Attention, MSP operatives! Today we’re tackling a peculiar challenge in our modern cloud-first world: those stubbornly physical hardware security tokens that refuse to join us in the 21st century.
The Mission Brief
Picture this scenario: You have a critical workflow that requires a hardware security token. You know the type – those small USB devices that seem to disappear precisely when you need them most. Traditional solutions involve: – Keeping the token physically with you (and inevitably leaving it in your other jacket) – Sharing a single token among team members (a logistical nightmare) – Purchasing multiple tokens (expensive and administratively cumbersome) – Being chained to the office whenever you need to use it
None of these options are particularly elegant for our modern, mobile workforce. Time for Q Branch to step in.
The Solution: Thinking Outside the USB Port
The core concept is brilliantly simple: Instead of moving the token, we move its connectivity. Here’s how we crafted a solution:
- Secure Physical Storage
- Hardware token remains safely locked in a secure office location
- No risk of loss or damage during transport
- Single source of truth for token location
- Network Accessibility
- USB sharing device to make the token available over the network
- Can use anything from budget-friendly options (like GL-iNet mini router with VirtualHere) to enterprise-grade solutions (like Digi AnywhereUSB)
- One-at-a-time access maintains token integrity
- Zero Trust Security
- Integration with Zero Trust VPN/SASE solution
- Secure access from anywhere in the world
- Maintains security posture while enabling flexibility
Automation: Because Life’s Too Short for Manual Installations
Here’s where it gets interesting. The client software (USBAnywhere Manager) needs to be installed on any workstation that requires access to the token. Rather than turning this into yet another manual task (heaven forbid), we’ve automated it:
- Created a deployment component for our RMM system
- Added it to our standard workstation deployment process
- Made it available as a one-click installation for existing workstations
- No more “Oh, you need the token today? Let me spend the next hour setting up your access.”
This automation approach means: – Consistent installation across all workstations – Zero manual intervention required – Available immediately when needed – One less thing for the help desk to worry about
The Real-World Impact
This setup has transformed our workflow in several ways:
- Location Independence
- Access the token securely while on the road
- Work from home without planning ahead
- No more rushing to the office for quick tasks
- Enhanced Security
- Hardware token stays in a controlled environment
- Zero Trust principles ensure secure access
- No risk of loss during transport
- Audit trail of token usage
- Improved Efficiency
- No time wasted tracking down physical tokens
- Multiple team members can access when needed
- Seamless integration with modern working patterns
- Automated software deployment eliminates setup delays
Implementation Notes
If you’re considering a similar setup, here are the key elements to consider:
- Network Security
- Zero Trust VPN/SASE solution is crucial
- Ensures only authorized users can access the token
- Maintains security regardless of user location
- USB Sharing Options
- Budget options work well for testing or small deployments
- Enterprise solutions offer additional redundancy and management
- Choose based on your reliability and security requirements
- Client Software Deployment
- Automate USBAnywhere Manager installation
- Include in standard workstation builds
- Create quick-deployment options for existing machines
- Document any required configuration settings
- Physical Security
- Secure the token in a controlled environment
- Consider physical access controls
- Document physical security procedures
- Usage Policies
- Establish clear procedures for token access
- Consider scheduling systems for shared access
- Document emergency access procedures
The Bigger Picture
This solution represents more than just sharing a USB device – it’s about bridging the gap between legacy hardware requirements and modern work patterns. By thinking creatively about the problem and automating every possible element, we’ve turned a potential limitation into a workflow advantage.
Final Thoughts
Sometimes the most elegant solutions come from questioning our basic assumptions. Did we really need to physically transport the token, or did we just need secure access to its functionality? By separating these concerns and automating the deployment process, we’ve created a solution that’s more secure, more efficient, and more aligned with modern work practices.
Need more classified information about modernizing legacy workflows or other MSP automation solutions? Contact Q Labs. And do try to keep your tokens secure in the meantime.