Cyber Security Industry Alliance Newsletter • Volume 1, Number 10 • June 2005

CSIA Member Spotlight

About iPass Inc.

Name: iPass Inc.

Chair/CEO/President: Ken Denman

Founded: 1996

Headquarters: Redwood Shores, CA

Worldwide Offices: London, Munich, Amsterdam, Paris, Brussels, Copenhagen, Stockholm, Tokyo, Hong Kong, Seoul, Singapore, Sydney

Number of Employees: 400

Total Revenue: $166.3 million (FY 2004)

About iPass: iPass Inc. (NASDAQ: IPAS) delivers simple, secure and manageable enterprise mobility services, that maximize the productivity of workers as they move between office, home and remote locations. iPass security services — based on unique Policy Orchestration capabilities — work to close the gaps in protecting computers, networks assets, user identities and data whenever users connect over the Internet. iPass connectivity services utilize the iPass global virtual network, a unified network of hundreds of dial-up, wireless, and broadband providers in over 150 countries. iPass services are the choice of hundreds of Global 2000 corporations including General Motors, Ford Motor Company, and John Deere. Founded in 1996, iPass is headquartered in Redwood Shores, CA, with offices throughout North America, Europe and Asia Pacific.

Areas of Specialization: Trusted Mobility services including secure remote access, systems management, secure authentication, policy orchestration and policy enforcement. iPass manages the largest remote access network in the industry, including the largest Wi-Fi network accessible through a single client. The award-winning iPassConnect universal client offers end-users a simple connectivity experience that takes the guesswork out of creating a secure connection to the Internet or the corporate network while maintaining compliance to IT-mandated policies.


Trusted Teleworking

by Kenneth Bob, V.P., Strategic Alliances, iPass

Teleworking: a concept that seems so simple. Employees are given the tools to work from home or on the road. Being able to have your work with you, wherever you are, has engendered popular tools and services like laptops and ubiquitous remote access. These tools have tremendously increased productivity for individuals, businesses and government agencies. Unfortunately, teleworking opens up new opportunities for malicious behavior that exploits this new productivity: hackers, intellectual property theft, viruses and worms, and malware.

Teleworking enabled a great advance in corporate business and will continue to add productivity to large workforces. But teleworking must come with responsible IT policies that guard against malware and bad behavior. Some simple rules should be followed to ensure that network-based assets and intellectual property are fully protected:

Password-protect devices
Today, virtually all operating systems — even those of handhelds — can enforce mandatory usernames and passwords before the device completes booting. Passwords can also protect devices that time out, like setting password protection on screensavers.

Encrypted user credentials
With the proliferation of Wi-Fi hot spots and wireless networks in general, there exists an increased threat that usernames and passwords can be intercepted in the air. This threat is mitigated by using secure authentication protocols like 802.1x and other services that encrypt user credentials during the authentication process.

Two-factor authentication
Usernames and passwords comprise partial security insurance. Adding another layer doubles the protection. Some popular methods include key fob tokens that offer a series of random passcodes only valid during regular time intervals, and device authentication which uses an end-user’s computer hardware to validate authorization.

Encrypted data transmission
Virtual private networks (VPNs) are a proven method of keeping data safe while being transmitted from a remote device to the corporate network. It is surprising how many larger corporations have failed to adopt VPNs. VPNs not only protect the data, but can also enforce Internet usage within corporate guidelines.

Anti-virus and anti-spyware
Viruses, worms and malware plague the Internet constantly, and new threats persistently arise. It’s not only important to have anti-virus and anti-spyware software deployed across the entire enterprise, it is important that the appropriate signature and definition files on every computer remain up-to-date.

Policy enforcement and systems management
New services are available to assist the IT department in ensuring that all the security measures listed above are properly set up and enforced. For example, an end-user cannot complete logging in to his corporate network unless his anti-virus software has been updated and his screensaver is set for 10 minutes and password-protected. In addition, these services can help deploy new software and upgrades, and uninstall unwanted or rogue applications. In this way, computers not physically under the watchful eye of the IT group can still be governed by consistent security policies.

Teleworking is a valuable business component, which is why these security measures exist. Some companies offer entire solutions that include all the suggestions listed here. IT analyst firms can also advise on building custom solutions. In the long-run, investment in these security measures will not only help increase productivity through teleworking, they'll also help the IT manager sleep better at night.