of Redwood Shores, Calif., has been incrementally building in WLAN security policy enforcement ever since its debut last summer of built-in 802.1X/RADIUS authentication and the optional Policy Orchestration service that forces use of firewalls, anti-virus and virtual private networks (VPNs) by mobile users.
Also in 2004, the company made the only two acquisitions of its nine-year history, that of Safe3W, which allowed ‘fingerprinting’ of devices, and Mobile Automation, which would make sure endpoint client systems had up-to-date operating system patches.
Mush all that technology together and you’ve got what iPass calls its Universal Policy Enforcement solution. And for the first time, it is all found under one universal interface.
Company vice president of marketing and mobility Jon Russo says the company’s security focus was brought on by the 2003 release into the wild of the Sobig.F virus. “It was something that impacted mobile workers. Workers came in, without the right operating system patch, and could take down the corporate LAN.” At the time, estimates in the loss of productivity to the virus went as high as $5.5 billion dollars.
The iPassConnect software which is the end-user HQ for all this technology, will now also open to any Wi-Fi based connectivity — not just iPass-tested and -approved networks.
Piero De Paoli, associate director of product marketing, says that in the days before Intel’s Centrino chip was a household name, corporate customers, while excited about the potential of Wi-Fi, were nervous about security and wanted to stick with tested and trusted networks. “The thought from customers has now swung 180 degrees. They’re refreshing laptops with Centrino and other Wi-Fi adapters, it’s going mainstream, so customers love the client and that it checks for anti-virus and that it can push patches, but users need to get access outside of our 20,000 access points around the world to get work done.”
The iPassConnect client software will also work on Wi-Fi networks that require some kind of outside authentication, say in hotels, even if the provider isn’t an iPass partner. “We’ll prompt users to bring up the browser, they can enter what they need, let them buy a day pass, whatever it takes to use the browser to get online. Then we’ll do our security check,” says De Paoli.
Adding access to non-iPass supported sites costs enterprise customers a bit more, less than $5 per user per month, according to Russo. The software will continue to work with other connection types, from dial-up to broadband, and other wireless connections like EV-DO.
The Universal Policy Enforcement will check for compliance on client computers and, if not, remediate that by upgrading the client as needed before allowing it to log in. The company says it does this “while keeping a simple end-user experience, a necessity for supporting remote and mobile end-users.” They need only know a username and password.
iPass is not the only remote access vendor with policy enforcement, as competitors like GoRemote also offer various degrees of such security.
The company is also not offering any kind of hosted 802.1X/RADIUS like WiTopia.net, or the WSC Guard recently purchased by McAfee, nor a hosted VPN service like that from from HotSpotVPN.com, JiWire, and others. Russo says those services are more for consumers. Enterprises will provide their own RADIUS servers and VPN termination for authenticating users, and can use the built-in 802.1X supplicant in the iPassConnect software to connect to them.