Restricting
Access to Specific Computers
It is cost effective to outsource some functions to
contractors. Call centers and help centers are common examples of
this practice. In some instances you must provide the agents with
selective access to customer account information or other sensitive
information. You must ensure that the agents access the information
only while performing their duties. If you provide the agents with
passwords to access the customer information, how do you keep them
from using the passwords for non-work access?
The common solution today is to use some form of a “VPN”
to control the use of the passwords. This can be as strong as a
closed, physical network or as simple as IP source address filtering.
The closed physical networks are expensive. Filtering of IP addresses
is weak (easy to a spoof source address) as well as rigid, since
it does not allow changes in the contractor's network.
Sevan's Web Subscriber Authentication provides a strong, yet flexible
mechanism for restricting access to specific computers. When you
install a WSA between the contractor and your sensitive information,
the WSA will authenticate the agents before allowing them access
to your sensitive information. Since the WSA uses a certificate
to authenticate the agent, the authentication is really tied to
the computer at the call center. Therefore, the agent cannot access
your sensitive information from other other computers.
The WSA makes it very simple to set up this certificate-based access
control.
-
Your administrator specifies which sensitive information can
be accessed and sets up one or more enrollment accounts.
-
The enrollment names and passwords are given to a trusted person
(either your employee or the contractor's employee)
-
This trusted person attempts to access your sensitive information
from the contractor's computers. The WSA generates and downloads
a certificate into the computers and enrolls the certificates
(assuming the user knows the valid enrollment passwords).
-
The WSA allow access your sensitive information only if the
access is coming from a computer with an enrolled certificate.
|