Events Archive

March 2010
SecurEnvoy to exhibit at Infosecurity Europe in London 27-29 April 2010SecurEnvoy to exhibit at Infosecurity Europe in London's Earls Court on the
27th to 29th of April 2010.
See us at stand H60.

See us presenting in the Technical Track on Tuesday, Wednesday and Thursday.

Also see us presentating in the Business Track.

More Information

February 2010
SecurEnvoy to exhibit at CeBIT in Hanover March 2nd – March 6thSecurEnvoy will be exhibiting at CeBIT in Hanover (March 2nd – March 6th). Come and visit us at Stand F36 in the Security Hall (Hall 11) to see a demonstration from the innovators of SMS Tokenless Two Factor Authentication solutions. We will also be launching our latest managed services offering, based upon yet another inspirational commercial approach for partners and customers alike.

More Information

October 2009
Securenvoy exhibits at IT Security expo on the 13th to the 15th of OctoberSecurenvoy will be exhibiting at Germany's prestigious IT Security expo on the 13th to the 15th of October in Nuremberg on stand 6-208. Live demonstrations of the next generation of two factor authentication along with the unique Emergency Access, SecureICE, will be shown

More Information

October 2009
SecurEnvoy to exhibit with its partner Techaccess at Infosec NetherlandsOn the 3rd to the 5th of November SecurEnvoy is exhibiting alongside its distributor Techaccess. Being demonstrated will be SecureAccess and the Unique remote Access contingency solution Secure ICE

More Information

June 2009
Met de opkomst van mobiel werken, webservices en IT in het algemeen is authenticatie voor steeds meer mensen belangrijk. Natuurlijk is authenticatie geen doel op zich maar is het alleen om te zorgen dat de mensen voor wie het bedoeld is de informatie te zien krijgen.2-factor authenticatie.
Sterke authenticatie door middel SMS naar standaard mobiele telefoons. Hoe werkt nieuwe generatie van 2 factor authenticatie waarbij SMS wordt gebruikt als middel om de passcodes naar de gebruikers te brengen? Wat zijn de verschillen tov van bestaande sterke authenticatie oplossingen. Hoe kan ik het integreren met de verschillende directories, en belangrijker hoe kan dit met lage kosten van licenties en gemakkelijke uitrol gerealiseerd worden?

Spreker: Andy kempshaw
Andy is een van de oprichters en hoofd development van het Engelse SecurEnvoy. Hij is een autoriteit op gebied van sterke authenticatie, was een van de grondleggers van RSAís token oplossing en heeft ruime ervaring en goed verhaal over de authenticatie markt.

More Information

May 2009
See SecurEnvoy and our South African partners ASD at ITWeb’s 4th Annual IT Security Summit 2009; 26 – 28 May 2009, at Vodaworld, Midrand, South Africa
See SecurEnvoy and our South African partners ASD at ITWeb’s 4th Annual IT Security Summit 2009;

Date: 26 – 28 May 2009,
Venue: Vodaworld, Midrand

Our second attendance at this show; providing a keynote speech and exhibition stand; demonstrating tokenless authentication live!

More Information

News Archive

June 2010
SC Magazine selects SecurEnvoy for "Best Buy" after awarding five stars in it's product test.

More Information

May 2010
New Repoting Wizard released as a free add-on to all existing version 5 customers.SecurEnvoy have released a new reporting wizard add-on package which is available to all existing version 5 customers free of charge.

The software package can be downloaded from www.securenvoy.com/ftp/report.zip
The included readme.txt explains how to install.

The following reports can be created:

1 All Managed Users
2 Disabled Users
3 Enabled Users
4 ICE Users
5 Full Administrators
6 HelpDesk Administrators
7 Config Administrators
8 Real Time OTP Users
9 Pre Loaded OTP Users
10 Daycode Users
11 Tmp Users
12 Static Users
13 Users who have NOT authenticated in (x) days
14 Users who have authenticated in the last (x) days

More Information

January 2010
Cambridge City Council roles out SecurAccess to aid CoCo compliant.The residents of Cambridge elect 42 councillors across 14 wards, who are responsible for setting the budget and policy framework in the city. Backing up every decision and policy change is a workforce of hundreds of employees who ensure that any decisions made by the council are successfully implemented at a practical level.

In order to ensure that the council’s civic responsibility can be met, many of Cambridge City Council’s employees needs to be in constant contact with the organisations, businesses and individuals of Cambridge, and with colleagues at the Council itself.

This involves taking calls from the public, visiting homes and businesses, coordinating with council members and relaying information back to the council’s central system to ensure that data is kept current and comprehensive.

When dealing with a wealth of information regarding such a wide variety of businesses and organisations, however, there is an inherent security risk – any information mishandled, lost or stolen is a potentially damaging security breach, both for the council and those that it works with.

“The Council encourages employees to maintain a good work/life balance, and being able to log on remotely is an important part of this,” said James Nightingale, Head of ICT Client Services at Cambridge City Council. “However, the more remote workers you have, the more the IT security risk goes up – how can the IT team tell users are who they claim to be when logging on remotely?”

Additionally, the Council had to prove it was compliant with the Government’s GSCX Code of Connection (known as CoCo). CoCo is part of Government Connect – the pan-government programme providing an accredited and secure network between central government and every local authority (LA) in England and Wales. All LAs must be compliant with CoCo’s code of practice to prove they have the necessary network security measures in place.

“To comply with CoCo, it was absolutely necessary to have a system in place to make remote access for our employees more secure,” Nightingale continued. “Dealing with information from so many different businesses, people and organisations while on the move is the nature of the job, so there needed to be a way to do that as securely as possible.”

Cambridge City Council began to consider ways in which it could authenticate remote users to facilitate mobile and home working.

A number of other councils around the UK utilise a token-based authentication system, whereby employees pick up a token containing an authentication code that allows them to connect to the system remotely. The main problem facing this option, however, is the time and effort needed to distribute each token to employees.

“The authentication token as a security measure is incredibly time consuming,” said Nightingale. “Staff would have to fill out access request forms, then make a physical appointment to come into the council offices and pick up the token, wasting a lot of time for admin workers and users.”

A token-based system also generates a myriad of other issues – the hardware is often lost, they are easily broken, and creating the large quantities of tokens incurs huge expenses. Frequently, tokens were stored with laptops so if the computer was stolen, the authenticator would go with it.

It therefore seemed logical for Cambridge City Council to turn to SecurAccess, which negates the need for tokens by using employees’ mobile phones to deliver authentication codes.

“The main goal was to achieve CoCo compliance, while keeping any new systems as user-friendly as possible,” said Nightingale. “But in this tight economic period we wanted to do this without wasting council money on unnecessary expenditure.”

“The roll-out of the software at the Council was painless – it took just a few days, and employees got used to the system very quickly,” said Stev

More Information

December 2009
Lincoln City Council switches to SecurEnvoy tokenless authentication The Lincoln City Council has nine remote offices, with over 600 members of staff. The Council is responsible for local planning, building control, roads and council housing. With over 80,000 residents in Lincoln, the Council has to handle a vast amount of confidential information. Data security is always a concern – authenticated access must be easy to use, reliable and above all secure.

Two-factor authentication is not a new concept but it has been troubled by ongoing difficulties with system integration and users lacking confidence when using the product. City of Lincoln Council already had an existing two-factor authentication system, which required the use of hardware tokens. The Council was looking to reduce the cost of its managed token provider as the contract with them was ending. SecurEnvoy was just in time to help the Council migrate its authentication system.

“We required a cost effective, secure, reliable and flexible solution providing two-factor authentication for remote access,” said Dave Wormall, Principal IT officer at the Council. “We evaluated three products, including our existing supplier, during the selection process. SecurEnvoy’s cost effectiveness, ‘In Case of Emergency’ (ICE) services and reliability came through as the primary choice.”

The two-factor authentication technology from SecurEnvoy, SecurAccess transforms any mobile phone into a makeshift authentication device. This eco-friendly solution is cost-effective because there is no need to purchase additional hardware.

“We had less than a month before our tokens needed replacing and were concerned that we wouldn’t have time to migrate to a new solution,” said Wormall.

SecurEnvoy’s Deployment Wizard configured multiple accounts for the authentication switch to take place. With a single click, multiple users were migrated quickly and effectively to the new SecurAccess system. The process took less than a minute.

Even though the Council operates on two different remote access solutions, one Windows-based and one Linux-based, SecurEnvoy’s solution configured both channels easily and quickly.

For SecurEnvoy, configuring the Council’s existing authentication system to SecurAccess was simple. However, convincing the Council staff that extra hardware was no longer necessary in ensuring data security was a little bit more difficult.

Some Council members and councillors feared change and were comfortable using their traditional tokens, they were initially apprehensive about a text message based solution. After using tokenless two-factor authentication they soon realised that it was just as reliable and secure with the added bonus that they no longer needed to carry yet another device.

“The City of Lincoln Council’s home and flexible working policy will ensure that SecurEnvoy’s remote access services will always be in demand,” said Wormall.

SecurEnvoy has been able to help the Council reach its goals to find a top-notch security solution at a fraction of the price of its competitors.

More Information

November 2009
The growth in mobile authentication will see the death of the hardware token according to one vendor.The growth in mobile authentication will see the death of the hardware token according to one vendor.

Following news from Goode Intelligence that the mobile authentication market is predicted to grow significantly over the next five years, but with major vendors losing ground to authentication specialists, one vendor has claimed that nearly half of UK organisations have plans to authenticate their staff via SMS by 2011.

Andy Kemshall, co-founder at SecurEnvoy, claimed that the trend will mean the death of the hardware token.

Kemshall said: “Everything is going mobile these days and this will only continue in the coming years. With 40 per cent of organisations turning to mobile authentication by 2011, as predicted by Goode Intelligence, I believe the separate hardware token alternative will begin to drop off the radar.

“This technology was invented around the same time as VHS tapes, while SMS based tokenless technology emerged at a similar time to Blu-Ray. The development of VHS to Blu-Ray is simply technological evolution. In the same way, change from token to tokenless technology is inevitable.”

Kemshall claimed that as most people have a mobile phone already, there are no addition costs to authentication over the mobile network and phones are a much greener alternative.

“There is also the burden of carrying hardware tokens. Staff rarely forget their mobile, but all too often tokens are misplaced or malfunction and have to be re-ordered, costing time and money,” he said.

More Information

November 2009
SecurAccess 5.3 from SecurEnvoy is a fast roll-out SMS based tokenless authentication solution ensuring secure access to network resources for remote users.SecurEnvoy has launched SecurAccess v.5.3. The
enhanced SMS-based network access product ensures
user roll-out is faster than ever, and helps IT managers
secure corporate networks, whether they are based 'in
the Cloud' or in the office.
SecurAccess users log in with a sms passcode sent to
their mobile phone, rather than having to carry around a
security token. This latest version, v.5.3, gives customers
moving from tokens to tokenless systems the ability to
choose the pace of their migration. Authentication
requests from both SecureAccess and legacy systems
are handled through the same interface. SecureAccess
can also be deployed to 15,000 users in 50 minutes,
compared to the six months it would take on average to
deploy traditional authentication tokens.
As well as fast deployment, SecurAccess v.5.3 delivers 'intelligent routing', helping companies avoid expensive
roaming charges when communicating internationally, as SMS requests are automatically routed either via a modem
or the Internet.
'More companies than ever are virtualising their systems and storing data in the 'Cloud' - it's the future of business
computing. Cloud Computing enables employees to access work from anywhere, but that in turn brings its own
security risks,' said Andy Kemshall, co-founder at SecurEnvoy. 'There are just too many points of access for
traditional authentication to control, and businesses need the additional layer of security provided by two-factor
authentication.'
SecurAccess has one of the smallest technology footprints in the authentication market. Other new features in v.5.3
include authentication of Windows 2008R2 Terminal Services and multi-language support for user names. An
extended login process offers support for syslog - the IT industry standard for forwarding security log information in
an IP network.
'Deploying traditional token authenticators to an organisation of 15,000 users not only takes around six months, it
also requires the services of a full-time administrator,' Kemshall added. 'Using SecurAccess v.5.3, 1,000 users can
be deployed in five minutes. This enables employees to work as flexibly as possible, and employers to feel confident
that the right people are accessing important company information.'

More Information

November 2009
SecurEnvoy has introduced the latest version of its SecurAccess authentication product.SecurAccess v.5.3 allows users to log in with a passcode sent to their mobile phone, rather than having to carry around a security token, and gives users the ability to choose the pace of their migration.
The company claimed that as well as fast deployment, SecurAccess v.5.3 delivers ‘intelligent routing', helping companies avoid expensive roaming charges when communicating internationally with SMS requests automatically routed either via a modem or the internet.

The latest version also includes authentication of Windows Terminal Services and multi-language support for user names. An extended login process
offers support for syslog – the IT industry standard for forwarding security log information in an IP network.
Andy Kemshall, co-founder at SecurEnvoy, said: “There are just too many points of access for traditional authentication to control, and businesses need the additional layer of security provided by two-factor authentication.”
“Deploying traditional token authenticators to an organisation of 15,000 users not only takes around six months, it also requires the services of a full-time administrator. Using SecurAccess v.5.3, 1,000 users can be deployed in five minutes. This enables employees to work as flexibly as possible, and employers to feel confident that the right people are accessing important company information.”

More Information

November 2009
A Scottish council has found a low-cost way of tightening security for remote workers. Instead of equipping them with special security tokens, it now sends out authentication codes to their employees' mobile phones. More than 1,000 workers at Dundee City Council have been enrolled into the tokenless two-factor authentication
system, which provides them with a second factor of authentication, after username and password, when they log on
to the council's VPN.
The system is based on the SecurAccess product from SecurEnvoy Ltd., which sends out a unique access code to
each user for him or her to then key in when accessing council systems.
As well as making the connections more secure, the system helps Dundee comply with the requirements laid out in
the Code of Connection (CoCo) for local authorities connecting to the Government's Secure Extranet (GSX).
Graeme Quinn, IT team leader at Dundee City Council, said the council wanted
to increase security, having relied formerly just on usernames and passwords. He
considered a group of token-based products, including those from Vasco Data
Security International Inc., but finally opted for SecurEnvoy. "One of the big
selling points of SecurEnvoy was that it integrated easily with Active Directory, it
was easy to deploy, and it sent out the tokens to a mobile phone. So we didn't
need any physical tokens to distribute. That was a big plus, certainly," he said.
"SecurEnvoy also supported multiple Active Directories -- we operate across
two Active Directories here at the council."
Dundee has adopted VMware for server virtualisation, so SecurAccess runs as a virtual server, with links to the two
Active Directories. Users can enrol into the service, which associates them with their AD entry and email address,
and asks them to key in their mobile phones' details to enable the codes to be sent to them.
Quinn says that most employees were happy to use their own mobile phones. Where this was not the case, users
could choose to have the code delivered either to their personal email address, or to a landline (usually their home
number) where the code could be converted to speech.
"There is a good degree of flexibility," Quinn said. "For instance, if you are going to be in a place that has a poor mobile signal, you can have an authentication code sent that lasts a couple of days, or you can have up to three
codes sent."
Deployment of SecurAccess was easy, according to the IT team leader. "We just had someone on the end of a
phone to talk us through a few things, but apart from that it was not a problem," he said. "We then had to configure
the VPN [an SSL VPN from AEP Networks Inc.] to point it at the SecurEnvoy server, and that was it."
Staff training and enrolment was equally trouble-free. "There was some preparation to make people aware of the
changes that were happening. And we made sure there were some key people in departments who were up to speed
to answer questions," he said. "But the only thing that's changed is that they get an extra box on the screen when they
sign in. Inevitably, there was the odd problem with people mis-keying their mobile numbers, for instance, but on the whole it was pretty easy."

