Global service provider iPass is introducing security features this week aimed at enforcing the corporate security policies of its customers.

The four features fall under a product umbrella called iPass Policy Orchestration. The features - endpoint self-quarantine, dynamic policy retrieval, assessment verification and coordinated enforcement - will be rolled out throughout the rest of the year, says Roy Albert, CTO at iPass.

One industry expert gives the initiative a positive review.

"One of the things that is impressive about this announcement is that [iPass] has spent a lot of time integrating every possible security client you can run on a laptop," says Abner Germanow, program manager at IDC.

The service provider is working with 45 security vendors to better integrate their wares with iPass' Corporate Access worldwide remote-access service. IPass already has integrated the products with its network, but still is working out the kinks of rolling out services based on the technology, Albert says.

The vendors range from well-known to lesser-known organizations and include AppGate, Cisco, Check Point, Internet Security Systems and Mobile Automation. A full list of the security technology partners can be found at here.

Endpoint self-quarantine uses a personal firewall to ensure users' PCs adhere to corporate security policies as they attempt to surf the Internet or connect to their corporate VPN. Users required to have the latest Microsoft security patch to access their VPN might be denied access for not having it, but they still might be able to surf the Internet.

Dynamic policy retrieval lets network administrators make policy changes to how all users access the corporate network directly from their desktop. Today, all policy changes go through the iPass trouble ticket system.

Using assessment, remediation and patch management systems, the iPass assessment verification feature confirms a user's system is up to date and if it's not, the correct security patch automatically is sent to that user's machine. Whereas endpoint self-quarantine merely blocks access if a user does not meet policy, assessment verification works to remedy the non-compliance.

The coordinated enforcement feature specifically addresses VPN access policies at the customer's network, after a user might have already gone through the endpoint self-quarantine process. IPass is working with network enforcement systems such as Cisco's Network Admission Control and Microsoft's Network Access Protection to block access to a VPN if a user's PC is not configured correctly or is infected with a virus. Vendors are just introducing these systems now so this feature likely will be one of the last iPass makes available.