Commerce Media Celo 2.0
February 01, 2009
£7,500 (standard edition for up to 2,000 users)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: No hardware purchase for tokens; it utilises something users already have
- Weaknesses: Time needed to get running, support, initial cost is high but cost per user is reasonable at 2,000-user level
- Verdict: Takes time to set up/configure but easy to use and manage after that
Celo from Commerce Media is a token-less, two-factor authentication product that can be deployed either as an in-house or hosted solution and supports both SOAP and Radius protocols to use something you already have, instead of requiring a user to carry additional hardware. The focus of the Celo solution is to transform a mobile phone or other device into a token to receive a one-time password (OTP).
The solution is delivered as software. We loaded the following Celo modules on our test server: SOAP interface, admin web interface, Radius service and database. These modules sat on top of Microsoft IIS and .Net Framework, which we loaded first. We also had to load an SQL server to support the database deployment.
Once deployed, the management interface was simple and easy to use. Some of the configurations to the server still required command line skills and were not totally integrated into the management user interface. The application did come with Radius support but we did not see any integration with LDAP or AD for adding users to the system. Even without the integration, we were impressed with how easily we could create and manage a user using the web-based tools in the management interface of Celo 2.0.
Logging and reporting were available and were adequate for most basic management needs.
A nice benefit to both the end user and the support staff is that password reset is achieved by the user repeating the request for a one-time password, eliminating the need to contact a help desk. Users can choose between multiple transport methods for passwords, including SMS text message and email.
Documentation was installed with the application. We would have liked access to the user and admin guides prior to loading the software but were unable to find them on the website. Basic support is provided for 60 days via the web and upgraded options are available after that.
Once initial setup is complete, ongoing administration is minimal, so the cost of operating this solution is very attractive. It requires time to set up and initially configure, but after that is easy to use and manage.
SC Webcasts UK
Senior Accreditor, Security Risk and Assurance Manager
Disclosure & Barring Service - Liverpool, Merseyside
DV Cleared Systems Architect - 6 Months - London
Computerfutures - London (North), London (Greater)
CISO – Chief Information Security Officer (Up to £100K)
Evolution Recruitment - London (North), London (Greater)
Head of Security Strategy – London
Evolution Recruitment - London (West), London (Greater)
Information Security Manager
Infosec People - Hammersmith, West London
Sign up to our newsletters
SC Magazine UK Articles
- It's a trap! WhatsApp Gold 'premium' version lures users to malware
- SC Awards Europe 2016 winners announcements!
- Microsoft ends common password use and password lockout
- ISIS radicalises 'lone wolves' through strong social media presence
- 1.5 billion Windows computers potentially affected by unpatched 0-day exploit
- CYBERSEC 2016: Can you enforce international cooperation on cyber-security?
- Linux.Mirai Trojan causing mayhem with DDoS attacks
- Is Microsoft exposing the supply chain by hardening the enterprise Edge?
- Russians suspected of cyber-campaign against journalism site
- New NATO report claims China's cyber-space influence continues to grow