With financial results now published SecurEnvoy grows its pressence in the USA further with more expansion planned.

Against an industry backdrop of reducing revenues and job losses, SecurEnvoy expand and continues recruiting and expanding. This office in New York (373 Park Ave South, New York, NY 10016) is SecurEnvoy’s commitment to the region and expansion on the East Coast.

As the remote access market accepts the tokenless invention that SecurEnvoy brought to market over ten years ago, so more new clients join to enjoy the savings, speed of deployment and reduced management overhead that tokenless two factor authentication provides.

SecurEnvoy and AEP Networks have combined their SecurAccess mobile phone based tokenless® two-factor authentication and LanProtect™ corporate remote access technologies and domain experience to create a simple and highly secure solution for remote access users.

Passwords aren’t strong enough to protect company data from the other three billion users online. Two factor authentication provides the strength of security needed, but usually requires managing tokens. By leveraging something the user already has, their mobile phone, SecurEnvoy’s SecurAccess allows a seamless and cost effective solution for two factor authentication to be implemented.

Whether your applications are running on a mix of Windows 2003, 2008, Citrix XenApp, XenDesktop, VMware View, Web Servers, 3270 Mainframes, or other server types, AEP Networks’ LanProtect™ solution can publish any application to any client device, including iPad and Android tablets, with powerful user-based access control. Powered by the mature Netilla® operating system and part of the Ultra Protect product line that also includes cloud-based remote access services, LanProtect™ has been implemented globally by both mid-to-large enterprise customers as well as government agencies.

“Having a strategic relationship with SecurEnvoy will allow both companies to work together offering what the marketplace really requires in authentication.  I am sure that working with SecurEnvoy will provide a strong and lasting partnership and provide a unique offering to customers globally”

 Daniel Mothersdale VP Global Sales & Marketing

<more>

About SecurEnvoy:

SecurEnvoy is the trusted global leader of Tokenless® two-factor authentication. SecurEnvoy lead the way as pioneers of mobile phone based Tokenless® authentication.

Their innovative approach to the Tokenless® market now sees millions of users benefitting from their solutions all over the world. With users deployed across five continents, their customers benefit from significant reduced time to deploy and a zero footprint approach means there is no remote software deployment and administrators enjoy the management tools allowing them to rapidly deploy up to 100,000 users per hour.

With its channel centric approach, SecurEnvoy continues to expand its revenue and profitability year on year with customers in Banking, Finance, Insurance, Government, Manufacturing, Marketing, Retail, Telecommunications, Charity, Legal and Construction.

Headquartered in Theale, UK.

About AEP Networks:

AEP Networks offers world leading technology that allows IT departments to connect their end users to their corporate applications as securely and reliably as possible. These solutions are designed to not only provide high levels of security but are the fastest to implement and offer the most flexible licensing options for cloud-based infrastructures. Users that connect to their corporate applications using Virtual Desktop Infrastructures (VDI) such as Citrix, VMWare or Microsoft Terminal Services are increasingly requesting to connect using a wide variety of devices such as their home PCs, public PCs in airports and even tablets. While these devices can significantly increase overall user productivity, they present a significant security and compliance risk for organisations.

Headquartered in Loudwater, UK.

A quarter of a million Twitter users have had their accounts compromised in the latest of a string of high-profile internet security breaches.

Twitter’s information security director Bob Lord said about 250,000 users’ passwords had been stolen, as well as usernames, emails and other data.

Affected users have had passwords invalidated and have been sent emails informing them.

The quandary however is you still have to be careful! If you get hold of one of these emails because, it could equally be a phishing attack, it could be someone pretending to be Twitter which in turn makes this situation even worse!

After the event it’s always too easy to point and suggest how this could have been avoided, but its still the case that proving the identity of the user is paramount. Using two factor authentication is the only way to insure the user is who they say they are. Its our opinion, as the inventors of tokenless authentication, to suggest the quickest, easiest and cheapest route is by using what you already have in your pocket – your mobile/cell phone. An SMS sent to your mobile, or using our app on a smart device or even a voice call to a landline, combined with a username and password the user already has, together provides the authentication needed to prove their identity in our online age.

More

http://www.bbc.co.uk/news/technology-21304049

In both Northern and Southern hemispheres emergencies arise and more often than not, unexpectedly.

This season we know the risk of disasters more than most other times of the year and yet it always hits us as a surprise and a period of stunned numbness hits a nation. Whether that’s getting emergency supplies to a disaster area, rebuilding broken infrastructure or getting food on the shelf; in every region we seem to get caught out!

In our industry we brought a product to market, SecurICE, (ICE relating to ‘in case of emergency’) to assist businesses and organizations to plan ahead – almost an insurance policy – ready for the ‘known unknown’ to strike. We know it will strike, we just don’t know when and by how much?

Don’t wait until the next occurrence comes along and catches you out again, make emergency access available for all workers and allow them to work from wherever its safe. Escape the flood, the bush fire or bad weather and work where its safest. It really isn’t expensive and does get the message to the recipients that they should stay away, they should be safe and work remotely.

We believe if you can send instructions, out of band (OOB) to a recipient with details of  why they should stay away from the office, how to access remotely and then add the two factor authentication code to this message; then remote access can work anytime. The end user simply clicks onto the link they are sent, provides their usual username and password and then to prove its them, use the 6 digit code that was provided in the message to gain secure remote access; quickly and easily.

For more information of the SecurEnvoy innovation SecurICE click here.

Although some enterprises elect to implement multifactor authentication based on their own risk analysis, others implement it because a regulatory standard or compliance objective has mandated multifactor authentication.

Mobile devices have become, for some people, an inseparable appendage in their lives. For others, it’s a common personal and business tool that travels most places easily. The wide acceptability and abundance of mobile devices are key reasons for their consideration as an authentication token.

A key factor driving adoption of phone-as-a-token methods among business buyers is the measurable cost savings they can offer, which reduces the cost of tokens, distribution, provisioning and maintenance.

SecurEnvoy focuses its efforts on OOB methods of authentication, using both SMS and smartphone-based applications to enable the phone as a token for a wide variety of mobile devices.

This low-touch approach to authentication allows for rapid onboarding of new devices and user self-management of replacement devices.

References: *Gartner, Inc., Market Trends: The Impact of Mobile Computing on User Authentication, Eric Ahlm, Ant Allan, August 29, 2012.

Customers will be able to access cloud solutions, such as Google Apps, Office365 and Salesforce.com, through PasswordBank’s single-sign-on platform, using SMS messages for two-factor authentication. This partnership delivers business-grade security, without requiring users to carry a physical token at all times.

Steve Watts, Sales Director of SecurEnvoy, said, “A major benefit of cloud technology is that it frees employees from their workstations, and gives them access to the tools they need, wherever they are and whenever they need it. Knowing how important security is, many companies implement two-factor authentication to ensure that they always know who is accessing their systems at any time. But forcing users to carry tokens around with them (and not letting them login if they don’t have them) defeats the point. By combining the freedom of using SMS messages as the second factor, with the flexibility of the cloud, suddenly workers really do have the freedom they need.”

Dennis Lee, VP of Technology from PasswordBank said, “We have enabled two-factor authentication with tokens for some time, but our clients are starting to demand solutions that are cheaper to implement and deliver more flexibility. By offering the tokenless solution from SecurEnvoy, we can meet the demands from our customers – and we can implement it with our current systems easily.”

What is two factor authentication?

Two factor authentication (2FA) is a way of verifying a person is who they say they are. It requires the combination of two out of three possible factors – something you know – so a username, password or PIN; something you have – a credit card or token, and something you are – fingerprint. The combination of a username and password does not constitute 2FA as it is two types of the same factor.

Authentication tokens, first used over 20 years ago, generate a one time passcode (OTP) which can be entered as part of a 2FA process. They are different to PIN numbers, which are static, as they change every time and will expire within a set time. However, unlike the original physical tokens of the 80s, today OTPs can be generated by apps on a smartphone or sent via SMS making their use not only easy, but also practical.

ENDS

About SecurEnvoy

SecurEnvoy is the trusted global leader and inventor of Tokenless® two-factor authentication. SecurEnvoy leads the way as the pioneer of mobile phone based Tokenless® authentication. SecurEnvoy’s innovative approach to the Tokenless® market now sees thousands of users benefitting from the solutions all over the world. With users deployed across five continents, customers benefit from significant reduced time to deploy, and a zero footprint approach means there is no remote software deployment and administrators enjoy the management tools allowing them to rapidly deploy up to 100,000 users per hour.

With its channel centric approach, SecurEnvoy continues to expand its revenue and profitability year on year with customers in Banking, Finance, Insurance, Government, Manufacturing, Marketing, Retail, Telecommunications, Charity, Legal, and Construction. Its partners include, Sophos Astaro, Juniper, Citrix, Fortinet, Sonic Aventail, Cisco, Checkpoint, Microsoft, F5 and others.

For more information on SecurEnvoy please visit www.securenvoy.com

About PasswordBank

PasswordBank provides a unique Identity-as-a-Service (IDaaS) platform, a new approach for secure access to corporate identity in today’s complex and hybrid IT environments (Cloud and On-premise). PasswordBank IDaaS platform provides Identity and Access Management (IAM), Federated Identity, Hybrid Single Sign-On (Enterprise and Web SSO) and Privileged User Management delivering the solution in three modes (SaaS, On-Premise and Hybrid) for Mac, Windows and Linux users.

