RCDevs Vision of Two-Factor Security
Free Solutions for All and Low-Cost High-Security Solutions for Enterprises
We want to provide our expertise and products to the whole Internet community. Also, we offer a complete enterprise security solution which should cover the needs for a majority of companies, organizations and individuals at minimal or no cost. We think internet security is a major concern today and recent events tend to prove it. Nice solutions or innovations exist with for example OATH or OpenID but still, few of them are affordable and easily integrated with easy APIs. We also provide simple and powerful solutions for everyone, free for small deployments, and we hope our initiative will bring value to the global concern of Internet security.
Enterprise Solutions and not Cloud Services
Our solutions are opened but not cloud-based. We do not provide a central security hub that you have trust blindly. We provide a software product via appliances or installers. It is Linux-based and easy to install and maintain. We prefer that you get the full control on your security infrastructure. Yet this is not limited and you can use our solutions for building security services or for securing cloud applications and hosted systems.
Why don’t we provide it as cloud services?
- You cannot trust the Internet and you must be careful with services opened for all on the Internet. Information transported from your company to an external service goes across an insecure public network where you never have control on what is in the middle.
- You cannot only base your security on trust, good reputation of others and SLAs. You can only trust what you control and can audit yourself.
- Externalizing the security looks interesting on the cost and maintenance aspects. But after few years, you will simply realize that it costs more than an efficient local security implementation. Maintaining externalized user bases has never been easier. On the opposite, it requires connectors, replications, connectivity and never means less integration efforts.
Also think about the pain it can be to deploy thousands of users on a remote system, or batch modify them etc… whereas you can run custom tools, prototype, test, duplicate, backup in a local environment.
And infrastructure cost is not a concern anymore since you can virtualize your security infrastructure.
- Externalized systems mean additional points of failure. What happens if you base all your access control on external services and you get a connection drop?
We really believe in the initiative for open authentication (OATH) and its advantages for the following reasons:
- We think open security algorithms are today simply more reliable than proprietary algorithms. They are the result of large community experience and can be challenged every day by security experts. You can analyze or review analysis yourself. Proprietary solutions claim their degree of robustness without offering the possibility for the user to check by himself.
- OATH Tokens are just a better investment for your company. You can reuse them in any other software security solution with an assurance about compatibility. Proprietary Tokens are limited to a specific vendor technology.