Symantec VIP Brings Two-Factor Authentication to the Cloud

By Frank Ohlhorst  |  Posted 2011-12-07 Print this article Print

REVIEW: Symantec's VIP leverages multifactor authentication ideologies to bring security to the cloud and beyond.

Symantec, through its Validation and ID Protection Service (VIP), is looking to give access control back to administrators at a time when data breaches, hack attempts, stolen data and system attacks are seemingly becoming everyday events.

While the results and damages caused by breaches can vary, there is a common thread behind any type of data compromise-a security failure. Those security failures come in all shapes and sizes, though most start with a failure to adequately control access to a system.

With VIP, Symantec is giving administrators a tool that brings multifaceted authentication back to systems, regardless of whether they are accessed remotely, via the cloud or internally.

VIP is a new take on an old security practice, where a user is expected to have something they know (such as an account name and password combo), as well as something they possess (smartkey, token, keycard). That security ideology has been around for a while, dating back to physical security where someone needed a key to enter a building and then had to check in with a guard. As a concept, multifactor authentication seems ideal. However, in practice, multifactor authentication has been a challenge in the IT realm, basically because it is normally complex to administer, expensive to deploy and difficult for end users to adopt. Symantec is looking to cure those pain points with VIP, which brings simplicity and airtight security to multifactor authentication.

A Closer Look at VIP

Symantec on its Website offers the following description for VIP:

"Symantec Validation and ID Protection Service (VIP) delivers cloud-based strong authentication that combines something you know (e.g. a username and password) with something you have (a credential such as a card, token, or mobile phone). VIP helps to protect networks, applications, and data against unauthorized access as part of a comprehensive information protection program."

The company's description hits on two critical points: multifactor authentication and protection from unauthorized access. Those two points tend to be the cornerstone of effective security in a cloud-connected network.

VIP offers a variety of installation scenarios, which are dictated by the current security posture of the network and applications, as well as what virtual private network (VPN) and connectivity technologies are in place. While the mechanics may differ, the overall concept remains the same-offer an access challenge that is not easily forged or subverted-and that is exactly where VIP comes into play.

VIP is broken down into four modules: VIP Access for Mobile, VIP Self-Service, VIP Manager and the VIP Enterprise Gateway. Those modules are fully integrated and offer secure access for each of their respective security postures.

Getting started with VIP is rather straightforward, thanks to Symantec's subscription-based model, where the primary authentication mechanism takes place in the cloud as a hosted service. In a nutshell, the way it works is that you sign up for Symantec's cloud-based authentication service, which works as an intermediary security mechanism between the endpoint and the target system, while adding a security token as the third element of a multifactor security credential.

Frank Ohlhorst Frank J. Ohlhorst is the Executive Technology Editor for eWeek Channel Insider and brings with him over 20 years of experience in the Information Technology field.He began his career as a network administrator and applications program in the private sector for two years before joining a computer consulting firm as a programmer analyst. In 1988 Frank founded a computer consulting company, which specialized in network design, implementation, and support, along with custom accounting applications developed in a variety of programming languages.In 1991, Frank took a position with the United States Department of Energy as a Network Manager for multiple DOE Area Offices with locations at Brookhaven National Laboratory (BNL), Princeton Plasma Physics Laboratory (PPL), Argonne National Laboratory (ANL), FermiLAB and the Ames Area Office (AMESAO). Frank's duties included managing the site networks, associated staff and the inter-network links between the area offices. He also served at the Computer Security Officer (CSO) for multiple DOE sites. Frank joined CMP Technology's Channel group in 1999 as a Technical Editor assigned to the CRN Test Center, within a year, Frank became the Senior Technical Editor, and was responsible for designing product testing methodologies, assigning product reviews, roundups and bakeoffs to the CRN Test Center staff.In 2003, Frank was named Technology Editor of CRN. In that capacity, he ensured that CRN maintained a clearer focus on technology and increased the integration of the Test Center's review content into both CRN's print and web properties. He also contributed to Netseminar's, hosted sessions at CMP's Xchange Channel trade shows and helped to develop new methods of content delivery, Such as CRN-TV.In September of 2004, Frank became the Director of the CRN Test Center and was charged with increasing the Test Center's contributions to CMP's Channel Web online presence and CMP's latest monthly publication, Digital Connect, a magazine geared towards the home integrator. He also continued to contribute to CMP's Netseminar series, Xchange events, industry conferences and CRN-TV.In January of 2007, CMP Launched CRNtech, a monthly publication focused on technology for the channel, with a mailed audience of 70,000 qualified readers. Frank was instrumental in the development and design of CRNTech and was the editorial director of the publication as well as its primary contributor. He also maintained the edit calendar, and hosted quarterly CRNTech Live events.In June 2007, Frank was named Senior Technology Analyst and became responsible for the technical focus and edit calendars of all the Channel Group's publications, including CRN, CRNTech, and VARBusiness, along with the Channel Group's specialized publications Solutions Inc., Government VAR, TechBuilder and various custom publications. Frank joined Ziff Davis Enterprise in September of 2007 and focuses on creating editorial content geared towards the purveyors of Information Technology products and services. Frank writes comparative reviews, channel analysis pieces and participates in many of Ziff Davis Enterprise's tradeshows and webinars. He has received several awards for his writing and editing, including back to back best review of the year awards, and a president's award for CRN-TV. Frank speaks at many industry conferences, is a contributor to several IT Books, holds several records for online hits and has several industry certifications, including Novell's CNE, Microsoft's MCP.Frank can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel