Homepage iPass newsroom

iPass policy orchestration to strengthen secure mobile connectivity

Announcement posted by iPass 20 Jul 2004

Enhanced iPass platform focused on closing gaps in protection by further coordinating, controlling and sequencing the use of enterprise security systems over all Internet sessions
iPass Inc. (NASDAQ: IPAS) is working to change the way enterprises will secure their corporate endpoints, networks and data with iPass Policy Orchestration.
iPass envisions Policy Orchestration as a layer of software intelligence built into the iPass connectivity platform that will permit iPass services to control and enforce use of enterprise policy-based security systems, such as virtual private networks (VPNs), personal firewalls and anti-virus software, assessment and remediation, patch management, and network compliance capabilities.
iPass is designing Policy Orchestration to enable easy-to-manage, comprehensive and coordinated protection of critical business assets over all remote and mobile Internet and corporate connections. iPass expects to offer Policy Orchestration-enabled services, currently under development, in the fourth quarter of 2004.
iPass Policy Orchestration will be facilitated by tightly integrating iPass virtual network architecture with leading policy-based security systems across the broad spectrum of iPass Alliance technology partners. Leveraging both platform and partners, iPass intends to introduce service features that act to protect endpoints beginning before a user attempts an Internet connection. The company expects these features will ensure that proper vulnerability assessment and remediation take place, verify that endpoints are in a trusted state before being allowed Internet or corporate access, and maintain policy controls throughout the connectivity session.
Enterprises have a ton of intellectual property on their network, notebooks and PDAs, says iPass CEO Ken Denman. Its no longer enough simply to keep mobile workers connected; enterprises must also secure multiple points of vulnerability in the connection process from the users device to the corporate network, and the data flow between them. Enterprises must be aware that many tools exist to protect these assets and are often used improperly, inconsistently or not at all.
Just as the multiple sections of an orchestra require a conductor in order to play in harmony, secure connectivity requires integrated coordination of multiple policy-based systems to truly protect the endpoint, user credentials, data stream and the corporate network. Within the iPass platform, the award-winning iPassConnectTM universal client will serve as this policy conductor controlling the connectivity state of the endpoint device, while monitoring and coordinating proper execution of these policy-based systems.
We are developing iPass Policy Orchestration to address gaps in security by enforcing proper use of a companys chosen endpoint and network security systems over connections, adds Denman. Because iPass has a flexible software-based platform that allows deep technical integration with third-party systems, and the ability to control the on-ramp to the Internet, iPass is uniquely situated to enable a secure enterprise connectivity solution.
iPass believes that Policy Orchestration will offer key advantages over conventional enterprise secure connectivity solutions, including:
Direct technical integration: Engineering work by iPass and its technology partners will create the ability for third-party security systems to interoperate with the iPass connectivity platform in a way that gives iPass the ability to coordinate, control and sequence their operation. This technical integration can remove gaps inherent in a bundled approach to secure connectivity, where multiple security products operate in their own silos alongside a connectivity service.
Endpoint protection over every Internet session: iPass seeks to proactively enforce endpoint protection from the moment a user requests an Internet connection to when the session is terminated, whether or not the user attempts to access the corporate network. Policy Orchestration will work to keep the endpoint from being compromised in the first place, thereby maximizing workforce productivity while protecting both endpoint and network assets.
Simplified policy administration: iPass policy-orchestrated services will integrate with a customers existing authentication, directory and identity management systems, allowing the IT department to directly control policies rather than support multiple databases, or a duplicative infrastructure.
Vendor-neutral approach: iPass has consistently integrated with multiple leading solutions in each segment of the secure connectivity market, ensuring interoperability and coordination of a companys existing custom security architecture and ultimately lowering total ownership costs.
Today, nearly 40 companies comprise the iPass Alliance technology partner program, including leading personal firewall, anti-virus, VPN, network access compliance, and endpoint assessment, remediation, and patch management vendors. The technical integrations resulting from these partnerships enable iPass services to fit seamlessly into each customers particular IT environment. iPass partners include dozens of name-brand security and connectivity leaders, including Cisco, Nortel, Intel, Check Point, Microsoft, Symantec, Network Associates, Sygate and others.
