that the remote user can access a USB port. While USB ports are increasingly common, they are far from ubiquitous, and this may mean re-kitting your employees with newer machines just so they can take advantage of it.
Despite these minor shortcomings, the NetSwift iGate is definitely a solution worth considering if you have a large remote or mobile workforce that needs real-time access to corporate information, or you want to have a centralized internal device to manage access rights to your intranets.
iGate is designed to integrate with many of the leading business applications and methodologies that are likely to be on your network. For example, it has been tailored to take full advantage of the drive towards corporate portals: as more and more companies centralize their vital information into a website that remote employees have to access to do their jobs, the need for even tighter security becomes paramount.
The NetSwift iGate's two-part access procedure should reassure even the most paranoid CIOs. Indeed, Rainbow Technologies has been entering into partnerships with many of the leading application vendors to target the growing need for portals, customer relation management solutions, supply chain management, and the web-enablement of such corporate divisions as human resources and payroll - traditionally the most secretive parts of the company.
Hopefully, these partnerships will lead to seamless integration of the NetSwift iGate with all of your business applications and business processes - and given that the product is 'platform agnostic,' it will not matter whether you are a Windows shop or a Linux advocate.