Providing air-gapped MFA to 11 of 16 critical infrastructure sectors
SurePassID is proud to protect customers that own, support, and supply critical infrastructure - no matter what sector they are in.
Air-Gapped MFA
Right-sized and right-priced
Traditional and phishing-resistant MFA
99.999% ("Five Nines") availability
Legacy apps and devices
Air-gapped MFA. SurePassID does it better, and more cost-effectively, than any competing solution.
The experts in air-gapped MFA
SurePassID has been providing modern, advanced user authentication solutions for air-gapped systems in IT and OT for more than a decade.
33% of our install base - literally hundreds of customers - relies on SurePassID to lock down user access within their air-gapped environments.
What makes our advanced, deploy-anywhere MFA platform the solution of choice for air-gapped needs? Because we stand behind it - the experts in air-gapped MFA.
CUSTOMER CASE STUDY
Air-gapped MFA for 5 sites using phishing-resistant MFA
Air-gapped private cloud MFA or "cloud-gapped MFA"
Air-gapped private cloud? It sounds like a misnomer - but it's the future of rapid, cost-effective, and highly scalable MFA for demanding security requirements.
SurePassID has pioneered air-gapped private cloud MFA - or as we like to call it, cloud-gapped MFA - in Azure Commercial, GCC, and GCC High environments.
These are highly locked down private cloud instances that provide customers with the best of both worlds - cloud solutions and air-gapped security. Supported deployment options include:
- Infrastructure-as-code (Bicep template)
- Virtual machine (Hyper-V)
- Container instance (ACI)
SurePassID also offers a SaaS Private managed hosting option for customers seeking a truly turnkey solution. As the experts in air-gapped MFA, we can do it all for you.
Air-gapped MFA for OT and critical infrastructure
Providing air-gapped MFA for OT teams and critical infrastructure operators is a vital mission for SurePassID. We leverage years of experience and hundreds of deployments when building solutions that address the most demanding requirements.
- Right-sized and right-priced for OT's smaller environments
- Integrations for SCADA systems like EcoStruxure Geo SCADA Expert
- Support for legacy applications and devices
- Support for online and offline use cases
Secure enclave MFA
Securing Controlled Unclassified Information (CUI) for compliance with FISMA/NIST 800-53 and NIST 800-171 /CMMC 2.0 is often done with secure enclaves. These are physically and logically isolated environments where compliance needs can be localized to minimize scope and costs - such as in defense manufacturing.
SurePassID makes it easy and cost-effective to deploy air-gapped MFA within secure enclaves, locking down user access to all CUI no matter where it lives:
- Shop floor machinery - CNC machines, process control equipment, etc.
- Windows, MacOS, Linux, and Raspberry Pi endpoints
- Shared resources like workstations and terminals
- Servers, data repositories, and full-spectrum librarians
- Network appliances within secure enclaves
- Legacy devices and legacy applications
MFA for SCIFs and SAPFs
Sensitive Compartmented Information Facilities (SCIFs) and Special Access Program Facilities (SAPFs) are U.S. government-accredited facilities designed to store, discuss, or process classified or sensitive information.
SurePassID has complete, turnkey solutions for deploying multi-factor authentication within SCIFs and SAPFs - right down to the smallest facilities with only a handful of users and endpoints.
Don't take risks with MFA for your SCIFs and SAPFs. Go with SurePassID, the industry leader in air-gapped MFA. We will ensure that you benefit from our tailored solutions, deep expertise, and unrivaled technical support.
Frequently asked questions about SurePassID air-gapped MFA
Does SurePassID need internet access during installation?
No. In air-gapped mode, SurePassID is a 100% air-gapped MFA solution that never requires internet access.
That includes air-gapped private clouds ("cloud-gapped" systems).
How long does it take to deploy SurePassID in an air-gapped network?
It depends. Air-gapped deployments vary depending on their scale, complexity, and regulatory requirements.
For a few users and endpoints with only a handful of applications to secure, deployment can be as simple as going live after a brief proof-of-concept.
For multiple sites with large numbers of users, heterogeneous apps and devices, and converged credentials or phishing-resistant MFA requirements, the proof-of-concept and deployment can take months.
Regardless, we always move as fast as you need us to - and our Customer Success team is with you every step of the way.
Mobile phones aren't allowed in my air-gapped environment. Can SurePassID provide hardware tokens too?
Yes. We provide a wide range of hardware authenticators ("tokens") - and if necessary, card readers and other complementary hardware - as part of a complete solution:
- Traditional MFA tokens - OTP display cards, OTP keyfobs, etc.
- Phishing-resistant passkeys - Yubico Yubikeys, wearable wristbands, etc.
- Converged credentials - HID Global c2300 Crescendo cards, etc.
Can SurePassID integrate with my SCADA system?
Probably. We have pre-built integrations for many popular SCADA systems, such as EcoStruxure Geo SCADA Expert. We also have a wide range of authentication tools to lock down SCADA systems:
- SAML2
- RADIUS (and FreeRADIUS)
- LDAP/LDAPS
- Proxy server MFA
- REST APIs
But there are thousands of different SCADA systems out there, including legacy software applications running on legacy hardware with challenging limitations. It's not always possible - or cost-effective - to add MFA.
Check with us to see if we can integrate with your SCADA system.
I have Raspberry Pi devices in my secure enclave. Can SurePassID lock those down?
Yes. We have PAMs for Raspberry Pi OS (Raspbian/Debian) and other Linux variants.
How can we help?
Talk to one of our MFA experts about your air-gapped environment and needs. Or jump right into a free trial and see how quick and easy air-gapped MFA can be with SurePassID.