Article posted: Mar 22, 2017
Q&A with Tomas Gustavsson, PrimeKey CTO
Here at Versasec, we're building strong partnerships with the security industry's leading companies, including PrimeKey. Recently, we sat down with Tomas Gustavsson, CTO at PrimeKey, and asked him a series of questions. Here's Mr. Gustavsson's perspective on two-factor authentication, PKI, IAM and more.
1. Where does PrimeKey see the strongest growth in two-factor authentication over the next two years? Please discuss in terms of regions, verticals and size of customer organizations.
Two-factor authentication is growing; and we're seeing different types of authentication in virtually all regions and across every vertical segment. Some of these forms include PKI, FIDO and other two-factor authentication mechanisms like SMS codes. Europe and Asia seem to prefer PKI-based systems, especially in government and eIDAS. Limiting ourselves to PKI, governmental and eIDAS seem to be two drivers in Europe and Asia. This includes both mobile phone solutions including apps and physical tokens.
2. What's the main reason that more and more organizations are choosing EJBCA instead of other CAs?
EJBCA provides a high level of technology innovation. It's a mature product that is constantly updating when new standards and developments are introduced in the market. EJBCA is feature-rich, and dependable. It solves customers' needs and is scalable.
3. Ideally, how would you like to see the user presence part of multifactor authentication handled? Can we replace the PIN codes with something as secure and yet cost efficient?
With the introduction of fingerprint sensors in every smartphone, and face recognition in laptops, users are more familiar with options for sign-on. Fingerprints can replace the PIN code for unlocking local tokens, such as PKI tokens. Users are getting accustomed to fingerprint unlocking - it's fast and convenient.
4. What do you believe is the biggest selling point of an IAM system built using vSEC:CMS and PrimeKey EJBCA? -Does ease of use and high level of security play a big role?
When paired, PrimeKey's EJBCA and Versasec's vSEC:CMS offer a mature and secure solution from trustworthy suppliers. The well-integrated package is easy to install and implement, saving organizations from costly and time consuming integration. And there is far less maintenance. A key benefit is the lower total cost of ownership, allowing IT departments to better manage their resources. Custom solutions, development, and integration can otherwise be time-consuming, expensive and labor-intensive.
5. What is your view of on-premises SW compared to Cloud Services when it comes to PKI related enterprise and government services?
Government organizations still remain concerned about public cloud services, and are reluctant to deploy these services there. Internally they can use in virtualized environments though. Likewise, large enterprises are also hesitant to deploy public cloud services. However, smaller enterprises and specific business units in larger enterprises are considering cloud and managed PKI solutions because they don't have the resources to maintain such solutions for the long-term on their own. But, every company is slowly moving toward cloud acceptance even for security systems.
6. And how do you see the PIV Market evolving?
My personal and maybe somewhat European biased observation is that with the move toward mobile solutions, including smart phones, PIV may become less important. Some organizations don't care about the internal structure of tokens, as long as they fulfil their requirements - especially since middle-ware is commonly needed anyway.
There are also standards emerging for deriving other tokens, such as FIDO tokens, based on the trust in PIV tokens. As such PIV forms the basis for trust in US Government, but other tokens are used in parallel.