More Information

November 2009
SecurEnvoy has launched SecurAccess v.5.3. The enhanced SMS-based network access product ensures user roll-out is faster than ever and helps IT managers secure corporate networks, whether they are based 'in the Cloud' or in the office. SecurAccess users log in with a passcode sent to their mobile phone, rather than having to carry around
a security token. This latest version, v.5.3, gives customers moving from tokens to tokenless systems
the ability to choose the pace of their migration. Authentication requests from both SecurAccess and
legacy systems are handled through the same interface. SecurAccess can also be deployed to 15,000
users in 50 minutes, compared to the six months it would take on average to deploy traditional
authentication tokens.
As well as fast deployment, SecurAccess v.5.3 delivers ‘intelligent routing’, helping companies avoid
expensive roaming charges when communicating internationally, as SMS requests are automatically
routed either via a modem or the Internet.
“More companies than ever are virtualising their systems and storing data in the ‘Cloud’ – it’s the future
of business computing. Cloud computing enables employees to access work from anywhere, but that in
turn brings its own security risks,” said Andy Kemshall, co-founder at SecurEnvoy. “There are just too
many points of access for traditional authentication to control, and businesses need the additional layer
of security provided by two-factor authentication.”
SecurAccess has one of the smallest technology footprints in the authentication market. Other new
features in v.5.3 include authentication of Windows Terminal Services and multi-language support for
user names. An extended login process offers support for syslog – the IT industry standard for
forwarding security log information in an IP network.
“Deploying traditional token authenticators to an organisation of 15,000 users not only takes around six
months, it also requires the services of a full-time administrator,” Kemshall added. “Using SecurAccess
v.5.3, 1,000 users can be deployed in five minutes. This enables employees to work as flexibly as
possible, and employers to feel confident that the right people are accessing important company
information.”

More Information

November 2009
SecurEnvoy Furthers its Market Lead in tokenless Authentication with New Release 5.3SecurEnvoy, the inventor of tokenless two-factor authentication, has launched SecurAccess v.5.3. The enhanced SMS-based network access product ensures user roll-out is faster than ever, and helps IT managers secure corporate networks, whether they are based 'in the Cloud' or in the office.

SecurAccess users log in with a sms passcode sent to their mobile phone, rather than having to carry around a security token. This latest version, v.5.3, gives customers moving from tokens to tokenless systems the ability to choose the pace of their migration. Authentication requests from both SecureAccess and legacy systems are handled through the same interface. SecureAccess can also be deployed to 15,000 users in 50 minutes, compared to the six months it would take on average to deploy traditional authentication tokens.

As well as fast deployment, SecurAccess v.5.3 delivers 'intelligent routing', helping companies avoid expensive roaming charges when communicating internationally, as SMS requests are automatically routed either via a modem or the Internet.

"More companies than ever are virtualising their systems and storing data in the 'Cloud' - it's the future of business computing. Cloud computing enables employees to access work from anywhere, but that in turn brings its own security risks," said Andy Kemshall, co-founder at SecurEnvoy. "There are just too many points of access for traditional authentication to control, and businesses need the additional layer of security provided by two-factor authentication."

SecurAccess has one of the smallest technology footprints in the authentication market. Other new features in v.5.3 include authentication of Windows 2008R2 Terminal Services and multi-language support for user names. An extended login process offers support for syslog - the IT industry standard for forwarding security log information in an IP network.

"Deploying traditional token authenticators to an organisation of 15,000 users not only takes around six months, it also requires the services of a full-time administrator," Kemshall added. "Using SecurAccess v.5.3, 1,000 users can be deployed in five minutes. This enables employees to work as flexibly as possible, and employers to feel confident that the right people are accessing important company information."

More Information

October 2009
The distribution of security hardware in the UK creates over 35,000 carbon tonnes, not accounting for the manufacturing and disposal processes which add to this. The distribution of security hardware in the UK creates over 35,000 carbon tonnes, not accounting for the manufacturing and disposal processes which add to this. This is according to SecurEnvoy which has calculated that a forest five times the size of lake Windermere would be required to offset these emissions.

Steve Watts, co-founder of SecurEnvoy commented: “IT departments need to be aware that authentication tokens are far from green. Their large carbon footprint won’t do any favours for the MET office’s UK Climate Projections, which warn of a 2C temperature rise by 2040.”

Watts continued: “In the rush to print less and turn off computers at night, the carbon consequences of security hardware have been overlooked. Mobile working is becoming more popular but it’s important to evaluate the security options carefully, so organisations don’t waste time and money on technology that will increase their carbon footprint. There is plenty of choice out there that won’t require acres of trees to replace environmental damage.”

More Information

October 2009
In June this year, the CBI predicted that we’re going to be stuck in recession for at least another twelve months. The dangers of the current financial situation on employee morale are clear – no one likes feeling as though their jobs are under threat, or that their company can’t afford promotions or pay rises.In June this year, the CBI predicted that we’re going to be stuck in recession for at least another twelve months. The dangers of the current financial situation on employee morale are clear – no one likes feeling as though their jobs are under threat, or that their company can’t afford promotions or pay rises.

But what are the risks of disgruntled employees for security, specifically information security? According to the Association of Certified Fraud Examiners in the US, insider fraud on average equals seven per cent of revenues. Earlier this year, a Deloitte survey revealed that two-thirds of executives expect insider crime to rise in the next two years. If both organisations are right, discontented employees could be making a serious dent on already stretched finances.

Insider crime isn’t just limited to permanent employees however. When locating the Bermuda Triangle seems like an easier prospect than financial ‘planning’, companies turn to temporary workers, who they can hire quickly and who don’t affect long-term resource planning. While the rest of the job market is crashing, 60 per cent of firms reported a stable or increased demand for temporary workers in May 2009.

The risks to corporate security are significant here. Temporary workers aren’t always receptionists and data entry clerks and more senior business consultants are now being heavily used. They often work remotely, and need to access company information in order to do their jobs. This information might include employees’ personal details or salaries, and corporate financial information that could have a huge impact on share price. The CIO is caught in a ‘corporate trust trap’ – does trusting the consultant to access what they need to do their job effectively mean security has to be compromised?

We’re not necessarily talking about the security of data storage here – it’s an ongoing battle to stay on the front foot, but large Internet organisations and encryption technologies do a good job of ensuring information is safe from illegal hackers. The bigger issue is that of authenticating the user – if confidential information has to be freely available wherever you are, how do you make sure that it isn’t just whoever that is accessing it?

Passwords are the traditional form of user authentication, but all passwords can be broken – ultimately a password is only secure as long as no one else knows what it is. IT security forensic experts can break up to 3 million passwords a day using specialist machines. No matter what combination of letters and numbers you use, the fact remains that no password is strong enough for the determined thief.

And that’s before you allow for lax employee attitudes to IT security. We all know one of those users who still rely on the ‘Post-It note on the laptop’ method of remembering what their password is.

As we reach the summer holiday period, the risk of relying on passwords become even more pronounced – a recent poll we carried out revealed that three-quarters of employees admit to sharing their corporate network password with at least two colleagues.

Imagine this as a family tree – where each employee has links to two more employees – passwords spread quickly. You soon begin to get an idea of the security problems the IT team has to deal with on a daily basis when sensitive information like this is being freely given.

So what can the CIO do to avoid getting stuck in this corporate trust trap? The easiest way is to insist consultants work from the office – but companies would be limiting their choice of employees to those who are close by, rather than those who are best for the job.

Gritting your teeth and hoping for the best isn’t an option, and neither is a ‘big brother’ approach to what information can be accessed. It’s a waste of time and a frustration to those trying to do their job.

New and even existing hardw

More Information

October 2009
Dundee City Council has become the first in Scotland to secure access to its growing VPN using two-factor authentication based on SMS codes sent via mobile phone.Dundee City Council has become the first in Scotland to secure access to its growing VPN using two-factor authentication based on SMS codes sent via mobile phone.

The headline reason for the investment in SecurEnvoy’s SecurAccess system was a desire to comply with the Scottish Government’s Code of Conduct (CoCo), which specifies minimum security parameters for network access by employees. Previously, Dundee had been securing its VPN through a conventional user name and password setup, now accepted to be inherently insecure.

The council assessed the SecurAccess design for 1,000 users against a rival and unnamed technology based on hardware tokens. What seems to have counted in favour of SecurAccess was its ability to enrol users cheaply and simply via email and manage them by utilise the pre-existing LDAP Active Directory database without the need to create a new parallel store of user data.

After enrolment, staff now access the council’s VPN by receiving six-digit passcodes on their phones, which they use in conjunction with their old user name and password fields. The codes can only be used once per login. Because access is entirely electronic, there are no physical tokens to be lost.

“We were looking to enhance our VPN security, and liked the easy process for accessing our network safely via SMS,” said Graeme Quinn, IT head at Dundee City Council. “Nearly everyone these days has a mobile phone, so this limited overall costs. We thought SecurAccess would be a quick, easy solution to combat the security issues around remote access.”

