iPass Policy Orchestration: Achieving Perfect Harmony for Mobile Security

Working in Concert with Enterprise Security Solutions

iPass Policy Orchestration enables coordination of multiple policy-based systems, including VPN, personal firewall, antivirus, vulnerability assessment, endpoint remediation, patch management and network compliance solutions. The award-winning iPassConnect™ universal client, running on the end-user device, will serve as the actual "policy conductor," monitoring and orchestrating the execution of each policy-based security solution. As trust relationships are confirmed through iPass Policy Orchestration, the iPassConnect universal client can establish secure connections between endpoints, the Internet and the enterprise network.

iPass believes that Policy Orchestration will offer key advantages over conventional solutions, including:

• Direct technical integration: Engineering work by iPass and its technology partners will create the ability for third-party security systems to interoperate with the iPass connectivity platform in a way that gives iPass the ability to coordinate, control and sequence their operation. This technical integration can remove gaps inherent in a "bundled" approach to secure connectivity, where multiple security products operate in their own silos alongside a connectivity service.
• Endpoint protection over every Internet session: iPass seeks to proactively enforce endpoint protection at the moment of Internet connectivity and throughout the session, whether or not the user attempts to access the corporate network. iPass Policy Orchestration will work to keep the endpoint from being compromised in the first place, thereby maximizing workforce productivity while protecting both endpoint and network assets.
• Simplified policy administration: iPass policy-orchestrated services will integrate with a customer's existing authentication, directory and identity management systems, allowing the IT department to directly control policies rather than support multiple databases, or a duplicative infrastructure.
• Vendor-neutral approach: iPass has consistently integrated with multiple leading solutions in each segment of the secure connectivity market, ensuring interoperability and coordination of a company's existing custom security architecture and ultimately lowering total ownership costs.

How It Works
iPass Policy Orchestration is expected to help ensure that remote-access users and their devices are secure and trusted before they're allowed to connect to either the Internet or the enterprise network. It will be designed to accomplish this through five stages:

STAGE 1: Authenticate user.
User credentials are to be screened through an iPass Transaction Center and then forwarded to the enterprise through SSL tunnels supported by digital certificates. Passwords can be encrypted all the way from the client device to the enterprise.

STAGE 2: Retrieve session rules.
Session rules, which reflect a company's policies regarding remote connectivity, are to be delivered to the end-user device through an iPass Transaction Center. Rules can be based on user roles within the enterprise, access methods, originating locations, security software versions and configuration, session lengths and more.

STAGE 3: Retrieve critical software updates.
The iPassConnect universal client will work with iPass Endpoint Policy Management or third-party vulnerability assessment and remediation solutions to assure they successfully bring up to date critical endpoint security software, such as anti-virus DAT files and Windows patches.

STAGE 4: Network access compliance "sign-off."
iPass Policy Orchestration will coordinate with network protection solutions. This collaboration provides a final check of the end user's system to ensure that it now complies with the session rules and that nothing has changed during the updating stage. At this point a VPN tunnel can be established between the remote device and the enterprise.

STAGE 5: Retrieve non-critical software updates and reassess compliance.
Software updates that were not deemed critical in Stage 3 can be downloaded and installed. In addition, periodic reassessment of session rule compliance would occur at this stage. If the endpoint is determined to be out of compliance, iPass Policy Orchestration can terminate the session.

Mobile Security Hits a High Note
Most companies have security tools for protecting endpoint and network assets. However, a lack of relationships amongst these tools and with the connectivity client means that a security policy fault may not lead to blocked or reduced connectivity, and possibly leave a company vulnerable. The strongest security solution is one that takes these relationships into account and coordinates the various tools to intelligently enforce policies that accomplish a company's security goals.

iPass believes coordinated control and enforcement of policy-based security systems is key to closing the security gaps in mobile connectivity. iPass Policy Orchestration will allow coordinated enforcement of these policies across myriad security solutions. Best yet, you can remain in control thanks to a platform that's engaged at all connection touchpoints—from your enterprise network, through the Internet, across access provider networks and all the way to the endpoint devices.

The technologies and capabilities that will enable iPass Policy Orchestration are already built into the iPass global virtual network and iPassConnect universal client. Watch for iPass to roll out new policy-enabled orchestration services later this year.

Learn how iPass Policy Orchestration can keep your IT staff, mobile users and security solutions on the same page. Download Stratecast Partners' white paper about iPass Policy Orchestration today!