The Reality of Data Security: Comparing Route1 to an SSL VPN Solution

TORONTO, ONTARIO--(Marketwire - Aug. 4, 2011) - In response to the recent outbreak of high-profile data security breaches, Route1 Inc. (TSX VENTURE:ROI), a provider of leading security and identity management technology today issued the third of a series of briefing notes comparing solutions commonly used by governments and enterprises. Recent breaches at The International Monetary Fund, Citigroup, RSA, Lockheed Martin and Sony, among many others, underscore the vulnerability of networks to increasingly aggressive cyber-criminals, no matter how large or sophisticated the organization involved. In fact a Ponemon Institute study of 583 US-based companies, conducted in June 2011, found that 90 percent of organisations suffered a security breach in the past 12 months.

Many breaches occur as a result of opportunities created for cyber-criminals when legitimate users access their networks remotely, or physically transport data from their network on portable storage devices or PCs. As data is transmitted between networks and remote users through the internet, it becomes vulnerable to man-in-the-middle attacks and malware. Portable storage devices and PCs are vulnerable to theft or hacking. The simplest of tasks, undertaken by remote users, can result in massive breaches.

Three questions must be answered to create a secure remote access solution that protects networks:

1. Access: Can people use the resources of the network wherever they are?
2. Data security: How can the organization ensure that its data cannot be accessed, stolen or tampered with by the wrong people?
3. Entitlement management: How does the organization ensure that only the right people can access the data and that only the right data is available to those people?

This briefing note compares Route1's answers to these questions to SSL VPN solutions.

The Route1 Solution

Route1's unique, integrated secure remote access solution offers many benefits, including the following:

• Keeps enterprise data within enterprise firewalls. Data is not moved outside the network
• Authenticates the individual user's identity using multiple factors. Many solutions authenticate against only the remote PC, not the user
• Offers remote users exactly the same access that they have at their office – they are actually working on their office computer in real time
• Protects against man-in-the-middle attacks and malware
• Requires no software installation on the remote PC – any internet-enabled PC can be used
• Leaves no footprint on the remote PC – no data is transferred, leaving nothing on the remote device
• Integrates seamlessly into existing IT infrastructure, requiring no additional servers or network upgrades or configuration changes
• Offers very quick installation on the host computer, supported by a highly regarded help desk

Route1's MobiNET platform, TruOFFICE software application, and MobiKEY device combine to deliver this unique bundle of benefits providing secure identity management and data access. The MobiNET provides universal identity and access management and is also the service delivery platform. It is driven by the identity of the user, not the PC they are using or where the data is housed. With a MobiKEY device, a user can be individually, consistently and accurately identified by the MobiNET platform. No data is stored on the device itself. If the device is lost or stolen, data and network security are not compromised.

The SSL VPN Solution

SSL VPN solutions provide network access to a remote PC through software previously downloaded onto that PC. If unauthorized access is gained to the computer, or if the computer is lost or stolen, the network then becomes an easy target for cyber attacks. Because data and other network information are transmitted beyond enterprise firewalls through the Internet, man-in-the-middle and malware attacks are also possible. SSL VPN solutions require hardware, software and IT resources to deploy and maintain. The cost and complexity can be significant. Because these solutions offer only single-factor authentication, many organizations add OTP (one time password) tokens to create two-factor authentication, creating further cost and complexity for them and their users. Moreover the recent breach at RSA has raised fears about the security of OTP tokens.

Route1		SSL VPN
• Driven by the identity of the individual user		• Driven by the software downloaded on the remote PC not the user
• Can read CAC/PIV cards for identity validation		• No capability to read CAC/PIV cards
• Multi-factor authentication of the user's identity as well as authentication of the user's computer and the enterprise server		• Single factor authentication. Two-factor authentication can be added on using security tokens. RSA disclosed a breach affecting up to 40 million tokens in June 2011
• Any internet enabled computer can be used safely and securely		• Requires a dedicated and pre-configured remote PC (laptop)
• All data/files remain behind enterprise firewalls		• Data/files leave enterprise firewalls
• No trace or data footprint on the remote PC		• Footprint left on the remote PC
• No opportunity for man-in-the-middle, virus, malware or keyboard loggers		• Susceptible to man-in-the-middle attack, virus, malware or keyboard loggers
• No data is stored on the MobiKEY device. If lost or stolen, can be instantly disabled with one phone call		• Serious security problem if remote PC is lost or stolen. Organization unable to recover data or know who is in possession
• Because no data passes between the network and remote PC, there are minimal bandwidth requirements		• Megabytes and kilobytes of data travelling between the network and remote PC result in a significantly slower user experience
• Solution integrates seamlessly and easily into existing IT infrastructure		• Requires additional appliance(s) within the network with significant set-up costs. May also require considerable re-configuration of the network infrastructure
• Instant and safe disconnection. When MobiKEY is removed, the data session terminates immediately. There is no need to close down applications or saving of files		• Need to properly close down all applications in order not to lose data or files being worked on. Non-secure personnel may see screen as this is taking place
• Most cost-effective network security and protection solution available		• Higher cost solution in terms of hardware, software and IT resources to implement/maintain

Attacks on enterprise networks and data will continue to increase, but so will the need for organizations to provide secure remote access to increasingly mobile work-forces. As enterprises and governments evaluate the wide range of solutions that purport to solve this critical need, they can test those solutions by judging how effectively they answer the three critical questions of Access, Data Security and Entitlement Management. An upcoming briefing note will discuss integration with Virtual Desktop Infrastructure (VDI).

ABOUT ROUTE1 INC.

Route1 delivers industry-leading security and identity management solutions to enterprises worldwide – businesses, government and military that need universal, secure access to all digital resources and sensitive data. These customers depend on The Power of MobiNET - Route1's communications and service delivery platform. MobiNET provides identity assurance and individualized access to networks and data. Route1's patented solutions are based on FIPS 140-2 cryptographic modules, and simplify the process of meeting increasingly stringent regulatory requirements for privacy and security. Headquartered in Toronto, Canada, Route1 is listed on the TSX Venture Exchange. For more information, visit our website at: www.route1.com.

This news release, required by applicable Canadian laws, and does not constitute an offer to sell or a solicitation of an offer to buy any of the securities in the United States. The securities have not been and will not be registered under the United States Securities Act of 1933, as amended (the "U.S. Securities Act") or any state securities laws and may not be offered or sold within the United States or to U.S. Persons unless registered under the U.S. Securities Act and applicable state securities laws or an exemption from such registration is available.

© Route1 Inc., 2011. All rights reserved. Route1, the Route1 and shield design Logo, SECURING THE DIGITAL WORLD, Mobi, MobiSecure, Route1 MobiKEY, Route1 MobiVDI, MobiKEY, MobiKEY IBAD, DEFIMNET, MobiNET, Route1 MobiNET, TruOFFICE, TruFLASH, TruOFFICE VDI, MobiKEY Fusion, EnterpriseLIVE, EnterpriseLIVE VO, MobiNET Agent and MobiKEY Classic, are either registered trademarks or trademarks of Route1 Inc. in the United States and or Canada. All other trademarks and trade names are the property of their respective owners. The DEFIMNET and MobiNET platforms and the MobiKEY, MobiKEY Classic and MobiKEY Fusion devices are protected by U.S. Patents 7,814,216 and 7,739,726, and other patents pending.