Niche VAD WhiteGold Solutions has signed its first authentication software vendor, a UK company offering an application using mobile phones instead of dedicated security tokens.
Dominic Whitehand, managing director at Sydney-based WhiteGold, said the specialist security VAD had signed on as the first Australian distributor for channel-focused UK vendor Swivel Secure. The brand filled the authentication software gap in WhiteGold's portfolio, he said.
Further, Swivel Secure offered authentication software that differed from that of main competitors such as RSA. Swivel's patented SAS PINsafe M2F software gave two-factor authentication using mobile phones instead of the more usual security tokens, he said.
“We were missing authentication in our lineup of products. We have a number of firewall products, one for enterprise level, one for SMB level and one for government and education level and we have email monitoring tools,” Whitehand said.
The only other real gap in the VAD's portfolio was anti-virus. However, WhiteGold hadn't signed any 'mainstream anti-virus' vendors and had no intention of doing so. “We're not really looking to take one on, because that's a bit of a quagmire,” Whitehand said.
Swivel was in a similar space to rival two-factor authentication provider RSA Security, but offered products with a genuine point of difference given the trend towards increasing mobile device use in business, he suggested.
“It won't go head to head on multi-thousand users, but we see it locally as more for medium and large corporates in Australia, where things like mission-critical e-commerce sites require authentication. And you can save money by not having those tokens,” Whitehand said.
Gary Hare, chief security consultant at Swivel Secure, said the two-and-a-half year old company was breaking into the Asia-Pacific. The company, while not yet profitable, was financially sound and notching up regular sales in Europe, he said.
“There are competitors out there, but they're all token-based still. The unique thing about our product is we use the telephone as a token system,” he said.
Swivel Secure's SMS version meant users did not need to enter a PIN. Users would only see a one-time string, that was overwritten the next time the application was used, Hare said.
“[That information] means nothing to anybody else,” he said. “So it's kind of inherently secure.”
John Meddows, MD Asia-Pacific at Swivel Secure, said the software used a two-factor, two-channel architecture. “Once you get the one-time code, you send it back along the internet,” he said.
Swivel Secure also worked with OEM partners to produce SSL VPN and appliance offerings.
“We will definitely be looking to push that in a number of sales,” Meddows said.
The SAS PINsafe M2F authentication software is claimed to work with any standard GSM or Java/GPRS-based mobile device and gives protected access to web services and corporate networks from any remote or networked client device. It is integratable with enterprise software and configurable for SMB and large organisations.
Support for the software would be initially provided by WhiteGold.
WhiteGold's Whitehand said the software was easy to use and he expected to soon begin training resellers to support it themselves.