iPass touts network access policy devolution

Remote access on the edge


iPass is to take a more active role in supporting customers' network security programmes, a move that will see the company's business ultimately become more akin to facilities management than that of a corporate remote access provider.

iPass Policy Orchestration enables customers to devise more flexible security policies rather than work to a 'one size fits all' level of remote access security.

Today, employees connecting to the corporate LAN via any of iPass's dial-up, fixed Ethernet, GPRS or Wi-Fi access points go through iPass' own access authorisation procedure as well as that of the corporate, which in turn regulates their level of access to the LAN according to policy.

In Q4, iPass hopes to allow customers to defer policy administration to its own initial authorisation phase. The company will control and enforce corporate network access policy on behalf of the customer, which makes for a more flexible and more secure system, it says.

According to Ken Greene, UK technical director, Policy Orchestration will allow corporates to provide users with different facilities depending on what connection modes they employ.

"A user on a low-bandwidth dial-up might only be delivered with critical software security updates and only be given access to email," he said, "whereas that same user connecting later through a hotel LAN or a public Wi-Fi hotspot, with their greater bandwidth, might be granted access to more corporate LAN facilities and a full range of software updates."

Virtual private networks (VPNs), personal firewalls, anti-virus software, assessment and remediation, patch management, and network compliance capabilities will all come under iPass's control, Greene said, the better to protect corporate data.

"Users are increasingly connecting to base using not only company-issued and maintained notebooks but home PCs and other devices over which the IT department has no control," said Greene. "Those machines may not be running AV software or a firewall. Even if they are, are they sufficiently configured to prevent unwanted communications being sent out from the PC?"

iPass Policy Orchestration, he said, will allow corporates to block access from such 'unauthorised' systems, or at least limit how many facilities they are given access to.

However, he maintained that iPass was not in the business of telling customers what security policies to put in place, or what firewall, AV, VPN, authorisation etc. systems to use.

Corporate networks of networks

The iPass approach looks beyond the provision of remote access of travelling employees to a time when more staffers are, thanks to cheap broadband and more liberal employment regimes, are working from outside the office. At that point, the remote connections become more than short-duration links into the company network to pick up email, but remotely-maintain network peers.

And since these users will need greater levels of access than someone making an ad hoc connection might, corporates' attitude to remote access and the network policies around it has to change. Just as the Internet is made from an array of individual but connected LANs, so too can corporate networks.

Get enough of these remote yet fully connected workers out there, and your remote access contract becomes more of an infrastructure and network management outsourcing deal, and that's effectively how iPass is increasingly pitching its business.

Policy Orchestration has applications beyond the corporate sphere. An ISP connected to a host of subscribers isn't so very different from a corporation connected to a host of remotely working employees. Public pressure - not to mention legislation - could yet force ISPs to take a more active role in enforcing security at the subscriber level. They can offer punters AV software and firewalls, but today they can't enforce or control their use, either to make life easier for non-technical users or to ensure no one can claim their subscriber network contains zombie PCs.

Greene said iPass isn't actively targeting ISPs and other service providers, but they could form the basis for a large addition to the company's customer base should it choose to push its technology in that direction. Policy Orchestration provides it with an opportunity to do so. ®

Related stories

Deutsche Telekom to unite 'half the world's Wi-Fi hotspots'
Report raps Wi-Fi providers for 'location inflation'
Cometa crash bursts hotspot bubble?
European workers take to the streets
Wi-Fi biz gears up for roaming offensive
iPass aggregates T-Mobile US hotspots
iPass aggregates Swisscom hotspots


Other stories you might like

  • Dog forgets all about risk of drowning in a marsh as soon as drone dangles a sausage

    It's not the wurst idea in the world

    Man's best friend, though far from the dumbest animal, isn't that smart either. And if there's one sure-fire way to get a dog moving, it's the promise of a snack.

    In another fine example of drones being used as a force for good, this week a dog was rescued from mudflats in Hampshire on the south coast of England because it realised that chasing a sausage dangling from a UAV would be a preferable outcome to drowning as the tide rose.

    Or rather the tantalising treat overrode any instinct the pet had to avoid the incoming water.

    Continue reading
  • Almost there: James Webb Space Telescope frees its mirrors and prepares for insertion

    Freed of launch restraints, mirror segments can waggle at will

    NASA scientists have deployed mirrors on the James Webb Space Telescope ahead of a critical thruster firing on Monday.

    With less than 50,000km to go until the spacecraft reaches its L2 orbit, the segments that make up the primary mirror of the James Webb Space Telescope (JWST) are ready for alignment. The team carefully moved all 132 actuators lurking on the back of the primary mirror segments and secondary mirror, driving the former 12.5mm away from the telescope structure.

    Continue reading
  • Arm rages against the insecure chip machine with new Morello architecture

    Prototypes now available for testing

    Arm has made available for testing prototypes of its Morello architecture, aimed at bringing features into the design of CPUs that provide greater robustness and make them resistant to certain attack vectors. If it performs as expected, it will likely become a fundamental part of future processor designs.

    The Morello programme involves Arm collaborating with the University of Cambridge and others in tech to develop a processor architecture that is intended to be fundamentally more secure. Morello prototype boards are now being released for testing by developers and security specialists, based on a prototype system-on-chip (SoC) that Arm has built.

    Arm said that the limited-edition evaluation boards are based on the Morello prototype architecture embedded into an Armv8.2-A processor. This is an adaptation of the architecture in the Arm Neoverse N1 design aimed at data centre workloads.

    Continue reading

Biting the hand that feeds IT © 1998–2022