Route1 Comments on the Impact of Recent, Significant Data Security Events

MobiKEY Users remain Unaffected by Heartbleed Bug and Increased Litigation Risk


TORONTO, April 23, 2014 (GLOBE NEWSWIRE) -- Route1 Inc. (TSX-V:ROI), a leading provider of secure access technologies for the mobile workspace that protects businesses and government agencies and whose customers include the U.S. Department of Defense, the Department of Homeland Security, the Department of Energy and the Government of Canada, today released a statement on recent, important developments pertaining to corporate data security and Enterprise Mobility Practices.

NJ Court Ruling: FTC Authority

On April 7, 2014, U.S. District Judge Esther Salas of New Jersey affirmed that the Federal Trade Commission could proceed with its lawsuit against Wyndham Worldwide Corp. as a result of the company's failure to safeguard customer information, which resulted in multiple breaches of personal information. The ruling is a significant step towards holding organizations legally liable for failing to implement and enforce proper security controls for sensitive data.

As part of its thought leadership program, Route1 routinely speaks with its senior-level government and private sector clients to identify trends and emerging challenges in the market. As a result of these interactions Route1 issued a white paper on the possible legal implications of BYOD security policy in September 2013. Judge Salas' decision reinforces the assertions made in the white paper: poor data security policy will ultimately lead to legal action against an organization.
 
Tony Busseri, Route1 CEO, noted, "The New Jersey court's ruling confirms our assertion that legal consequences are a very concrete risk that organizations accept when settling for inadequate data security measures. As evidenced by Judge Salas' decision, proper technological controls must be put in place to ensure the security of sensitive information. Information Security can affect the financial well-being of the entire organization and thus ceases to simply be an IT function. Boards and executive management teams can no longer ignore the topic."
 
In pursuit of increased productivity enterprise mobility initiatives are often rolled out without proper consideration of the two most common risk vectors leading to data breaches: Lost or stolen devices and USB sticks on one side, and the propagation of malware or viruses via compromised remote assets on the other side. Reducing these risks through policy has proven to be ineffective. Instead we are seeing organizations seeking to implement technology that allows them to unlock the productivity gains of BYOD and mobile access while neutralizing these risk vectors. High assurance access to enterprise resources can be enabled without actually downloading data to the remote devices. This way all sensitive data stays within the enterprise network and its established security controls. The cost effectiveness of this approach is self-evident. Instead of spending time and money on managing and controlling the remote asset, you simply ensure its identity, restrict its access and never let it cache or download anything.
 
The Heartbleed Bug: The end of single factor authentication
 
The New Jersey Court's decision coincides with the recent discovery of the widespread Heartbleed Bug. The Heartbleed Bug is a flaw in the OpenSSL open-source encryption implementation that is used across roughly two-thirds of available Internet services and websites. The full extent of the fallout from the Heartbleed Bug is still unfolding, but it poses the very real possibility that untold millions of usernames and passwords, that were used only once with a vulnerable internet service are now in the hands of malicious parties.
 
Mr. Busseri continued, "Verizon just released its 2013 Data Breach Investigation Report and confirms that stolen passwords are used by hackers in the majority of data breaches. With Heartbleed we now have a situation where you need to assume that all of the limited number of passwords your employees use have been compromised on a web service that uses OpenSSL. Accordingly, you have to implement multifactor authentication when granting mobile access to corporate data. This is now a priority that simply cannot wait. Our customers continue to believe that integration of smart card technology is the easiest, most user-friendly, reliable and cost effective way to do so."
 
MobiKEY, Route1's flagship technology, meets all the named requirements. It features a smartcard enabled, cryptographic USB device or smartcard reader to ensure that employees leave no trace or evidence of their computing session when remotely accessing sensitive data. All enterprise files stay within the corporate network, simplifying security policy enforcement. Most importantly, MobiKEY does not require any changes to your IT infrastructure; instead it integrates with deployed technologies and can be rolled out in a matter of hours.
 
If a MobiKEY is lost or stolen, enterprise networks cannot be compromised in any way – unlike other portable devices that can be used to store sensitive data and can easily put organizations at risk.  Just as a cell phone service can be suspended or cancelled when loss or theft occurs, digital certificates issued to MobiKEY can be temporarily suspended or revoked.
 
By providing airtight protection against data loss, MobiKEY enables organization to unlock the productivity gains of BYOD and mobile access without exposing them to the embarrassing and costly effects of prolonged litigation.  Ultimately, MobiKEY provides enterprises with stability – technologically, legally and financially.
 
Mr. Busseri adds, "Complex times do not require complex solutions but rather simple ones that directly address the core problems of data security.  Keeping sensitive data within the enterprise network via MobiKEY is such a solution.  MobiKEY unlocks the productive gains that mobility promises without exposing organizations to the risk of data loss or litigation."
 
ABOUT ROUTE1, INC.

Route1 enables the mobile workspace without compromising on security. Its flagship technology MobiKEY uniquely combines secure mobile access, with high assurance identity validation and plug-and-play usability. Remote and mobile workers are able to securely and cost effectively access their workspace from any device without exposing the organization to the risk of data spillage or malware propagation. MobiKEY customers include Fortune 500 enterprises as well as the U.S. Department of Defense, the Department of Homeland Security, the Department of Energy and the Government of Canada. Headquartered in Toronto, Canada, Route1 is listed on the TSX Venture Exchange.
 
For more information, visit our website at: www.route1.com.
 
For More Information Contact:
Tony Busseri, CEO
+1 416 814-2635
tony.busseri@route1.com
 
This news release, required by applicable Canadian laws, does not constitute an offer to sell or a solicitation of an offer to buy any of the securities in the United States. The securities have not been and will not be registered under the United States Securities Act of 1933, as amended (the "U.S. Securities Act") or any state securities laws and may not be offered or sold within the United States or to U.S. Persons unless registered under the U.S. Securities Act and applicable state securities laws or an exemption from such registration is available.
 
Neither the TSX Venture Exchange nor its Regulation Services Provider (as that term is defined in the policies of the TSX Venture Exchange) accepts responsibility for the adequacy or accuracy of this release.
 
© Route1 Inc., 2014. All rights reserved. Route1, the Route1 and shield design Logo, SECURING THE DIGITAL WORLD, Mobi, MobiSecure, MobiLINK, Route1 MobiKEY, Route1 MobiVDI, MobiKEY, MobiKEY IBAD, DEFIMNET, MobiNET, Route1 MobiNET, TruOFFICE, TruFLASH, TruOFFICE VDI, MobiKEY Fusion, MobiNET Aggregation Gateway, MobiNET Switching Array, MobiNET Secure Gateway, EnterpriseLIVE, EnterpriseLIVE Virtualization Orchestrator, MobiNET Agent, MobiKEY Classic and MobiKEY Classic 2, are either registered trademarks or trademarks of Route1 Inc. in the United States and or Canada. All other trademarks and trade names are the property of their respective owners. The DEFIMNET and MobiNET platforms, the MobiKEY, MobiKEY Classic, MobiKEY Classic 2 and MobiKEY Fusion devices, and MobiLINK are protected by U.S. Patents 7,814,216 and 7,739,726, Canadian Patent 2,578,053, and other patents pending. 
 
Other product and company names mentioned herein may be trademarks of their respective companies.



            

Coordonnées