Last updated: 08 March 2017
Everybody knows that the IT perimeter has been permanently warped by cloud-based resources, the consumerization of IT and the ever-agile work day. Information technology and information security decision makers are grappling with the tight-rope act of balancing the security of their organization’s data with their stakeholder’s usability expectations. Happily, the pervading need to bridge the identity-mobility-access gap has given rise to innovative identity and access management (IAM) solutions, of which this blog series provides an overview.
Tackling the Mobility Issue
Last blog, we discussed Public Key Infrastructure and how it’s one of the strongest and most trusted security protocols and is used in many enterprise badge deployments worldwide. Using PKI not only provides strong authentication, but includes additional security functionalities that are attractive to today’s enterprise. In fact, many enterprises have issued employees corporate badges for years. Security minded companies, such as Microsoft use a single credential for all their identity and access needs, including badging into physical doors, logging into their workstations and encrypting documents. But while organizations have been completely satisfied with their PKI deployment, the Bring Your Own Device (BYOD) movement threw a wrench into the brilliance of the corporate badge.
The Future of the Corporate Badge
The challenge in using PKI in today’s enterprise mobile workplace is how to use existing authenticators on new mobile devices, most which don’t have USB slots or embedded smart card readers. The problem is PKI uses certificates and private keys stored on a smart card or USB token, are accessed using a reader. While internal readers are almost always found with a desktop or laptop computer, they are most often not found on smaller ultrabooks, smartphones or tablets. There are many enterprises that either want or already have a PKI deployment and want to extend that same strong security protocol and feature to mobile users. As we said before, extending PKI security to mobile can be tricky because most devices don’t have a USB port or internal reader.
A wireless solution is best way to tackle the PKI mobility problem, but still there are compatibility issues. Not every employee has the same type of phone (Android, iOS), equipped with the necessary protocols. So how does enterprise IT address all these moving parts? Bluetooth is the one wireless protocol that is universally found in almost every laptop, tablet and smartphone (unlike NFC), but doesn’t require an internet connection in most cases (like WiFi).
Don’t bulk up
In addition to having a solution that works, another important consideration for enterprise IT is to find a solution that isn’t bulky or that adds burden to the convenience of a mobile device. A Bluetooth-enabled smart card badge reader in a lanyard form is perfect for enterprises where a PKI-corporate badge solution is already in place. For example, Gemalto MobilePKI solutions provide either a Bluetooth-enabled badge holder or USB token. The user simply pairs the Bluetooth device with their mobile device. Once the devices are paired, the smart card will be recognized and processed, just as when the smart card is inserted into an internal reader on a laptop. Watch Enterprise Mobile Security with Bluetooth Smart Authentication to further explain how this works. The badge holder and the smart card could be used for multiple use cases, whether in the office or on the go. Once the devices are paired, the smart card will be recognized and processed, just as when the smart card is inserted into an internal reader on a laptop.
By providing a Bluetooth solution, enterprise IT can expand the protection of PKI, while allowing employees the freedom of anywhere, anytime convenience of mobile. While the BYOD trend will continue to be fueled by user demand, it presents both opportunities and challenges. At the same time the technology is dynamic and from a security perspective immature. Faced with this landscape, enterprises need to tightly examine their specific situations and use cases.
In case you missed them, you’ll want to catch up on our previous blogs in this series: A snapshot of enterprise mobility, Enterprise mobility security concerns and Enterprise security technology essentials. Then in the next blog in our IAM Trends series, we’ll get more in depth into other technologies emerging that will help you secure and restore structure to a fuzzy IT perimeter.
Explore more PKI mobility resources, check out On-the-go connectivity with Bluetooth Smart devices.