iPass is updating its software to work with customers' existing security policies on virtual private networks (VPNs), personal firewalls and anti-virus software.
Policy Orchestration will be built into iPass' connectivity platform and is an extension of a previous addition where laptops are patched to a defined security level before they are allowed access to corporate applications. Now iPass wants IT managers to use its software to front all Internet access by remote users.
"One of the things that is impressive about this announcement is that iPass has spent a lot of time integrating every possible security client you can run on a laptop," says Abner Germanow, program manager at IDC. It is working with 45 security vendors to make its remote-access service integrate better with each, but is still ironing out the kinks, said the company's CTO, Roy Albert.
"We are in a good position to step up to the front of the orchestra and conduct it," said Ken Greene technical director, for iPass in Europe. "End-point policy management prevents VPN connections unless a device meets the security policy. This is earlier in the process."
Endpoint self-quarantine uses a personal firewall to ensure users' PCs adhere to corporate security policies as they attempt to surf the Internet or connect to their corporate VPN. The feature allows IT managers to control the level of access. For example, users might be denied access to the VPN without the latest Microsoft security patch, but still be allowed to surf the Internet. Dynamic policy retrieval lets sysadmins decide how all users access the corporate network directly from their desktop. Today, all policy changes go through the iPass trouble ticket system.
The iPass assessment verification feature confirms a user's system is up-to-date and if it's not, the correct security patch is automatically sent to the machine. Whereas endpoint self-quarantine merely blocks access if a user does not meet policy, assessment verification works to remedy the non-compliance.
The coordinated enforcement feature specifically addresses VPN access policies at the customer's network -after a user might have already gone through the endpoint self-quarantine process. It uses Cisco's Network Admission Control and Microsoft's Network Access Protection to block access to a VPN if a user's PC is not configured correctly or is infected.
Two existing policy enforcement features, called SecureConnect and continuous policy enforcement, will also fall under the Policy Orchestration umbrella. Before a user authenticates on the iPass network, SecureConnect checks a laptop is running specific security software, not necessarily looking for a policy, but an application. And continuous policy enforcement means a company's policy will be applied while someone is connected. For example, if the security policy says a personal firewall must be on throughout a connection, this feature will disconnect users if they shut down their firewall.
"Making sure that each user connection is safe is quite challenging," IDC's Germanow said. But he added that iPass had done a good job of it.
iPass is not the only service provider to offer integrated policy management tools. In February, competitor GoRemote Internet Communications (formerly Gric Communications) announced its Total Security Protection. Fiberlink also offers its remote-access customers a brand of integrated policy enforcement. All three offer remote-access services to enterprise users worldwide.
iPass has tended to win on coverage (see iPass wins pissing match) but in response to GoRemote's end-to-end service usually suggests that users prefer a product that integrates other vendors' components.
The new security features will be rolled out over the next few months. Which will be integrated with its standard corporate access service and what the cost of the others will be per month, has yet to be decided. Other security clients integrated by iPass include those from vendors including AppGate, Cisco, Check Point, ISS and Mobile Automation.
Read up on iPass's strategy in our interview with European vice president Doug Loewe.