Stonesoft a2Cloud

On October 4, 2011 Stonesoft, the developer of products in the field of network security and business continuity, announced release of the new solution of a2Cloud (from engl. "Access to Cloud" - "access to a cloud"). The solution combines ensuring secure access "to a cloud", unprecedented convenience of using to users and also the minimum values of aggregate value of administration (TCA) and ownership (TCO).

Recent trends of the modern world, such as cloud computing and virtualization, defined new tasks for Chief information officers and Chiefs information security officer. To cope with the growing business needs, the organizations even more often begin to look in the direction of "cloud" technologies. Actually it means "washing out" of borders between the organization, her partners and service providers. Upon transition to cloud services access "to a cloud" and authentication of users often are the weakest links in security chain as they represent a point of "contact" between two clouds, also between users and databases or applications to which they want to get access. The compromise of access can undermine all infrastructure of security.

There is a relevant need for the solutions combining identification of users, providing access and traditional services of authentication. The modern organizations are interested in the solution which provides the highest security level while users prefer "friendly", means of protecting easy to control which functionality is familiar to them, such, such as, "tablets" or smartphones. The solution a2Cloud of Stonesoft was developed just for satisfaction of all these requirements.

"Cybercriminals constantly show the capabilities to commission of the difficult attacks even against the organizations where the greatest possible security measures are taken, and the border between corporate networks and networks of partners becomes thinner as employees and mobile users constantly need access to applications "in a cloud". In these conditions the modern organizations should have verifiability of the trust level of networked environment taking into account a context for the purpose of providing a secure and authorized access to corporate applications", - Marko Rottigni, the product manager of SSL VPN of Stonesoft corporation told.

Solution a2Cloud

The solution a2Cloud includes the server of authentication Authentication Server and the gateway SSL VPN managed on a centralized basis by means of StoneGate Management Center. The solution provides secure access "to a cloud" by means of multifactor and mnogometodny authentication (web, one-time passwords, RADIUS, MobileID, etc.).

The server of authentication is easily integrated with command center and monitoring of StoneGate Management Center that provides unprecedented simplicity of a configuration, besides, total cost of ownership (TCO) and aggregate value of administration (TCA) are minimized and also reporting system is expanded. The server it is transparent it is integrated with the existing databases of users and provides four simple authentication methods in use.

The solution SSL VPN allows to organize a virtual private network (VPN) which can be available via the standard web browser without the need for installation of the specialized client software. Thus it is possible to organize a secure and authorized access to certain in advance corporate applications from any place and from any mobile device, compatible to web.

Intuitive methods of authentication

The solution a2Cloud includes 4 methods of authentication which are intuitive and convenient in use:

• Password is the method based on the classical pair "name user/password";
• MobileID Synchronized is the two-factor method of strict two-factor authentication based on generation of the one-time password on the client software of MobileID. To generate the one-time password (OTP), the user enters the PIN;
• MobileID Challenge is the method of strict three-factor authentication based on generation of the one-time password on the client software of MobileID on the basis of data of a request from the server;
• Mobile Text is a method of strict authentication at which the one-time password is sent to the user by means of the text message.

The gateway SSL VPN offers also additional methods of authentication. Besides, authentication process can become safer if to use a combination of different methods.