Article posted: Jan 23, 2018
By Joakim Thorén, CEO
Our development team spent a lot of time last year focused on the client side of our identity and access management solution, with a heavy emphasis on user self-service. In fact, those improvements and enhancements figure prominently in vSEC:CMS 5.0, which was released last week.
Virtual Smart Cards
For much of 2018, our sites will be set on virtual smart cards (VSCs). VSCs mimic the basic physical smart card lifecycle of "create - personalize - provision - maintain - retire." With VSCs, the trusted platform module (TPM) within the device secures the VSC. To the device's operating system, the VSC acts like a physical smart card that is never removed. Our teams are spending a lot of our time ensuring our solutions will work flawlessly with VSCs for our customers who want to adopt virtual smart cards as part of their multi-factor ID implementations.
The advantages of VSCs include significantly reduced costs over their physical smart card counterparts, and the speed with which VSC projects can be launched. VSCs are attractive to many enterprises because they support today's mobile workforce. Hiring a new worker halfway around the world? There's no need to procure, set up and ship a physical card. Instead, the worker -- using self-service tools -- can be set up and running with a VSC in just minutes. Rolling out two-factor authentication for all the workers at the facility your company just acquired? VCS makes it fast and easy.
Still, VCS solutions are not right for every company, and there's plenty of life left in the physical smart card market. We anticipate physical cards will continue to dominate in industries including government and defense agencies for at least the next 5 to 10 years because physical cards still carry the highest security, and they can be used in multiple ways -- including as a building entry badge complete with the user's photo.
Biometrics and Risk
What we also expect to see more of in 2018 is the use of biometrics as authentication and identification elements for physical and virtual security. But we say this with a big caveat: biometrics today have a lot of downside, most of which is associated with risk.
There are simply too many ways companies can do biometrics incorrectly. While it's generally considered OK for careful users to employ biometric elements, like fingerprints or their retinas, to unlock their own trusted devices such as cell phones, people should think twice about using their personal biometrics for work or on-line activities.
Users should never, for instance, provide a biometric form of ID to a web site. If that site gets hacked and the user's information is compromised, the thieves will have a resource that for the user is simply not renewable.
Similarly, allowing one's face to be scanned for a biometric facial recognition program, such as is being tested by a variety of airlines and airports now, has potential security downsides as well. While it might make airline travel and airport navigation a lot easier and has the potential to enhance security, users should think long and hard before opting to have their face scanned rather than waiting in line. After all, we only have one face.