Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cloud
    • Cloud
    • Cybersecurity
    • Mobile
    • PC Hardware

    Symantec VIP Brings Two-Factor Authentication to the Cloud

    Written by

    Frank J. Ohlhorst
    Published December 7, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Symantec, through its Validation and ID Protection Service (VIP), is looking to give access control back to administrators at a time when data breaches, hack attempts, stolen data and system attacks are seemingly becoming everyday events.

      While the results and damages caused by breaches can vary, there is a common thread behind any type of data compromise-a security failure. Those security failures come in all shapes and sizes, though most start with a failure to adequately control access to a system.

      With VIP, Symantec is giving administrators a tool that brings multifaceted authentication back to systems, regardless of whether they are accessed remotely, via the cloud or internally.

      VIP is a new take on an old security practice, where a user is expected to have something they know (such as an account name and password combo), as well as something they possess (smartkey, token, keycard). That security ideology has been around for a while, dating back to physical security where someone needed a key to enter a building and then had to check in with a guard. As a concept, multifactor authentication seems ideal. However, in practice, multifactor authentication has been a challenge in the IT realm, basically because it is normally complex to administer, expensive to deploy and difficult for end users to adopt. Symantec is looking to cure those pain points with VIP, which brings simplicity and airtight security to multifactor authentication.

      A Closer Look at VIP

      Symantec on its Website offers the following description for VIP:

      ““Symantec Validation and ID Protection Service (VIP) delivers cloud-based strong authentication that combines something you know (e.g. a username and password) with something you have (a credential such as a card, token, or mobile phone). VIP helps to protect networks, applications, and data against unauthorized access as part of a comprehensive information protection program.”“

      The company’s description hits on two critical points: multifactor authentication and protection from unauthorized access. Those two points tend to be the cornerstone of effective security in a cloud-connected network.

      VIP offers a variety of installation scenarios, which are dictated by the current security posture of the network and applications, as well as what virtual private network (VPN) and connectivity technologies are in place. While the mechanics may differ, the overall concept remains the same-offer an access challenge that is not easily forged or subverted-and that is exactly where VIP comes into play.

      VIP is broken down into four modules: VIP Access for Mobile, VIP Self-Service, VIP Manager and the VIP Enterprise Gateway. Those modules are fully integrated and offer secure access for each of their respective security postures.

      Getting started with VIP is rather straightforward, thanks to Symantec’s subscription-based model, where the primary authentication mechanism takes place in the cloud as a hosted service. In a nutshell, the way it works is that you sign up for Symantec’s cloud-based authentication service, which works as an intermediary security mechanism between the endpoint and the target system, while adding a security token as the third element of a multifactor security credential.

      An Elegant Approach

      It is an elegant approach, which eliminates much of the integration challenges found in other multifactor security solutions. VIP avoids most of those integration challenges by using a Web API to integrate with the network security (LDAP, VPN, etc.) methodology.

      Setup is straightforward. All I had to do was visit the VIP Manager Website and set up credentials for each user who was going to access the network using a token-based log-in. Tokens are available in several different fashions, but software tokens that work with a smartphone or other device may be the most desirable for the majority of businesses. With a “soft token,” an application is installed on the smartphone or portable device, which generates a synchronized code that is used in conjunction with a user name/password challenge.

      Think of it this way: A user wants to access an application on the corporate network using the VIP methodology. The user will log on to an access portal, which will ask for the user name and password, as well as a third piece of information, which is a security token, referred to as a security code (or even a one-time password). That code is randomly generated and is sent to the user’s smartphone (or other device) and is valid only for a few minutes. The user enters that code with his or her traditional authentication elements (user name and password), and the information is validated by the hosted service, which is integrated into the corporate Remote Authentication Dial In User Service (RADIUS), Lightweight Directory Access Protocol (LDAP) or VPN server. If everything checks out, the user is granted access.

      Although it sounds like there are a lot of moving parts involved in the system, it is surprisingly easy to implement. Symantec has provided straightforward configuration wizards, which makes setup a snap, and detailed online documentation and context-sensitive help further make things easy. Symantec also provides automated tools that help users install the token generator application on their smartphones, including support for Apple’s iPhone and iPad via Apple’s App Store.

      In other words, Symantec makes things very easy for both administrators and end users, without compromising security. I tested VIP with several devices, including a BlackBerry from Research In Motion, an iPhone, an iPad and a notebook computer, and I experienced no difficulties. I found the client software intuitive and the system easy to manage as a whole.

      I encountered some challenges when I integrated the service into my Microsoft Windows 2008R2 Server (64-bit), which was using Active Directory as a primary security mechanism. Here, there was some confusion on how to configure the various security components. However, referring to the deployment guide smoothed out the path to a successful integration.

      When deploying VIP, it is important to understand the network infrastructure that you already have in place and how incorporating VIP’s technology will impact the configuration. In most cases, you will need to deploy a RADIUS server or modify your VPN settings, or make changes to your directory (LDAP) services. However, the included deployment guide offers multiple scenarios, tips and detailed instructions that make the installation straightforward for a networking pro.

      Perhaps, the biggest challenge associated with VIP is the plethora of choices available. VIP integrates with a multitude of servers, directories and VPNs, while supporting a vast array of endpoint devices, including Android devices, iPhones, tablets, dedicated key fobs, secureID cards and traditional PCs.

      From the end-user perspective, using VIP is quite simple. The only additional chore the end user may have to perform is the installation of the credential software, which is a simple application that generates the temporary security code needed for authentication. That application can be pushed down to the device, delivered via email or, in the case of an Apple product, installed from the App Store. Optionally, the service can be configured to deliver a security code via SMS to a cell phone.

      Regardless of the authentication service selected, end users will find VIP easy to use, which promises to provide additional benefits, such as fewer calls to the help desk for password help and a more secure posture for accessing critical information while working remotely.

      Conclusions

      Symantec’s VIP offers several advantages to organizations looking to improve their security and meet compliance needs. First, no major capital investment is needed to deploy VIP, simply because it is a service that works with most of the technologies already in hand, such as Windows Servers, smartphones, etc.

      That goes hand in hand with how easy the service is to deploy, at least compared with traditional hardware-based multifactor authentication systems. For a simple network, deployment can usually be accomplished in a few hours, further helping to reduce costs. What’s more, the system is easy to manage, administer and use, which further reduces operational costs.

      All things considered, Symantec VIP proves to be the easiest way to bring multifactor authentication to most any network or cloud service. The integration options are extensive as is the support for existing hardware, while logging and reporting round out the offering, making it a good fit for those driven by compliance needs and enhanced security.

      What’s more, the service enhances mobility and brings security to sites that were once difficult to secure, making it a good fit for those looking to use tablets or other devices from satellite offices, without having to invest in on-premises-based security hardware.

      Frank J. Ohlhorst
      Frank J. Ohlhorst
      Frank Ohlhorst is an award-winning technology journalist and IT industry analyst, with extensive experience as a business consultant, editor, author, and blogger. Frank works with both technology startups and established technology ventures, helping them to build channel programs, launch products, validate product quality, create marketing materials, author case studies, eBooks and white papers.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.