PasswordBank is headquartered in Silicon Valley with customers and offices in North America, Europe, Asia and Latin America. The company has a partnership with Oracle as its E-SSO Partner for Non-Windows platforms.

For more information, visit www.passwordbank.com

Last month, organisations received an enormous wake-up call – news of the largest cyber-attack ever on a state government in the US. While the fact that breaches still occur is almost to be expected, it’s the magnitude of what the criminals stand to make from the data stolen that beggars belief. Is there any way to stop criminals profiting from our information?

For anyone that missed it, the South Carolina state computer system hack is notable for the volume of data – 3.6m social security numbers plus 387,000 credit plus debit card credentials – that were stolen. Cybercriminals can use this data to create cloned payment cards, apply for credit, and even open bank accounts in the victim’s name. While on the face of it that might seem limited, when you work out that with a conservative $3.00 rate per set of card information stolen, the cybercriminals stand to make more than a million dollars simply for selling on the credentials they stole is this single haul.

The sad reality is that attacks on third-party credentials – which can be used in identity theft frauds – are fast becoming a global cybercriminal commodity business.

What went wrong? Fundamentally, the computer system was left unprotected. According to reports, the perpetrator first infiltrated the Department of Revenue computers in August, snooped around a couple of times, and then simply downloaded the records. And it’s as simple as that!

Criminals are patient creatures. They’ll conduct reconnaissance missions, from the safety of their lair, using an automated set of hacking tools to probe likely IP addresses on the Internet. Once they’ve identified an inadequately protected gateway, they’ll sneak in, scout around, and they’re off with the goods. A bit like a cat burglar but with less risk of detection and often far greater rewards.

It would be wonderful to say that attacks of this nature are rare but unfortunately that simply isn’t true. In the US 11 state tax agencies have experienced breaches since 2005. And of course it’s not just the tax agencies that have been breached as numerous US government agencies have also been breached. And it’s not just the US as the UK’s NHS has itself lost 1.8 million sets of patient records in the last year alone. What it all means is there is a big question mark hanging over the security of government systems.

What can be done? The fact that government – at both local and national levels – is short of money in these straightened times means the problem can’t be solved whatever the cost. That’s the sad reality. Instead organisations need to introduce effective security precautions.

Databases, and the gateways they hide behind, are typically opened with simple credentials – the combination of a user name and password. We’ve said this before but it’s worth reiterating that automated password cracking software can perform 100 million checks per second – that equates to a four character password being cracked in 0.16 seconds; a six character password in 11.4 minutes; and an eight character password in just 32 days. Industry opinion is that this is vastly inadequate.

The long and short of it is organisations are duty bound to add a decent level of security. Fundamentally this is two things – decent encryption and industry standard two factor authentication (2FA).

The security foundation stone is 2FA as all security systems sit on top. If you can’t verify the identity of the person gaining access, given that they can be anyone on the internet, then everything else is superfluous.

True 2FA is the combination of two, of a possible three, elements:

• Something you know – such as a pin or password
• Something you own – such as a key, token or the chip embedded in a credit card
• Something specific to the person – such as a fingerprint, or retina

It’s worth clarifying at this point that entering certain characters from a memorable phrase does not constitute 2FA – it’s still something you know, albeit a little more complex.

Conversely, while something specific to the person – or biometrics as it’s widely referred – is considerably more foolproof, it requires hardware, which often makes this element a non-starter.

It’s not surprising, therefore, that when introducing 2FA, it is the first two elements that are the most common combination employed. In the real world we regularly use Chip and Pin to make a purchase in the high street, or withdraw cash from an ATM. Quite simply this is 2FA in action in the real world.

That said, it’s important to remember that not all 2FA systems are the same. Clever companies have realised that it’s the end user who is ultimately in control and are introducing systems that allow organisations to offer strong authentication with end user flexibility. Any device that can be connected to the internet can act as an authentication token – an SMS on a mobile, an app on a Smartphone or tablet, or a soft token on a laptop – with the ability to swap between devices at will.

This is what is referred called ‘tokenless’ two-factor authentication (2FA), such as that offered by SecurEnvoy’s SecurAccess solution, and it secures an IT interaction with `something you have’ (the handset) and `something you know’ (the challenge authentication data) across an easy-to-use system (the mobile network.)

Implementing tokenless 2FA is a very easy and low-cost way of securing access to large data repositories in the public sector, both with employees and members of the public, where appropriate. With every practically every pocket now containing a mobile phone, the chances of a user not having their ‘token’ with them at the point of entry is unlikely.

While we might not be able to stop criminals looking for data, especially when it’s such a valuable commodity, organisations have a responsibility not to make it easy for them.