Vendor Report: Vasco - 70303

Vasco is a vendor in the Authentication Management market which provides a number of differentiated solutions around strong authentication, electronic & digital signing. The vendor is well known for its broad range of hardware tokens for authentication & signatures and the complimentary software solutions acting as management server and validation point. To serve the different security requirements and protection classes usually found in a larger organization, Vasco has diversified both their hardware token range and their software solutions and also introduced non-hardware based authentication methods to their portfolio, but still limiting the methods to those created internally by Vasco. No option to add own mechanisms is available.

In contrast to most other vendors who present single-purpose (or single-method) authentication systems, Vasco provides choice in authentication mechanisms and also provides their core authentication server as a customizable authentication solution. This allows organizations with a large customer base, e.g. online/retail banking, to modify and tweak their authentication methods to best fit the special needs to their clients. If only simple one-time-password (OTP) solutions for securing the VPN access are needed, of-the-shelf software or appliance products can be used which allow for easy integration and accelerated setup. Due to the lack of APIs for 3rd party authentication systems, some limitations apply.

Besides OTP token and server technology, Vasco offers a range of PKI/Certificate based solutions and components that serve identity validation and provide signature capability, e.g. for online transactions and document signing and encryption. To assist this, a special hardened browser is provided on a CD as tamper-proof and zero footprint environments. In combination with special signature-capable tokens or card-readers, this solution is mainly targeted at banking industry. VASCO brings the solutions originally created for banking to other industries such as government, healthcare, gaming & gambling. Other Vasco tools also offer support for special standards of the finance industry, such as EMV/CAP. Again, the solutions themselves are pretty much locked to interact with the Vasco components and cannot be fully customized to plug in to internal solutions.