The council was considering increasing the number of licenses in future as the need for remote access expands from its already significant base. The council currently has around 7,500 employees spread across 265 sites, so the adoption of two-factor authentication affects a significant percentage of its frontline staff.

Might budget cuts in future years affect the ability of public sector organisations to adopt such technology, especially councils coping with rate capping?

“I think security is not going away,” mulls SecurEnvoy’s Adam Bruce, who brokered the deal with the Council. Budgets will be reduced but technologies such as ours will gain market share.” According to Bruce, hardware tokens will die off, killed by their higher cost and complexity.

Dundee City Council is the first to use the SecurEnvoy’s system in Scotland, but at least one other major council in the country is believed to be looking to roll out the system in the near future. In England, SecurAccess SMS tokens are already used by a number of councils, including Hertfordshire, Cambridge and Perterborough.

More Information

September 2009
Dundee City Council has tightened its security for remote workers with a new technology implementation from SecurEnvoy, while fully adhering to the Scottish Government’s Code of Conduct (CoCo) for GSX outlined for local authorities.Dundee City Council has tightened its security for remote workers with a new technology implementation from SecurEnvoy, while fully adhering to the Scottish Government’s Code of Conduct (CoCo) for GSX outlined for local authorities.

The Council has installed SecurAccess from SecurEnvoy to enhance its security system for remote working. SecurAccess provides employees with network access via SMS. Passcodes are sent to their mobile phones, which are entered alongside usual login details, to access networks and emails from remote locations safely.

Graeme Quinn, IT team leader at Dundee City Council said: “We were looking to enhance our VPN security, and liked the easy process for accessing our network safely via SMS. Nearly everyone these days has a mobile phone, so this limited overall costs. We thought SecurAccess would be a quick, easy solution to combat the security issues around remote access.”

“SecurAccess has also enabled us to meet government requirements outlined in the Code of Conduct, whilst enhancing our security with two very different groups of users, many of whom are required to work remotely around the city.”

“We have 1,000 licences at the moment, but we’ll look at increasing this in future. Our requirements are always changing and it’s great to have technology in place to cope with our developing workforce.”

“Mobile working is undoubtedly becoming more common, and we want to support employees who want more flexibly, without compromising security,” said Steve Watts, co-founder at SecurEnvoy. “With extra requirements for local governments to be CoCo compliant, councils like Dundee will benefit from our leading technology, SecurAccess.”

More Information

September 2009
Dundee City Council has implemented technology to adhere to the Scottish Government's Code of Conduct (CoCo) for GSX outlined for local authorities.Dundee City Council has implemented technology to adhere to the Scottish Government's Code of Conduct (CoCo) for GSX outlined for local authorities.

The council has installed SecurAccess from SecurEnvoy to enhance its security system for remote working. It provides employees with network access via SMS with passcodes sent to their mobile phones. These are entered alongside usual login details to safely access networks and emails from remote locations.

Graeme Quinn, IT team leader at Dundee City Council, said: “We were looking to enhance our VPN security, and liked the easy process for accessing our network safely via SMS. Nearly everyone these days has a mobile phone, so this limited overall costs. We thought SecurAccess would be a quick, easy solution to combat the security issues around remote access.”

“SecurAccess has also enabled us to meet government requirements outlined in the Code of Conduct, whilst enhancing our security with two very different groups of users, many of whom are required to work remotely around the city.”

Steve Watts, co-founder at SecurEnvoy, said: “Mobile working is undoubtedly becoming more common, and we want to support employees who want more flexibility, without compromising security. With extra requirements for local governments to be CoCo compliant, councils like Dundee will benefit from our leading technology, SecurAccess.”

More Information

September 2009
IT needs to worry about the rise in temporary workers and consultants brought about by the recession.

(Subscription required to read from the link)IT needs to worry about the rise in temporary workers and consultants brought about by the recession.

According to the Association of Certified Fraud Examiners in the US, insider fraud on average equals 7 per cent of revenues. And a Deloitte survey revealed that two-thirds of executives expect insider crime to rise in the next two years. If both organisations are right, discontented employees could be making a serious dent on already stretched finances.

The growth in temporary workers, who can be hired quickly and who don’t affect long-term resource planning, increase the risks to corporate security. Some can be senior business consultants, often working remotely and needing to access company information.

This information might include employees’ personal details or salaries, and corporate financial information that could have a huge impact on share price.

The CIO is caught in a “corporate trust trap” – does trusting the consultant to access what they need mean security has to be compromised?

Large internet organisations and encryption technologies do a good job of ensuring information is safe from illegal hackers. The bigger issue is that of authenticating the user – if confidential information has to be freely available wherever you are, how do you make sure who is accessing it?

Passwords are the traditional form of user authentication, but all passwords can be broken. IT security forensic experts can break up to 3m passwords a day using specialist machines. No password is strong enough for the determined thief.

And a recent poll we carried out revealed that three-quarters of employees admit to sharing their corporate network password with at least two colleagues. Imagine this as a family tree – where each employee has links to two more employees – passwords spread quickly.

So what can the CIO do to avoid getting stuck in this corporate trust trap?

The easiest way is to insist that consultants work from the office – but companies would be limiting their choice of employees to those who are close by, rather than those best for the job.

And a “big brother” approach to what information can be accessed is a waste of time and a frustration to those trying to do their job.

New and even existing hardware can be used to provide an extra layer of security through “two-factor” authentication – providing additional passcodes as users need them. These passcodes change every time a user needs one, making it almost impossible to hack them.

More Information

September 2009
The distribution of IT security hardware in the UK creates over 35,000 carbon tonnes, not accounting for the manufacturing and disposal processes, according to IT security firm SecurEnvoy.The distribution of IT security hardware in the UK creates over 35,000 carbon tonnes, not accounting for the manufacturing and disposal processes, according to IT security firm SecurEnvoy.

The company has calculated that a forest five times the size of lake Windermere would be required to offset these emissions.

Steve Watts, co-founder of SecurEnvoy, said: “IT departments need to be aware that authentication tokens are far from green. Their large carbon footprint won’t do any favours for the MET office’s UK Climate Projections, which warn of a 2C temperature rise by 2040.

“In the rush to print less and turn off computers at night, the carbon consequences of security hardware have been overlooked.

“Mobile working is becoming more popular but it’s important to evaluate the security options carefully, so organisations don’t waste time and money on technology that will increase their carbon footprint. There is plenty of choice out there that won’t require acres of trees to replace environmental damage.”

More Information

September 2009
People are using simple passwords and admit that at least one other person knows what it is.People are using simple passwords and admit that at least one other person knows what it is.

Research by life assistance company CPP found that 46 per cent of Britons use the same password to login to their banking, shopping and social networking sites, with a further 54 per cent confessing to using variations of the same password.

The vulnerability is heightened by the fact that many Brits resort to predictable passwords that are not difficult to track. Nearly one in five (18 per cent) use their pets' names while one in eight use memorable dates such as birthdays (12 per cent). Others use their children's names (ten per cent) or even their mother's maiden names (nine per cent).

The majority (68 per cent) claim that it is too difficult to remember numerous logins, while 17 per cent said that they are worried about forgetting a password and being logged out.

Whitehat Robert Schifreen, said: “Use a different password for every online system that you sign up to. Otherwise, an online fraudster who manages to find your single password will have the keys to your entire online life.

“Also, never type your credit card number, or any other confidential information, into a website that doesn't have the closed padlock symbol to show that what you're typing is being encrypted.”

Steve Watts, co-founder of SecurEnvoy, claimed that it is all very well recommending different passwords for every website, but would question who is actually able to do that.

Watts said: “Think about how many times in a week we need a password to access websites, company networks and confidential information. We all know that we should use complex passwords that differ every time, but how on earth would we remember them? The answer is, we wouldn't. In fact, we'd probably end up writing them all down somewhere and increasing the security risk even further.

“Everyone is aware of the risks from password hackers, but no one really knows what they can do about it. At work, we found that three-quarters of employees have shared their corporate passwords with colleagues. To stay secure we should be going beyond the password and using an additional layer of security to access the information we need in life and at work.”

Stephen Howes, CEO of GrIDsure, claimed that the technology developed by his company prevents fraud as it creates a ‘one-time password with no need for devices and it is easy for Joe Public'.

Howes said: “The man on the street cannot deal with complexity and you have got to deal with the lowest common denominator, in this case the human being. People will go to extreme lengths with passwords as they don't want complexity.”

More Information

September 2009
Research has revealed that millions of Britons could be at risk from online fraud due to lax password security measures.Around 1.7 million Britons could be at risk of internet fraud and cybercriminals by using the same password for every website they use that requires them to log in.

Research from insurance firm CPP revealed 54 per cent of the British public use slight variations of a password for different sites.

Around half of those questioned use the same password for each login, with most of them being easily guessable words such as pet names, children’s names, and birthdays.

The statistics are particularly worrying as instances of fraudsters accessing individuals’ accounts to steal bank details are on the increase - therefore having an strong password using numbers as well as letters is becoming incredibly important to prevent fraud.

How to: Protect your passwords

The research also found a staggering 40 per cent of British adults have revealed their password to at least one other person, making them even more vulnerable to fraud.

However security firm SecurEnvoy said that passwords would always be insecure as long as they "are managed by humans not machines".

"To stay secure we should be going beyond the password and using an additional layer of security to access the information we need in life and at work," said SecurEnvoy's co-founder Steve Watts.

"We all know that we should use complex passwords that differ every time, but how on earth would we remember them? The answer is, we wouldn't. In fact, we'd probably end up writing them all down somewhere and increasing the security risk even further," Watts said.

More Information

July 2009
..... the risk of disgruntled
employees trying to access confidential data is higher now than at any other time ....Employees reveal their corporate password to at least two colleagues
(22/07/2009)

Nearly three quarters of employees have revealed their
corporate password to at least two colleagues – and only one
third refuse to give out their login details, according to research
from SecurEnvoy.

The results suggest signs of a password pandemic, as employees
readily share passwords with colleagues to check email or access
information while they’re away.

Steve Watts, co-founder at SecurEnvoy, commented: “Today’s
workers are very trusting of fellow colleagues, but can they really
rely on them to keep private network details safe?
Providing the
backdoor key to your entire work life is risky, so it’s essential to
keep access numbers down”.
“Particularly during the recession, the risk of disgruntled
employees trying to access confidential data is high. And it doesn’t
stop there. More businesses are hiring short-term consultants
rather than permanent staff to cut costs and they’re often
remotely based. Companies need to be sure they’re allowing the
right people to access the right information without compromising
on security.”

More Information

July 2009
Nearly three quarters of UK employees have revealed their corporate password to at least two colleagues – and only a third refuse to give out their login details, according to research from SecurEnvoy.Nearly three quarters of UK employees have revealed their
corporate password to at least two colleagues – and only a
third refuse to give out their login details, according to research
from SecurEnvoy.
The results suggest signs of a password pandemic, as employees
readily share passwords with colleagues to check email or access
information while they’re away.
Steve Watts, co-founder at SecurEnvoy, commented: “Today’s
workers are very trusting of fellow colleagues, but can they really
rely on them to keep private network details safe? Providing the
backdoor key to your entire work life is risky, so it’s essential to
keep access numbers down”.
“Particularly during the recession, the risk of disgruntled
employees trying to access confidential data is high. And it doesn’t
stop there. More businesses are hiring short-term consultants
rather than permanent staff to cut costs and they’re often
remotely based. Companies need to be sure they’re allowing the
right people to access the right information without compromising
on security.”

More Information

July 2009
New release to support Windows Server 2008 R2
SecurEnvoy today announced it will launch a new version of its authentication application. SecurAccess v5.2 works with Microsoft Windows Server® 2008 R2 to offer customers enhanced security, as well as innovative user interface features and reliability improvements. Instead of the need to carry around security tokens, SecurAccess users log in to company networks via a passcode sent to their mobile phone - increasing the security of the remote working process.

“Our ISV community is alive with innovation, and we’re committed to helping our partners drive the next generation of software experiences,” said Ross Brown, Vice President of ISV and Solutions Partners for the Worldwide Partner Group at Microsoft. “Adding compatibility for the latest Microsoft operating systems helps ISVs to stay ahead of the competition and give their customers access to cutting-edge technologies.”

“Making our application compatible with Microsoft Windows Server 2008 and the upcoming R2 release helps us offer customers compelling benefits, including more sophisticated management features and improved security and reliability.” said Andy Kemshall, co-founder at SecurEnvoy

NOTES TO EDITORS
About SecurEnvoy (www.securenvoy.com)

SecurEnvoy provides two-factor authentication via mobile phones. Pass codes are sent to the user’s mobile phone in order to access networks or private emails. SecurEnvoy’s products - SecurAccess, SecurPassword, SecurICE and SecurMail - are adopted worldwide. Customers benefit from a reduced installation time and a zero footprint approach as no token distribution or remote software deployment is required, so ROI for organisations is relatively high.

SecurEnvoy distributes through the channel, providing customers the value added benefits of working with local partners. It has built up a technical and sales infrastructure that supports most languages and cultures around the world. Partners include: Juniper, Citrix, Fortinet, Sonic Aventail, Cisco, Checkpoint, Celestix, Microsoft and F5. SecurEnvoy’s customers include T-Mobile, Symantec, John Lewis, NHS and Save The Children.

Founded by Andrew Kemshall and Stephen Watts in 2003, SecurEnvoy is based in Theale, Berkshire.

For more information about SecurEnvoy and its products, visit www.securenvoy.com

Products or service names mentioned herein are the trademarks of their respective owners.

For more information please contact
Ellen Spenceley or Lisa Gillingham at LEWIS PR

Tel: +44 (0) 117 315 8584
Email: securenvoy@lewispr.com
Web: www.lewispr.com

More Information

June 2009
Experts give a cautious welcome to new IT security plans announced todayEd Rowley, EMEA technical consultant at security vendor Marshal8e6, agreed that the global nature of the internet calls for more than separate national cyber security strategies, as announced by the US and now the UK.

"Only international co-operation between governments and ISPs will afford the level of security we expect and this still looks a long way off,” he said.

Steve Watts, co-founder of SecurEnvoy, argued that a better strategy from the government would be to encourage a more decentralised model of security, encouraging businesses and individuals to protect their own networks.

“Most organisations realise it’s their own responsibility to prevent cyber attacks," Watts said.

"But many still follow the ‘sun screen’ approach, and only apply measures when it’s invariably too late. While the government can’t claim ultimate responsibility, what it can do is encourage accountability – by putting the schemes in place to support it.”

Mikko Hyppönen, chief research officer at F-Secure, added to the voices welcoming the announcement, but warned that from a law enforcement perspective, a more global approach is required.

"Establishing an international agency - 'Internetpol' - with the enforcement power to really target the organised criminals who operate on the web is the best way forward in the fight against online crime," he said.

"It would ensure that investigations start at the top of the crimeware food chain and bring to justice the people who are running the online crime syndicates."

In truth, all the serious rhetoric from Gordon Brown aside, the success of the cyber security proposal really depends on how much funding the government is prepared to commit to the programme.

Recognising that there is a problem is an encouraging first step, but a cure will continue to prove elusive unless the government is prepared to engage internationally with governments around the world, especially those who allow cyber criminals to flourish undisturbed.

More Information

June 2009
Security experts have reacted positively to government plans to create an Office of Cyber Security and applauded plans to reach out to the nation's hacking community. Web User takes a look at some of the reactions.Rick Howard, director of Intelligence at iDefense, said he was "cautiously optimistic" about the plans to reach out to hackers in an effort to ensure the nation's security.

"It is encouraging to hear about the British authorities reaching out to the white-hat hacker community; the Russian and Chinese have been doing that for years and are way ahead of both the US and the UK in this regard," he said.

"Where the Russians and the Chinese have surpassed everybody else is their willingness to use amateur hacking groups to accomplish low-level cyber missions. The fact that the UK intends to use hackers for a good cause is encouraging," Howard continued.

Rob Elliss, director for Northern Europe at SafeNet, was just happy to see cyber security at the top of the government's agenda.

"The appointment of a cybersecurity chief and launch of a national strategy are very positive moves by the Government. Having seen the US do something similar last month, I'm pleased to see the UK is putting information security at the top of the public agenda," he said.

Steve Watts, co-founder of SecurEnvoy said that the nation's security should not come at the expense of civil liberties.

"Any cyber security strategy needs to negotiate a delicate balance – between heightening security and maintaining the openness of modern communication," Watts said.

Mikko Hypponen, chief research officer at F-Secure said that he would "like to see a focus on developing an offensive capability against online criminals".

"Anti-virus and security companies are doing their best to protect their customers' computers but little can be done directly by non-governmental organisations. These companies are not law enforcers, nor should they be," said Hypponen.

"At present, online criminals are essentially free to roam with almost nobody to stop them. If we don't take action now, online crime will continue to grow stronger and will end up destroying the current model of internet business, banking and commerce," he continued.

More Information

June 2009
Cloud computing offers tantalising advantages, but carries inherent security risks. As experts continue to debate how significant those risks are; there are simple, elegant remote access precautions companies can be implementing already.Cloud computing is here to stay, because it is simply too advantageous to ignore. While it is unlikely we will see the technological equivalent of Pearl Harbour anytime soon, this trend does make end-user security, especially remote access security, even more decisive as an organisation's first barrier.

Although the risks inherent in this approach are multifaceted and need to be tackled from a variety of angles, there are simple, yet elegantly effective precautions that companies should be implementing immediately. Adding two-factor authentication to remote user passwords is one such example of an inexpensive way of refining that critical first line of defence.

More Information

June 2009
As more and more workers become mobile, remote access needs are rapidly growing. However, companies are discovering their traditional authentication systems can only scale up to meet these demands at great expense. Yet there is another far more cost-effective and intelligent optionMobility and cloud computing are changing the way we do business. Being able to access and interact with critical systems and resources from anywhere at anytime can produce significant competitive advantage for an organisation and its increasingly mobile workforce, but it also makes securing the network a more imperative and complex task.

Most organisations have adapted to this new landscape by using two-factor authentication to secure their network perimeters. In other words, requiring remote users to provide two factors of proof, for example, a secret (something they know) and a token (something they own) as proof of their identity. These are, typically, a password or pin and either a hardware or 'physical' token, like a smartcard, key fob or USB device, or a software token, like an RSA SoftID.

As more and more firms are discovering, though, traditional tokens like these can only meet their growing authentication needs and scale at great expense. Hardware tokens have always been very expensive to purchase, deploy and maintain. Today, however, the costs and administrative burdens associated with such systems are becoming exorbitant as they endeavour to handle the large numbers of mobile workers within organisations. Simply replacing lost, stolen or damaged tokens can prove to be an onerous logistical task.

Software token-based systems are usually cheaper to deploy, but typically require personnel to be sent on more intensive training. Such systems are also inherently less secure because the token resides on the remote user's device (laptop, workstation etc), which is the equivalent of sticking the keys on the side of the car. These systems are also becoming attractive targets for cyber-criminals — a fact that is reflected in the growing amounts of malicious code designed to call token APIs that is being detected.

Eliminate escalating expenses

The ingenious solution to this dilemma is mobile phone-based authentication. By using the remote user's mobile phone as a 'virtual token', an organisation can continue to benefit from two-factor authentication, without the escalating expenses associated with traditional token methods.

Studies suggest that adopting mobile phone-based authentication can reduce an organisation's remote access security overheads by up to 60%. Obviously, equipment is an area where firms can make considerable savings because their mobile workers already own the devices they need and no other costly device 'readers' need to be installed.

Deployment and ongoing administration are also areas where companies can cut overheads, since enrolment processes are straightforward and automated — end-users simply register their phone numbers — and such solutions can, usually, be deployed to a 1 000-plus users in less than five minutes.

More Information

June 2009
Finning (UK), a division of Finning International Inc. the world’s largest distributor of Caterpillar equipment and power systems, has turned to SecurEnvoy to provide an extra layer of security for its remote workers.Finning (UK), a division of Finning International Inc. the world’s largest distributor of Caterpillar equipment and power systems, has turned to SecurEnvoy to provide an extra layer of security for its remote workers.

Finning UK has signed a deal with SecurEnvoy to implement SecurAccess, which replaces its previous token system for remote working. SecurAccess provides employees with ‘virtual tokens’ – passcodes sent to their mobile phones – which are entered alongside usual login details, to access networks and emails from remote locations safely.

Karl McCormack, infrastructure manager at Finning UK said: “Our previous system using hardware tokens had many problems – they are expensive, easy to lose or break and are not at all user friendly. SecurAccess has provided the perfect solution to a complex problem facing IT security.”

“Mobile working is undoubtedly becoming more common, and we want to support employees who want more flexibly, without compromising security,” said Steve Watts, co-founder at SecurEnvoy. “Tokens get lost, go wrong and create waste, but everyone has a mobile phone with them all of the time, so it’s a much safer option.”

More Information

June 2009
London tube strike - the inability to get to the office raises issues on remote access and the security implications.For those of you located in the capital you will undoubtedly be impacted by the RMT strike action that has caused chaos in London.

I am not about to get into political debate about the rights and wrongs of the strike, but much like when Britain was hit by snowstorms earlier this year, the inability to get to the office does bring about the conversations on remote access and the security implications.

Steve Watts, co-founder of IT security specialist SecurEnvoy, said: “When tube strikes send the capital into chaos, people need a way to keep working securely, and businesses need to know exactly who is accessing the company network - we've seen enough examples of lost data recently to understand why it matters.

“Being able to keep trading during a crisis is essential for survival in a harsh business climate. Industrial action is unavoidable, but the response to such an emergency must be controlled, with users gaining secure access to their information until the panic is over."

With remote access comes the questions about security, and how secure the applications being used are when they are not controlled by the office IT infrastructure. Aside from arguments about people having efficient anti-virus on their PCs and the use of USB sticks to carry information out of the office, the major debate at this time is about access.

James Blake, chief product strategist at Mimecast, claimed that the financial impact of the strike should act as a wake-up call to UK companies to put in place an effective business continuity strategy.

Blake said: “Yes, access for the remote workforce has been improving in recent years due to several new offerings including cloud computing, however, often staff do not have access to reliable remote facilities. There are also several security threats that must be considered when providing remote access to workers.”

Blake pointed out the use of Outlook Web Access, the use of which requires IT departments to ‘punch a hole in the firewall' as it frequently introduces vulnerabilities due to its reliability on Internet Information Services.

“Companies can experience several issues to do with Outlook Web Access stripping valid attachments off of emails. Additionally, users cannot access historical archived email and generally cannot search as quickly as needed if several users are logging on remotely at once,” said Blake

He further claimed that users who utilise Virtual Private Networks to access their email servers can find themselves unable to connect from remote locations due to the inability of networking equipment to pass through the connection.

This will result in users finding themselves unable to use WiFi connections to retrieve email and instead having to rely on expensive 3G connections that can easily consume an entire month's data allowance just receiving one or two large attachments.

Another analyst claimed that the need for secure remote access leads to a solution in the cloud. Jonathan Wilkinson, messaging security EMEA & APAC at Websense, claimed that as many businesses become increasingly mobile overall, and employees access company confidential information remotely, via the cloud or other hosted Web 2.0 services, it is vital that IT directors recognise the importance of enabling their workforce to embrace Web 2.0 technologies.

Wilkinson said: “The challenge is to recognise that whilst there is certainly responsibility on the part of the end user to ensure that they are sharing and communicating company data responsibly, responsibility also lies with IT directors to ensure that users are sufficiently educated on best practices surrounding the safe use of Web 2.0 and that effective protection is provided to mitigate th

More Information

May 2009
Finning has signed a deal with SecurEnvoy to implement SecurAccess, which replaces its previous token system for remote working. SecurAccess provides employees with ‘virtual tokens’ – passcodes sent to their mobile phones – which are entered alongside usual login details, to access networks and emails from remote locations.Karl McCormack, Infrastructure Manager at Finning UK said: “Our previous system using hardware tokens had many problems – they are expensive, easy to lose or break and are not at all user friendly. SecurAccess has provided the perfect solution to a complex problem facing IT security.”

“Mobile working is undoubtedly becoming more common, and we want to support employees who want more flexibly, without compromising security,” said Steve Watts, co-founder at SecurEnvoy. “Tokens get lost, go wrong and create waste, but everyone has a mobile phone with them all of the time, so it’s a much safer option.”

More Information

April 2009
Most UK businesses (71%) think security is the biggest threat to cloud computing, a survey of IT chiefs has found.Most UK businesses (71%) think security is the biggest threat to cloud computing, a survey of IT chiefs has found.

Most organisations would like to enable remote working, but security concerns is still a stumbling block, said Steve Watts, co-founder of authentication firm SecurEnvoy which conducted the survey.

Over three quarters of the respondents said they would be concerned if their company's data was stored outside the office.

Only 12% said they store data in the cloud, therefore if cloud computing is going to take off organisations need strategies that make the cloud more secure, said Watts.

The priority for most companies, he said, is to be able to tighten security to the point where they are comfortable to embrace the cloud and maximise its benefits.

According to Watts, an important first step will be improve authentication of end users so companies can be sure only authorised users are accessing applications and data.

More Information

April 2009
Two-factor authentication firm to provide 3,000 licences for safer remote workingOne of South Africa’s leading energy providers has signed a deal for SecurEnvoy to supply them with SecurAccess – the system which provides users with passcodes to their mobile phones as an additional security layer for remote workers.

SecurEnvoy will initially provide 3,000 user licences as a replacement for the previous system of hardware tokens. Over the next 18 months it will then provide an additional 3,000 licences – effectively enabling twice as many employees to work remotely. This is achieved when so much cost is taken away from the token hardware and infrastructure, enabling double the amount of users to use the system for no additional investment!

“Mobile working is undoubtedly becoming more common, and we want to support employees who want more flexibly, without compromising security,” said Steve Watts, co-founder at SecurEnvoy. “Tokens get lost, go wrong and create waste, but everyone has a mobile phone with them all of the time, so it’s a much safer way to get passcodes to users to allow them to log on.”

More Information

April 2009
Case study: T-Mobile and SecurEnvoy.
One of the world's largest mobile operators, with the need to access internal systems remotely for business reasons, the company was also keen to be viewed as an innovator.Case study: T-Mobile

One method of ensuring that all endpoints are under authorised control and that even unauthorised devices such as consumer mobile devices or home PCs are properly authenticated is to deploy a strong authentication solution, locking down external access to the corporate VPN and ensuring policy-driven access is enforced. Mobile operator T-Mobile chose this route to secure a roaming UK head-office workforce of more than 3,400.

One of the world's largest mobile operators, with the need to access internal systems remotely for business reasons, the company was also keen to be viewed as an innovator.

Darren Westmore, project manager, T-Mobile, said: “Three years ago, we heard about a two-factor mobile authentication product from SecurEnvoy that used SMS messages instead of traditional token-based codes. Both to optimise our own processes, and to espouse the potential of mobile technology, this product seemed to be a great fit.”

Previously, T-Mobile had used RSA tokens to authenticate remote access. Westmore said: “It was a simple business case – we compared the costs of adopting the new system against the yearly cost of replacing the RSA fobs.”

SecurEnvoy ran a three-year pilot, involving 5,000 T-Mobile staff. The solution interfaces with a customer's existing employee database, and sends an SMS with a six-digit number to each. This code – in addition to the usual username and password – allows access to business systems for a set period depending on the company's needs. SecurEnvoy founder Steve Watts said: “Some NHS trusts want each code to last just a few minutes, while their community care staff sometimes need a validity period of a week or more.”

Westmore says the scheme has many benefits: “It works well internationally, and has significantly cut down on admin and hardware costs. People are far less likely to lose their mobile phones than their secure ID, so it's a great fit.”

More Information

March 2009
SecurEnvoy, the tokenless two-factor authentication company, has launched SecurAccess v.5 to address issues
with securing cloud-based computing.SecurEnvoy, the tokenless two-factor authentication company, has launched SecurAccess v.5 to address issues
with securing ‘cloud’-based computing.
Instead of the need to carry around security tokens, SecurAccess users log in via a passcode sent to their mobile
phone. This latest version sees the addition of multi-platform LDAP support; meaning existing databases of users,
such as employee information already in corporate systems, can be used with no integration needed.
“The proliferation of cloud computing technologies means companies are increasingly virtualising their data,” said
Steve Watts, co-founder of SecurEnvoy. “The office perimeter has extended to wherever the remote user is
working. As a result there are too many network access points for businesses to manage using traditional means
of authentication.”
Other new features in v.5 include the option of flash SMS technology on phones, so passcodes are displayed as
soon as the user demands authentication. For companies that change their network passcodes regularly for tighter
security, users are also sent SMS messages warning them their passcodes are due to expire.
“Open architectures, until now, have resulted in open season for hackers. Enterprises looking to offer flexible,
mobile working to employees have embraced cloud computing as a way to make IT resources available to staff
anywhere at any time. We just needed to ensure there was an easy way to make sure they’re not available to
anyone else.”

More Information

March 2009
SecurEnvoy, the tokenless two-factor authentication company, has launched SecurAccess v.5 to address issues with securing ‘cloud’-based computing.SecurEnvoy, the tokenless two-factor authentication company, has launched SecurAccess v.5 to address issues with securing ‘cloud’-based computing.
Instead of the need to carry around security tokens, SecurAccess users log in via a passcode sent to their mobile phone. This latest version sees the addition of multi-platform LDAP support; meaning existing databases of users, such as employee information already in corporate systems, can be used with no integration needed.
“The proliferation of cloud computing technologies means companies are increasingly virtualising their data,” said Steve Watts, co-founder of SecurEnvoy. “The office perimeter has extended to wherever the remote user is working. As a result there are too many network access points for businesses to manage using traditional means of authentication.”
Other new features in v.5 include the option of flash SMS technology on phones, so passcodes are displayed as soon as the user demands authentication. For companies that change their network passcodes regularly for tighter security, users are also sent SMS messages warning them their passcodes are due to expire.
“Open architectures, until now, have resulted in open season for hackers. Enterprises looking to offer flexible, mobile working to employees have embraced cloud computing as a way to make IT resources available to staff anywhere at any time. We just needed to ensure there was an easy way to make sure they’re not available to anyone else.”

More Information

March 2009
It is essential for banks to face up to the problems with card reader fraud. It is essential for banks to face up to the problems with card reader fraud (‘Card readers not so secure’, March 9, 2009). Malware and phishing attackers can easily monitor and hack into online banking activity, so banks and their customers must acknowledge and address the risks. End users just need a little education on how to spot suspicious behaviour. Some attacks are obvious, even to the untrained eye, but everyone needs to be aware of what clues to look out for.

Authentication via SMS allows users to be sent passcodes, as well as tips on how to log on safely. It’s also possible for end users to be alerted via mobile phone when people try to authenticate on their behalf. Such technology is a step in the right direction for online banking. When it comes to remote authentication, banks need to be sure that people are who they say they are when logging on, using technology as an additional layer of security if necessary. If they don’t know this, they should be prepared to face the consequences.

Andy Kemshall
Co-founder of SecurEnvoy

More Information

March 2009
SecurEnvoy has launched SecurAccess v.5 to address issues with securing cloud based computing.SecurEnvoy has launched SecurAccess v.5 to address issues with securing cloud based computing.

New additions include the addition of multi-platform LDAP support where existing databases of users can be used with no integration needed, and the option of flash SMS technology on phones, so passcodes are displayed as soon as the user demands authentication.

Steve Watts, co-founder of SecurEnvoy, said: “The proliferation of cloud computing technologies means companies are increasingly virtualising their data. The office perimeter has extended to wherever the remote user is working. As a result there are too many network access points for businesses to manage using traditional means of authentication.

“Open architectures, until now, have resulted in open season for hackers. Enterprises looking to offer flexible, mobile working to employees have embraced cloud computing as a way to make IT resources available to staff anywhere at any time. We just needed to ensure there was an easy way to make sure they're not available to anyone else.”

More Information

March 2009
Major new release of SecureAccess pushes SecurEnvoy further in front. SecurEnvoy announces the release of it's new security server version 5.1
Key new functionality in this release:
• Support for internal managed users via Microsoft ADAM (B2B and B2C users)
• Support for AD, e-Directory, Sun Directory, OpenLdap and ADAM concurrently on the same server
• Helpdesk administration granularity via groups
• SecurPassword now includes SMS notification of passwords that will expire in xx days
• Improved administration graphics and online manuals
• Disabled user notification via SMS
• Improved logging with filtering and support for Microsoft Event log
• Support for multiple SMS third party gateways (10 included)
• Proxy server account authentication (Web SMS Gateway)
• Support for optional Real Time passcodes on a per user bases with flash SMS messages and session locking
• Improved performance
• Enhanced user deployment with tools for redeploying self enrolling users and support for user lists
• Improved SSO for IIS agent (no javascript required)
• SecurMail supports an option to re-use the recipients passcode for additional secure mails
• SecurMail has an option to store email for xx days
• New section in the admin GUI for SecurMail management of both senders and recipients
• SecurMail file upload performance improved

More Information

September 2008
SecurEnvoy selects TechAccess as Benelux distribution partner. SecurAccess to be bundled with all Juniper Networks SA appliancesSecurEnvoy has selected TechAccess, a security integrating distributor, as its premier distribution partner in Benelux. TechAccess will be selling SecurEnvoy’s entire portfolio of two factor authentication solutions for remote access, email and Microsoft Windows password management. SecurEnvoy’s flagship product, a full version of SecurAccess will also be bundled with all Juniper Networks Secure Access SSL VPN appliances sold by TechAccess at no additional cost to the customer.

SecurAccess, is an easy-to-use solution that enables remote workers to use an sms message as a second authentication factor. Instead of relying on tokens or smart cards, users are sent a passcode to their mobile phone, which they use in conjunction with their Microsoft User ID and password to log on to the network. Once a passcode has been used, it is immediately superseded with a new one sent to the phone.

“Organisations no longer want to be burdened with the maintenance and security risks
associated with giving employees smartcards or tokens which all too often get lost or mislaid. With SecurAccess no additional hardware is required, leading to significant cost savings,” says Berry van Waayenburg General manager at TechAccess. “Our partnership with SecurEnvoy presents an excellent opportunity for the channel to add value to the solutions they sell, and increase the profitability of each SSL sale.”

Steve Watts, UK sales director for SecurEnvoy, is delighted with the deal. "TechAccess experience and expertise in networking and secure mobility, coupled with its reputation for delivering outstanding service to its resellers made it an ideal fit with our business. We are confident that this partnership will help us to drive sales across Benelux.”

About SecurEnvoy
SecurEnvoy Ltd is a leading security technology company developing pioneering software for authentication solutions. Its current products include mobile two-factor authentication mechanisms for remote access, securing email and Microsoft Windows password management. SecurEnvoy’s aim is to be the dominant supplier of two-factor authentication solutions by designing and supporting innovative systems that are ahead of the competition in terms of cost, usability and support. The company has four patents pending, and four applications within its tokenless two-factor authentication suite. Established in 2000, SecurEnvoy has its head office in Theale (Reading) from which its serves UK and European customers.

About Techaccess

In the Benelux TechAccess is the Value Added IT Distributor focused on Networking, Security, Storage and VOIP solutions. Besides the distribution of these products TechAccess offers value added services, as support, training, installation, maintenance, consultancy and lead generation for the channel.
TechAccess
Ekkersrijt 4601
5692 DR SON
Tel: +31 (0) 499-462121

More Information

September 2008
Market Harborough Building Society bank on strong authentication with SecurEnvoy SecurAccessMarket Harborough Building Society bank on strong authentication with SecurEnvoy SecurAccess

More Information

August 2008
Milton Keynes Hospital replaces legacy RSA SecurID system with SecurEnvoy SecurAccessMilton Keynes Hospital replaces legacy RSA SecurID system with SecurEnvoy SecurAccess

More Information

April 2008
Aspen adopts SecurEnvoy’s two factor authentication for remote accessTim Coghlan, technical analyst for Aspen has been really pleased with the roll-out: “What I love about SecurAccess is how easy it is to administer, our global service desk manages the password administration which can also be accessed by the technical teams in each country and as all employees have a mobile phone there is no need for any additional hardware.”

More Information

March 2008
John Lewis Partnership secures 15,000 staff with SecurEnvoyThe John Lewis Partnership has signed a deal with SecurEnvoy to enable its workforce to use their mobile phones to gain secure access to corporate systems. 15,000 thousand UK employees are now using SecurAccess, SecurEnvoy’s cost-effective, two-factor authentication solution that transforms mobile phones into virtual tokens.

More Information

March 2008
Famous London Borough secures staff with SecurEnvoyThe Royal Borough of Kensington and Chelsea has signed a deal with SecurEnvoy to enable its workforce to use their mobile phones to gain secure access to the corporate system. 3,000 council employees are now using SecurAccess, SecurEnvoy’s cost-effective, two-factor authentication solution that transforms mobile phones into virtual tokens.

More Information

November 2007
SecurEnvoy now available in 30 countriesSecurEnvoy’s innovative mobile phone-based two-factor authentication solutions are now available in 30 countries across Europe, Asia and Africa. These partnerships build on the considerable success SecurEnvoy is having in the UK, and will enable organisations around the world to benefit from strong, effective two-factor authentication that is easy to use and manage.

More Information

August 2007
SecurEnvoy helps save the planet with green token emissions calculatorInstead of buying and distributing two-factor authentication tokens to their workforce, companies should look at the equipment they already have, particularly mobile phones, to make carbon and cost savings.

More Information

August 2007
SecurEnvoy Signs Africa Distributor Agreement with AfricaSDLeading sub-Saharan e-security distributor, AfricaSD, has partnered with SecurEnvoy to offer its innovative tokenless, two-factor authentication solutions. SecurEnvoy‟s products enable companies to securely protect their networks and email in a cost-effective and convenient way

More Information

June 2007
T-Mobile secures 5,000 staff with SecurEnvoyT-Mobile, one Europe’s leading mobile operators, has enabled its remote workforce to use their mobile phones to gain secure access to corporate systems, thanks to a three-year deal signed with SecurEnvoy. Three thousand UK employees are now using SecurAccess, SecurEnvoy’s cost-effective, two-factor authentication solution that transforms mobile phones into virtual tokens. An additional 2,000 T-Mobile staff are the first to register for SecurICE, SecurEnvoy’s new emergency service that enables them to access the company’s network immediately and securely if they are prevented from coming in to work

More Information

May 2007
SecurEnvoy Signs Irish Distributor Agreement with RenaissanceSecurEnvoy has signed a distribution agreement with Renaissance as its distributor in the Irish market. With sales growth of mobile authentication in Western Europe growing at its all time fastest; SecurEnvoy has appointed Renaissance to promote its mobile authentication solution – SecurAccess to a country already well versed in mobile communications

More Information

April 2007
SecurEnvoy Releases Version 4.1Key New Features in V4.1

Added support for Multiple Domains (Enterprise License)
In Case of Emergency (ICE) Support
Helpdesk self administration for TMP CODES
End User mobile number self enrol
Web based install and administration guide linked to GUI and on-line web resources
Remote Administration Now supports Helpdesk or Full Admin
Added support for any https SMS web gateway via customisable templates
email mass deployment for mobile number self registration
Option To Send 3 One Time Passcodes with each one time SMS Message

Additional Features in V4.1

Added support for Firefox on remote admin
Added support for e-Directory
Admin search now ignores COMPUTER account
config automatically fills in domain name with current systems domain
IIS Agent authentication form now uses separate PIN (Windows Password) and Passcode fields
End User secret questions enrol for Helpdesk authentication
Enable / Disable For SecurPassword
Add Support for Secret Questions in SecurPassword
Add SecurPassword config to web admin
Added support for SSL connections to LDAP
Added support for blank LDAP search base
Added support for t-Mobile SMS Gateway
New Enterprise License for Multi Domain Support
Day codes now resend if the incorrect daycode is entered
Day Codes can be configured to only send if used (this is the default)
Logging has been extended to include calling Client IP Address
SMS Gateway logs now include the userID
SMS Phone Gateway Now checks the SIM is OK and logs and errors or PIN/PUK locks
Allows 10% over user license limit on SecurAccess or SecurPassword users (not ICE)
No longer require LDAP Attribute PagerOther as it is now part of TelexNumber
Hidden Mobile Numbers are cleaned up at point of entry
admin GUI now gives an error message if both SMS Gateways are down
Global Radius Secret for improved administration of Citrix GoToMyPC
Radius to include default domain for each client with "only allow this domain" option MET managed service

More Information