Tuesday, February 9, 2010

Securing access to apps from the office, the home, and on the road

Have been wondering about the market opportunity for low-cost authentication technology based on soft-tokens, and the provision of managed soft-token services hosted in the Cloud and deployed in a SaaS model for enterprise and public sector clients.

Perhaps soft-tokens could improve secure access to enterprise apps for business smart phone users? Or perhaps they could be used within e-Safety solutions for our children using Virtual Learning Environments (VLEs)?

The benefits of soft-tokens include
  • provide an opportunity for enterprises to reduce their cost of supporting remote access to business information
  • improve the experience and increase the productivity of the mobile workforce by optimising the usability of enterprise security for users accessing business apps on smart phones
  • increase business agility and flexibility through easier integration of soft-token technology with existing and new business systems
  • allow new markets to be opened-up where previously authentication was too expensive to implement
Mobile apps opportunity

Any CIO will tell you that putting up barriers to keep the bad guys out is a sword with two edges. The imposition of security that is cumbersome for end-users, or difficult for developers to integrate with business applications and processes, will typically result in low usage of corporate applications at best; at worst, unmanaged communities of business end-users can begin to form entirely outside of the corporate security domain, completely un-integrated with the enterprise and disconnected from the business information systems of their employers. This causes additional security headaches for the CIO and reduces the return from investments in existing business systems.

Soft-token technology has the potential to reduce the negative impact that authentication has on usability, and can enable a much improved experience for end-users who access business applications remotely and whilst on the move. Soft-token authentication is agnostic of smart phone device vendor platforms, and can be seamlessly integrated within the business smart phone user experience.

Education application opportunity

In the UK a national rollout of VLEs to schools and colleges has been progressing for a number of months. VLEs are implemented using applications such as Moodle and StudyWiz.

A consequence of VLE rollout is that more children and parents, who perhaps have no previous experience of the Internet, will suddenly be spending much more time online. Additionally, the VLE will be more accessible to parents who choose to check-up on the progress of their children from the office or whilst on the move, as well as from home with their children.

e-Safety is a UK education department initiative managed through BECTA focussing on the potential danger to vulnerable or inexperienced people who suddenly spend more time online. The e-Safety initiative runs in parallel with the national VLE roll-out and is focussed on increasing awareness amongst teachers, pupils, and parents about the potential dangers.

VLEs are currently being rolled-out with SSL authentication as the default, which one could easily argue is less than satisfactory considering the objectives of the education department’s e-Safety initiative. Soft-tokens are a more secure authentication technology than SSL. The economics of soft-tokens mean that they are an affordable mitigation for the risks associated with increased usage of VLEs, and therefore the technology could be considered as a potential solution within the e-Safety initiative.

The provision of managed soft-token services to education authorities and schools would enable improved authentication and security for parents and teachers who access the VLE from home, office, or whilst on the move and should create a much safer learning environment for our children.