As remote workforces grow, managing PKI devices is still simple and effective

Date: 2021-01-12
Author: Anders Adolfsson and Michael Samara

Next >> Sandia National Laboratories Casestudy

Previous << Microsoft Store

Due to the 2020 global pandemic, companies are facing a new normal in how to conduct business. One of the challenges is how to securely manage and protect the identity and authentication of the workforce. Despite some claims companies should be investing more money to displace PKI, it’s completely unnecessary. Securely managing PKI credentials for work-from-home employees is not new to Versasec. We have been issuing and managing PKI devices remotely for years. Versasec vSEC:CMS has PIV and CAC PKI support with unique support of challenge/response to unblock devices remotely and securely while users are offline from their home. That means there is no reason not to continue using the highest level of security, even during the pandemic.

A lasting impact on business from the COVID-19 pandemic is the sense that data security might be compromised with so many workers doing their jobs from their homes.

We’ve all seen articles and attended webinars where the suggested solutions include buying new hardware security devices, building new processes, enhancing employee training, revamping the corporate help desk and IT, conduct additional security analysis and more to help. But the truth is issuing and managing public key infrastructure (PKI) devices remotely has been done for years, and there is no reason enterprises and government agencies should not continue using the highest level of security – PKI -- even with so many workers working remotely.

The question is why are enterprises and government agencies questioning PKI now? It’s because many organizations have struggled with issuing/rolling out PKI credentials such as smart cards and USB tokens to their remote workers because they aren’t using the right software. Their current solution simply does not offer a means for unblocking blocked PINs, set initial user PINs and remotely issue new devices.

It seems where some organizations are struggling is in authenticating users working remotely who require secure access to information systems and applications. In an office, one of the proven methods for authorizing users is by using a PKI with credential derived from a Personal Identity Verification (PIV) card. During situations where many workers do not have access to their government- or company-issued devices or their PIV cards (such as the COVID-19 pandemic) the use of other strong authentication mechanisms is paramount.

That’s where Versasec can help. For many years, Versasec has been enabling its customers to issue credentials that rely on common PKI use cases 100% remotely. It’s fast and easy, and it puts management of the solution in the hands of the users.

The Versasec Credential Management System’s User Self-Service supports both Windows PCs and Apple macOS systems with PIV and common access card (CAC) credentials, allowing government agencies and enterprises to continue with the highest security standards by maintaining the use of PKI. While the U.S. National Institute of Standards and Technology (NIST) has mentioned options to replace PKI devices with devices that have lower security levels and classifications, it’s truly unnecessary. By using Versasec vSEC:CMS, IT departments in enterprises and government agencies can keep their operations secure using the most effective means for identifying their users: Hardware-Secured PKI.

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact. To learn more, bookmark our blog![more]