PortWise’s basic tenet is to protect remote access to organisational assets via a combination of both user and device authorisation.
This principle acknowledges that users may be connecting to the host network via a variety of remote devices, including all sorts of mobile or third-party devices.
So the first step in accepting such a connection is to assess the device being used and its relevant state of security. In extreme cases, devices considered as being non-compliant may be refused entry.
Having ascertained the use of a suitable device, the user will then be authorised via either single or two-factor authentication – maybe using the connecting device itself as a token. For example, if you use a mobile phone to connect, then a one-time password may be sent to the phone to be used as part of the authentication process.
Support for BlackBerry is also provided in this context – an interesting approach as this is clearly a popular corporate tool. Similarly, wireless connection of clients via wireless access points is catered for.
Authorisation is granted or not according to in-place rules and, if all is well, the session takes place over an SSL connection. The user is then presented with a web based “application portal” from which they can choose which applications to access. This is also an interesting approach because it means a wide variety of devices can be used to access the network and run applications, without the need for specific software at the remote device.
The application portal can be customised to offer the user an appropriate set of applications according to defined access rules. At the back end, the architecture is based around the provision of interlinked services such as policy, authentication and administration.
Like many such products, its effectiveness will partly depend on the effort put into deploying it, including planning, configuration and the definition of rules. With a little imagination, however, one can foresee some interesting possibilities here – it’s clear a lot of thought has gone into the product itself.
The CD-Rom supplied for review included an impressive set of documentation in PDF format, including a nice tech note on performance optimisation, although one would always prefer a proper set of ring bound manuals. This is an interesting product that will no doubt prove extremely valuable for certain user infrastructures.