Case Study: Air Hydro Power Streamlines PIV and FIDO Smart Card Management

Challenges

Air Hydro Power faced several significant challenges. The company had doubled in size, both in locations and employees, but its IT team remained the same size. There was an overwhelming amount of manual work.

Managing the user’s device and its digital credentials wasn’t possible. Issuing, revoking, and unblocking tokens was also slow and too cumbersome. They had a diverse user base of young and older employees with varying levels of technical proficiency, which made implementing strict security procedures challenging.

Existing certificate management systems did not address the specific needs of managing physical smart cards, and finding the right card management solution proved difficult.

Additionally, the company operated in a hybrid environment with PIV and FIDO smart cards, adding further complexity. Finally, they needed a way to migrate their existing physical smart cards, requiring a process to wipe and re-register them for use with Versasec vSEC:CMS.

Solution for PIV and FIDO Smart Card Management

Air Hydro Power found Versasec through a referral from a smart card manufacturer. They began with a trial of Versasec’s software and, recognizing its capabilities and potential, quickly engaged with Versasec’s team. A proof of concept was immediately initiated to test the software’s capabilities within Air Hydro Power’s hybrid environment. Cybersecurity teams are increasingly adopting this advanced hybrid configuration, which demands software that can manage the dual nature of FIDO devices, a feat only achievable with a strong CMS.

Versasec’s team excels at providing solutions that precisely match their clients’ needs. When Air Hydro Power faced a specific hurdle, their R&D team delivered a focused enhancement within 24 hours. Through close collaboration and iterative testing, they refined this solution to ensure it perfectly addressed their requirements. This proactive support was critical for Air Hydro Power’s hybrid environment, allowing them to effectively manage certificates, IdPs, and streamline key registration across all systems.

This collaborative effort resulted in a solution that worked seamlessly, allowing Air Hydro Power to manage their PIV and FIDO smart cards and streamline their authentication processes effectively.

Air Hydro Power’s (AHP) users now login to their workstations with a USB security device (or PIV and FIDO smartcard) and a PIN. As employees visit various websites and services they use throughout the day, they are required to tap the USB device to authenticate and then enter the web destination. Air Hydro Power’s Systems Analyst and Architect reports peace of mind now since all management activity in the CMS is automatically gathered and fed into repositories for all FIDO and PKI USB devices. AHP’s end users are happy because they now benefit from streamlined self-provisioning, guided by clear instructions, and the help desk remains available for in-office support.

Results

The implementation of Versasec’s vSEC:CMS yielded significant positive results for Air Hydro Power. Most notably, the security posture of the company was greatly enhanced. The centralized management of PIV and FIDO smart cards and user identities meant only authorized users with registered keys could access sensitive resources, providing a much higher level of assurance.

The IT team experienced a dramatic streamlining of key management, reducing manual effort and increasing efficiency. A small team is now able to manage the deployment of 100s of keys, a task that was previously overwhelming.

Users benefited from a simplified authentication process, requiring fewer steps and proving to be more reliable. Specifically, the removal of the third-party authenticator app from iOS devices simplified the process and eliminated several extra steps for users. Air Hydro Power’s users can perform mobile-device authentication without additional software installed on their mobile devices.

The speed of rolling out new users and managing security keys increased significantly, allowing the IT team to be more responsive. Moreover, vSEC:CMS provided robust monitoring, reporting, and auditing capabilities, which were essential for ensuring compliance with government contracts. Finally, Air Hydro Power established a strong partnership with Versasec, characterized by responsive support and ongoing collaboration, further enhancing the overall success of the implementation.

“I’ve actually reached out to two different friends of mine that run MSPs. And they are trying to push out some security keys for FIDO. I encouraged them to go to Versasec and talk with them. Go to them because the management aspect of managing keys is tough.”

“I looked at Versasec and at the end of the day, it wasn’t a product. The way that Paul worked with us and continues to work with us today, it’s a true partnership and I know I can lean on them and make that call, shoot that email, and get a response. It’s a true partnership and it’s really nice to be able to have that, as opposed to a traditional ‘this is my piece of software, call support and have a good day.’”

Conclusion

Versasec’s vSEC:CMS provided Air Hydro Power with a comprehensive and scalable solution to manage their physical security keys and user identities. The implementation streamlined operations, enhanced security, and simplified the user experience. Air Hydro Power highly recommends Versasec to other companies facing similar challenges. The partnership between Air Hydro Power and Versasec demonstrates the value of collaboration and tailored solutions in addressing complex security needs.

About Versasec

Versasec goes beyond basic identity management by offering unparalleled flexibility, advanced FIDO2 capabilities, and seamless integration with Entra ID. Thus, enabling organizations to meet their unique identity needs and exceed the requirements of modern security mandates like Executive Order 14028.

vSEC:CMS manages the lifecycle of identity credentials, integrating with Entra ID, certificate authorities, user directories, smart card printers, hardware security modules, and more. This allows businesses to leverage existing IAM infrastructure with cloud-native Azure solutions.

Key Differentiators:

• Unmatched User Experience: vSEC:CMS simplifies credential management for both IT administrators and end-users. Our innovative self-issuance process with Entra ID allows employees to set up authentication devices without IT intervention. For scenarios where self-service is unsuitable, vSEC:CMS offers help-desk on-behalf of users management. This streamlines onboarding, especially for remote or hybrid workforces, and eliminates the complexities of traditional self-enrollment methods.
• Advanced FIDO2 Enterprise Features: Versasec is at the forefront of FIDO2 innovation. We provide centralized management of FIDO2 devices with features like PIN remote unblock, Relying Party allow lists (allow gmail, exclude facebook), and granular control over fingerprint enrollment. This level of control is crucial for enterprise deployment security.
• Seamless IdP Integration: vSEC:CMS leverages the latest technology with IdPs, enabling organizations to reach the full potential of integrations.
• Comprehensive IAM: vSEC:CMS offers a single pane of glass for managing all logical and physical authentication needs. It supports many authenticators, integrates with existing infrastructure (cloud and on-premises), and provides complete lifecycle management for identity credentials.

Impact:

• Increased Efficiency: vSEC:CMS drastically reduces IT overhead. For example, pre-registering a FIDO key with vSEC:CMS takes a tenth of the time compared to traditional enrollment. This efficiency gain is further amplified with batch issuance, integrations, and APIs.
• Enhanced Security: Our solution strengthens security by protecting enrollment, revocation, and recovery processes. Features like FIDO2 PIN unblock (5 mins vs. hours for manual complete reset and recovery) minimize downtime and mitigate risks associated with temporary replacements with weaker authentication methods.
• Compliance and Oversight: vSEC:CMS provides comprehensive audit trails and reporting, ensuring compliance with industry regulations and security policies, including Executive Order 14028.

About Air Hydro Power

Since 1961, Air Hydro Power has served the Kentucky, Southern Indiana, West Virginia and more recently Alabama manufacturing base as a Total Solutions Provider. From Hydraulic, Pneumatic and Connector roots, they have adapted to new technologies like Electrical Motion Control, Safety, Bar Coding and Vision Inspection Systems. A total solutions provider with the best people, facilities, and products to service clients’ needs.