Commerce Media Celo 2.0
February 01, 2009
£7,500 (standard edition for up to 2,000 users)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: No hardware purchase for tokens; it utilises something users already have
- Weaknesses: Time needed to get running, support, initial cost is high but cost per user is reasonable at 2,000-user level
- Verdict: Takes time to set up/configure but easy to use and manage after that
Celo from Commerce Media is a token-less, two-factor authentication product that can be deployed either as an in-house or hosted solution and supports both SOAP and Radius protocols to use something you already have, instead of requiring a user to carry additional hardware. The focus of the Celo solution is to transform a mobile phone or other device into a token to receive a one-time password (OTP).
The solution is delivered as software. We loaded the following Celo modules on our test server: SOAP interface, admin web interface, Radius service and database. These modules sat on top of Microsoft IIS and .Net Framework, which we loaded first. We also had to load an SQL server to support the database deployment.
Once deployed, the management interface was simple and easy to use. Some of the configurations to the server still required command line skills and were not totally integrated into the management user interface. The application did come with Radius support but we did not see any integration with LDAP or AD for adding users to the system. Even without the integration, we were impressed with how easily we could create and manage a user using the web-based tools in the management interface of Celo 2.0.
Logging and reporting were available and were adequate for most basic management needs.
A nice benefit to both the end user and the support staff is that password reset is achieved by the user repeating the request for a one-time password, eliminating the need to contact a help desk. Users can choose between multiple transport methods for passwords, including SMS text message and email.
Documentation was installed with the application. We would have liked access to the user and admin guides prior to loading the software but were unable to find them on the website. Basic support is provided for 60 days via the web and upgraded options are available after that.
Once initial setup is complete, ongoing administration is minimal, so the cost of operating this solution is very attractive. It requires time to set up and initially configure, but after that is easy to use and manage.
SC Webcasts UK
Sign up to our newsletters
SC Magazine UK Articles
- Security researcher blasts United Airlines' bug bounty programme
- Video: Young and gifted codebreakers compete in cyber-security masterclass final
- Five last minute retail risk mitigations for Black Friday weekend
- Anonymous' Twitter war hits stumbling block
- New Destover malware features two new timestomping utilities
- ISSE Berlin: Germany to promote 'digital sovereignty'
- Purchasing cyber-insurance without a proven security system will leave businesses out of pocket
- Sophisticated Apple Phishing Email making the rounds
- ISSE Berlin: Safe Harbour II initial agreement expected
- 2015 worst year in history for Mac malware