iPass recognizes that secure connectivity solutions must combine robust remote and mobile access methods. Moreover, policy enforcement is needed to protect user identities, endpoint assets, the corporate network, and session data. From a management standpoint, all this complexity should be largely transparent to users and IT staff, said Chris Christiansen, vice president of IDCs Security Products program. The iPass vision for Policy Orchestration treats all of these aspects as components of a coordinated system. This offers customers network coverage, security, and zero-tolerance management control in a single package.
In 2004, IDC estimates that enterprises and government agencies will spend over US$25 billion worldwide on IT security software, hardware, and services. IT departments will also spend additional time and money in the deployment and management of these systems. Rather than blindly providing Internet and corporate connections and assuming proper operation of security systems, iPass seeks to integrate these critical components into a single solution that can maximize a customers return on this hefty investment. Beyond merely knowing that these systems are deployed, iPass Policy Orchestration is being designed so that iPass customers will have visibility into the active use of their security tools, as well as the health of their mobile endpoints, and will gain confidence that both their endpoint and network assets are being proactively protected.
Endpoint and network security have become complex, fragmented, and difficult to control, says Roy Albert, iPass CTO. The conventional approach which is to bundle together numerous endpoint security products with a connectivity service and hope they all get used correctly does not provide the level of security that we believe our customers want and deserve. Technical integration is not something simply achieved by signing a reseller agreement. Security products are not natively aware of the endpoint connectivity state, and the connectivity service doesnt know if these security products have executed properly. The iPass Policy Orchestration vision is to actively combine knowledge of the user, the access network, the endpoint connectivity state, and the endpoint trust state into a single unified process to protect endpoints and enterprise networks.
iPass expects to begin offering Policy Orchestration-enabled services in Q4 2004. Future services expected in the Policy Orchestration roadmap include:
Feature
Benefit
Endpoint self-quarantine
Provide better endpoint protection by restricting PC access to those hosts necessary for the policy enforcement process.
Dynamic policy retrieval
Streamlines management by enabling connectivity policy changes to be effected directly from enterprise directory and identity management systems.
Assessment verification
Ensures closed-loop confirmation of successful health check and patching prior to allowing unrestricted Internet access.
Coordinated enforcement
Endpoint not allowed corporate VPN access without iPassConnect signoff.
About iPass
iPass Inc. (NASDAQ: IPAS) delivers enterprises simple, secure and manageable connectivity services for mobile workers as they move between office, home, and remote locations. iPass combines its global network of dial-up, Ethernet and the worlds largest Wi-Fi footprint with support for campus wireless LANs and home broadband connections to deliver a unified and comprehensive solution. The award-winning iPassConnectTM user interface, centralized management, leading security features and powerful policy enforcement make iPass services the choice of hundreds of Global 2000 corporations including General Motors, Hershey Foods and Underwriters Laboratories. Founded in 1996, iPass is headquartered in Redwood Shores, Calif., with offices throughout North America, Europe and Asia Pacific. For more information visit www.ipass.com.
iPass is a registered trademark of iPass Inc.
The statements in this press release relating to the development and anticipated features of, and the potential benefits to be obtained by using, iPass Policy Orchestration are forward-looking statements that are subject to risks and uncertainties that could cause results to be materially different than expectations. Such risks and uncertainties include, but are not limited to: the risk that iPass may encounter unexpected technical difficulties in developing iPass Policy Orchestration, which could delay or prevent the development of this product or certain of the features of this product; the risk that security breaches may still occur despite the use of iPass Policy Orchestration by innovative hackers that develop new methods of avoiding security software; and the risk that the rate of adoption by enterprises of network security software or integrated secure connectivity solutions will not be as iPass anticipates, which if slow would reduce or eliminate the purchase of this anticipated new product. Detailed information about other potential factors that could affect iPass' business, financial condition and results of operations is included in the Company's Quarterly Report on Form 10-Q under the caption "Factors Affecting Operating Results" in "Management's Discussion and Analysis of Financial Conditions and Results of Operations," filed with the Securities and Exchange Commission (the "SEC") on May 14, 2004 and available at the SEC's website at www.sec.gov. iPass assumes no obligations to update the information in this press release.