- White paper reviews key trends that will enable organizations to more easily support multiple access control use cases and identities on one card or smartphone.
- Offers vision for moving beyond cards to smartphones, beyond readers to “tap-in” access convenience, beyond Public Key Infrastructure (PKI) technology to simplified solutions for higher security, and beyond legacy PKI to true converged strong authentication credentials.
- Explains benefits of unified enrollment processes and workflows spanning multiple identities across multiple IT security applications and physical access control systems (PACS).
“This is an important time in the evolution of securing online identities and managing physical access control technologies,” said Tim Phipps, vice president of Product Marketing, Identity Assurance with HID Global. “As organizations become more mobile and new technologies deliver greater security, efficiency and user convenience, there is growing demand for provisioning and managing IT and PACS credentials on a single card or smartphone --using a single set of processes. Our goal is to help our customers realize this vision and the benefits that a unified secure identity strategy can deliver.”
In the white paper, titled “The Convergence of IT and Physical Access Control,” HID Global identified key developments that are driving the industry toward tighter integration of credential management and a more seamless user experience for both logical and physical access control. These developments include:
- Moving beyond cards: not only are organizations consolidating applications onto a single credential that can be used to control access to IT resources and facilities, they are also moving these multi-application credentials onto smartphones for improved convenience. This will make it possible for smartphones to grant access to everything from the door, to data, to the cloud.
- Moving beyond readers: As users move to a model where they simply tap their smart card or smartphone to a personal tablet or laptop for authenticating to a network, there will be no need for a separate card reader. Users will be able to use their phone or smart card to “tap in” to VPNs, wireless networks, corporate intranets, cloud- and web-based applications, single-sign-on (SSO) clients and other IT resources.
- Moving beyond costly and complex PKI solutions: The advent of Commercial Identity Verification (CIV) cards enables organizations to implement strong authentication for accessing data and opening doors, without having to purchase certificates from a trust anchor or pay annual maintenance fees as they do with PKI-based government Personal Identity Verification (PIV) cards.
- Moving to true converged access control: Converged access control cards today are typically either dual-chip cards (where one chip is utilized for PACS and the other logical access), or dual-interface chip cards (carrying a single PKI-capable chip with both a contact and contactless interface to support both physical and logical access control). In the future, users will have the third option of credentials using a data model that can represent any type of identity information, on a card or inside a smartphone. This includes PACS credentials as well as OTPs for strong authentication, all of which can be used seamlessly across multiple system architectures. There will be one set of converged security policies that span both physical and logical domains, one credential, and one audit log.
In addition to the trends towards new technologies that enable convenient and highly secure strong authentication, these technologies will also make it possible for organizations to leverage the existing credential management infrastructure for achieving true convergence through a single device that can be used for many security applications. This will eliminate the need for separate processes for provisioning and enrolling IT and PACS identities. Instead, it will be possible to apply a unified set of workflows to a single set of managed identities for organizational convergence.