NSA nears approval of remote-access solution

A remote-access solution developed by Kasten Chase Applied Research Ltd., two other companies and the National Security Agency has passed NSA's technical and security tests, giving the companies the green light to begin marketing the solution to government.

NSA initiated development of the solution, known as the Remote Access Security Program, about two and a half years ago in search of a better way to let government employees securely access sensitive information from remote locations using their laptops and a dial-up connection, according to Kasten Chase.

The secure telephone units used for data communications by the agency and the Defense Department are briefcase-size phones better suited for voice transmissions. "They are used by State Department officials and flag officers or, basically, those people senior enough to have someone who carried it for them," said Steve Ducat, vice president and general manager of the Secure Access Division of Kasten Chase.

The solution, which Kasten Chase calls the Remote Access Security Product line, includes Kasten Chase's Optiva Secure Plus remote-access server, Rainbow Technologies Inc.'s Palladium secure modem card and encryption software developed by Spyrus to protect data downloaded to the laptop's disk.

RASP is a PC Card-based secure remote-access solution designed to provide cost-effective authentication, link encryption and desktop data protection. The solution protects data moving through telephone lines against unauthorized viewing and prevents unauthorized network access.

RASP can be used to access data that is labeled "sensitive but unclassified" or "classified," but it cannot be used to access "top secret" data. About 80 percent of all secret data is either "sensitive but classified" or "classified," Ducat said.

Kasten Chase is announcing this week that the server and modem components passed NSA tests, but the encryption technology is still being evaluated, Ducat said. Government agencies were among the 40 organizations that piloted RASP.

The system costs about $1,000 per seat in quantities greater than 40. The number of governmentwide users could exceed 500,000, and most are in the Defense Department, Ducat said. The Justice and Treasury departments also would have many employees needing the secure remote access, Ducat said.

RASP faces competition from companies providing virtual private network solutions, which are being adopted by private industry because of the savings they offer, said Ted Julian, an analyst at Forrester Research Inc., Framingham, Mass.

VPNs use the Internet and encryption to create the secure link, which for private industry is secure enough in light of the money that can be saved by eliminating dedicated lines and the servers and modems needed to connect using a remote-access solution, Julian said.

Security has been cited as the topic that will follow Year 2000 remediation, and RASP is among the products to meet security needs, said Warren Suss, president of Warren H. Suss Associates.

"Until this point, the demand for secure products to some degree has been split between the kind of mandatory security requirements for classified networks and the security requirements for nonclassified networks," Suss said. The question will be how aggressively agencies move to provide robust security in cases where they are not required to provide it.

Suss said industry needs to design cost-effective applications, and government needs people who are ready to make investments to protect the federal infrastructure. "The potential is enormous for security products, but the issue is will that potential be realized," he said.

More information on RASP is available at ias.itserealm.com/rasp.