Leading SSL VPN technology company Aventail and two-factor authentication leader SecurEnvoy are teaming up to provide remote access users with simple authentication for secure, remote access via their mobile devices.
SecurEnvoy's solution eliminates the need for separate hardware tokens or smartcards by allowing users to receive passwords directly on their mobile device for authentication to the Aventail SSL VPN.
"Partnering with companies like SecurEnvoy is fundamental to our best-of-breed strategy, which allows us to integrate with other leading solutions and give our customers a powerful and flexible overall solution for secure, remote access," said Randy Boroughs, senior director of product management, Aventail. "Also, our customers want authentication solutions that are easy to use yet incredibly secure and SecurEnvoy provides the perfect solution for today's mobile enterprise."
SecurEnvoy provides a two-factor authentication service called SecurAccess. The authentication system works similar to a token-based solution but uses a mobile phone instead of a token or a smartcard. Unlike other mobile phone authentication systems, SecurEnvoy solves the problems of SMS delays and temporary loss of signal without the need to install further software on the mobile device.
When a user attempts to authenticate on the portal page of the Aventail SSL VPN, the system automatically connects to SecurAccess and sends the required password to the user's mobile device. The user then enters their secret PIN - something they know - followed by their one time password from their phone, which is something they own. After a successful two-factor authentication the user is granted access privileges depending upon policy management rules set up within the Aventail SSL Appliance. And if the mobile device is temporarily out of range, switched off or busy, the SMS message is simply stored and re-sent.
"It's important that only trusted users are allowed access to corporate applications and resources, but passwords are at risk if they can be hijacked when an authorised user attempts to login," explained Steve Watts, sales director at SecurEnvoy. "SecurAccess two-factor authentication using a mobile phone positively identifies who is on the other end of the Aventail VPN, while eliminating the burden of carrying additional authentication hardware devices."
With this partnership, SecurEnvoy joins Aventail's best-of-breed Technology Partnership Program. In addition to SecurEnvoy, Aventail integrates with other leading global authentication technologies, including RSA Security, VeriSign, PassGo, Swivel, Thirdnetworks, and Computer Systems Engineering (CSE) Corp.