The ability to run virtual desktop applications on a remote PC from a USB key isn’t new. However, not all of them have enterprise-grade security.
Nortel Networks has entered the market with a system it says allows users to safely connect to the office even from an unsecure computer, and leave no trace of sensitive data when the key is unplugged.
What Nortel calls the Secure Portable Office solution built around its VPN Gateway and an encrypted USB from Aladdin Knowledge Systems. “It’s about making easier and more secure the task of mobilizing a workforce,” said Rod Wallace, Nortel’s director of security solutions and services.
An early adopter is a hospital in England, where midwives haven been given memory keys so they can access records from patients’ homes using hospital-supplied wireless laptops.
Wallace says others who have expressed interest range from a shipping company whose customers might be able to use the keys to access its logistics system to a financial institution which is thinking of giving them to certain employees if their data centre suffers a disaster.
With news stories about companies losing customer data in laptop thefts “there is extreme interest in our customer in this from our largest accounts to small companies,” said Wallace. “You just need to look at the degree to which enterprises are considering are virtualization.”
The Nortel system works this way: After administrators set up an access system, when a user tries to be authenticated to the corporate network the remote PC is scanned to see if it has the latest security updates. If it’s OK, the user is given direct access. If not, the user is put into what Wallace calls a secure container through the virtual private network.
Data can be encrypted and stored on the key. When the key is unplugged, no trace is left on the host PC. No software needs to be installed on the remote computer.
Technologically, it’s not an earth-shattering solution, says Chris Silva, mobile infrastructure analyst at Forrester Research. Virtualization companies such as VMware and Microsoft, offer virtual desktop solutions that can be built around USB keys. Companies such as U3, MXI Security, MokaFive and others also offer a number of solutions which vary in their range of security.
But the corporate buyers responsible for remote access security are more likely to talk to VPN companies such as Nortel, Cisco Systems and Juniper Networks, Silva said, giving them an edge. On the other hand, he added, buyers might not see gateway companies as virtualization specialists.
Unlike other offerings, Silva added, Nortel’s package can create an SSL “walled garden” around the USB session, which answers some of the problems with giving full access to corporate information even over a VPN.
Nortel’s solution does need its VPN Gateway. Organizations that have it already have to upgrade to release 7.1 of the software to be able to use the Secure Portable Office option. The SPO itself is management software with a client for the key whose price ranges with the number of concurrent licences needed.
Organizations can buy their own memory keys, but Nortel partner Aladdin offers a stick with a public key infrastructure (PKI) certificate burned into it for encryption and extra security. Aladdin also sells a Windows-based software key management system which oversees authentication. It connects to an existing Microsoft Active Directory as well as Radius or LDAP, Novell X.509, RSA, SC Safeword and Entrust IdentityGuard authentication systems. Nortel Global Services is available for hire to consult on assembling a solution.
A completely new system (including purchasing of the gateway and consulting) would run about US$60,000, said Wallace. The price varies on a number of options including which of two models of gateway is purchased, the memory size of the keys, secure desktop capability and whether the PKI system is wanted.
Wallace said the package will be pitched at VPN Gateway customers, but Nortel also believes Secure Portable Office can be a differentiator when selling the gateway to new customers.
However, Silva said “it’s only a matter of time” before Cisco Systems partners with a virtualization provider like VMware to create its own USB-based solution. On the other hand, he added, buyers might not see hardware companies as virtualization specialists.