Secure telework without a VPN

Mobile authentication tool ensures no trace of an end user’s session remains on the user's machine

How to provide a secure telework environment without much overhead? That was the question facing Octagon Capital, a Toronto brokerage firm that ended up choosing an unusual hardware-and-cloud service from Route1.

Route1, also of Toronto, sells MobiKEY, a user authentication device that looks like a thumb drive. Users simply insert this USB device into any Internet-enabled computer, type in their passwords, and they can securely pull up all of the applications and data from their desktops. MobiKEY works from home, a client’s office or even an Internet café.

The MobiKEY device ensures that no trace of an end user’s session remains on the computer that is used, and it encrypts all communications between the computer and the desktop machine in the office. It can be integrated with other smart card technologies such as the U.S. federal government’s HSPD-12 identity cards.

Where MobiKEY saves companies money is that it eliminates the need for them to buy VPN hardware or software. The company simply installs the MobiKEY host software on an employee’s desktop computer, and the employee can access the applications and information from any other computer by typing in two layers of password protection.

“Through MobiKEY we didn’t need to set up any VPN,” says Iman Azghar, manager of IT at Octagon Capital. “MobiKEY is the best solution for us because it is very simple installing it – users can do it themselves—and troubleshooting it is very simple.”

The lack of overhead is important for Octagon Capital, which has 80 employees in Toronto, Calgary, Vancouver and Boston. The firm has an IT shop of two full-time and one part-time person.

Route1 officials say MobiKEY is more secure than traditional VPNs, which are often the source of security breaches. Indeed, unsecure remote access is one of the most common ways that hackers get into corporate networks in order to steal data.

“We’ve never had any security issues,” Azghar says, adding that a hacker would get only four attempts to guess a MobiKEY password before the system would lock up.

How to deck out your home office

Tanieu Tan, director of marketing for Route1, says other hardware-based telework solutions aren’t as secure as MobiKEY.

“Our PKI infrastructure has proven to be impenetrable,” Tan says. “That’s why banks, enterprises and multiple government agencies around the world use it.”

With MobiKEY, Octagon Capital employees can access their Microsoft Word, Excel and Outlook as well as human resources and trading applications. Octagon Capital has a Multi Protocol Label Switching (MPLS) network from Telus.

“I use the MobiKEY almost every day,” says Michael Ohnona, an investment advisor with Octagon Capital. “It’s very simple to log on. It feels just like I’m working at the office because I have access to the same applications. The real benefit I find is when I have access to my work computer when I’m on vacation or at my client’s office.”

Ohnona says clients are impressed when he can access their files while he’s sitting in front of them. With a traditional VPN solution, it would be more difficult for him to get through his client’s firewall settings to pull up the information, he says.

“With MobiKEY, the computer I use is irrelevant as long as it has a USB port,” Ohnona says.

MobiKEY also saves employees from lugging around laptops on business trips.

“I don’t carry my laptop,” Azghar says. “I just have my MobiKEY. If I’m visiting friends, I can access my desktop because everybody has a USB port and an Internet connection.”

Should an employee leave the firm or a device gets lost, Octagon Capital can disable MobiKey immediately.

Octagon Capital spends $24 per user, per month for the MobiKEY system, which is sold as a cloud-based network infrastructure service.

The alternative for Octagon Capital would be managing a complex VPN system or a desktop virtualization offering from a vendor such as Citrix.

“I’d have to get two Citrix servers for redundancy, configure the firewalls for ports in and out, and in addition some applications may not be running well on Citrix and then remote users would not gain access to their desktops at work,” Azghar says.

Azghar can’t think of a downside with MobiKEY, which is not only the company’s telework solution but its disaster recovery solution, too.

“It’s very handy. It’s very easy to use. It’s very easy to troubleshoot,” she says. “I don’t have to be at my computer to troubleshoot it. I just ask the user two questions, and I know what the problem is.”

It’s not just small companies that are interested in MobiKEY. Qwest is reselling MobiKEY to U.S. federal government agencies for telework and business continuity applications.

“The Department of Homeland Security is a big customer and user of MobiKEY,” says Diana Gowen, senior vice president and general manager of Qwest Government Services in Arlington, VA. “It’s relatively new technology…and we have an exclusive relationship with Route1.”

Gowen sees potential for MobiKEY to help agencies not only provide telework opportunities but to prepare for pandemics and natural disasters. The issue, she says, is to get beyond the federal government’s cultural resistance to work-from-home arrangements.

“There are many federal employees who don’t want to work from home. They don’t want to take a laptop home,” she says. “The technology is there, it just has not been as rapidly adopted as in the commercial sector.”

Join the CSO newsletter!

Error: Please check your email address.

Tags securityauthentication

More about Citrix Systems Asia PacificExcelImanMicrosoftQwestTelus

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Carolyn Duffy Marsan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts