iPass Orchestrates Policies for Business

By Eric Griffith

November 15, 2004

The remote access provider is going beyond working with firewalls and anti-virus software—it will offer a policy-management service for enterprises to make sure all clients are up to date before connecting.

If you're nervous about your remote users bringing insecurity to your network by not having all the necessary, up-to-date software running, iPass believes it has the answer.

The remote-access company, which aggregates the hotspot networks of other providers to allow access from a worldwide footprint of locations, will now provide Endpoint (read: client) Policy Management as part of its overall initiative toward Policy Orchestration. Basically, that means that in addition to making sure that clients running the iPassConnect software are running the corporate sanctioned firewall software and have their anti-virus definitions up to date, iPass will now also make sure all the software and operating systems connected to the enterprise network are updated remotely and automatically.

In part, this policy management comes out of iPass's acquisition earlier this year of Mobile Automation, a company that helped "IT departments protect and manage their remote and mobile devices such as computers and personal data assistants."

When mentioning Mobile Automation, John Sidline, the director of corporate communications at iPass, says, "We liked them so much, we bought the company."

The policy management service, based on what Mobile Automation offered, is now live with customers.

"The focus is on ease of use, particularly around connecting to multiple network types and the integration of various security systems," says Sidline. "Once you layer on systems, you layer on issues. If it's harder to use in the field, you could be punching holes in security—people say, 'I don't want to use the VPN!' Our view is that you have to know security is being deployed and used correctly." The policy management service takes away the end-user client's ability to have an impact on the security process.

The service will do an assessment of a client every time it logs in to see if it has the current anti-virus files and all the security patches required by the IT department. If it doesn't, the iPass service will download and install them before allowing access to the corporate network.

For critical patches, iPass forces the download immediately by shunting the user to a download DMZ before they can get access. Non-critical patches simply download in the background. Sidline says he thinks critical patches will be a small percentage of the downloads. "We do this with as little disruption as possible—we still want to be about entering a user name and password to connect and go," he says.

In fact, he stressed that this is "an outgrowth of our core remote access business—it isn't a shift in gears" toward becoming a managed security company—"I'd call us smart remote access."

Because the policy enforcement is a managed service, businesses using other remote access services such as GoRemote could also use the iPass Endpoint Policy Management if they want to mix and match—it will (eventually) be sold separately from the iPass remote access service at a cost of a few dollars per user per month. The corporate IT department, however, stays in control of what's required for their employees.

Last week, iPass announced that it would be working with Shavlik Technologies of St. Paul, Minn.—Shavlik provides the patch management solutions used by Microsoft for its Windows Update service. "What they do now is, every patch (from Microsoft) goes to Shavlik; they beta test it and, once ready for production, we get it immediately," says Sidline. He says, for example, Microsoft put out 20 patches on October 10 of this year alone, but by using the Shavlik service, iPass Endpoint Policy Management can serve them up as one set of patches with a smart reboot after the last one is installed. The service can also roll back patches if conflicts with legacy software or hardware are encountered.

Ultimately, the service can lead to even more features, such as forcing an uninstall of unwanted applications like spyware or P2P file share programs, or complete installs of brand new software packages for employees.

"There will be cool updates to this throughout 2005," says Sidline.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.