Industry efforts such as Sender Policy Framework (SPF) and the Sender ID Framework are good responses, but relying on them is like fighting a war with only an army but no navy or air force. Indeed, some studies show that a high percentage of spam is SPF-compliant.

The spam flood points to the need for authentication on the left side of the @, but that alone is not enough. Threats from Trojan programs, phishing or even stolen administrative password files all point to adding a smart card as a secure device to address the full spectrum of threats. Smart cards are a perfect complement for SPF initiatives because together they create a system that verifies both the sender and the domain, and eliminates the risk of stolen passwords.

Smart cards are ideal for a wide range of enterprise IT security applications – like HIPAA or Sarbanes-Oxley compliance, for example. Remember the fiasco at Experian? An IT subcontractor stole a password file and used them to pose as legitimate clients, stealing personal and financial information for thousands of people. Their dependency on passwords created this vulnerability. Adding smart cards to the access security would mean this type of attack could no longer happen.

As Microsoft’s Bill Gates described the situation in his speech at Microsoft IT Forum 04, “Whether it’s health data or financial data or customer access to customer records, where only certain people should have that information, we aren’t going to be able to simply rely on passwords.” Microsoft is “walking the walk” too. At the Microsoft IT Forum 04 in October, Gates announced that he and every other employee will use Axalto’s .NET smart cards for both physical and logical access. After all, the war on spam and IT security begins at home.

Smart cards also dovetail nicely with the trend toward multiple PCs in both the home and workplace, as well as telecommuting. An obvious example is an employee who checks work e-mail from home. But that mobility is likely to become the rule rather than the exception: According to a Gartner study, by 2007, employees will perform roughly 40 percent of their tasks away from their desks. Smart cards ensure that security isn’t compromised by the trend toward a mobile workforce.

Smart card and token readers are increasingly common on laptops and PCs, particularly in the enterprise, so it’s not an inconvenient stretch for employees to use them to verify their identity when using a PC other than their own. They’re also not a stretch for the IT department, thanks to open standards such as PC/SC.

About the author:

As the president, Americas for Axalto, Paul Beverly manages Axalto’s activities in North, Central and South America and plays a significant role in driving strategy and leading Axalto to its position as the leading microprocessor smart card provider in the world. He is responsible for overseeing the company’s innovations in smart card and security technology and ensuring the development and deployment of new generations of products and services

During his 19 years with Schlumberger Ltd., the organization that founded Axalto, Beverly held various management positions in operations, marketing and sales in North America and France, including head of corporate communications for Schlumberger in New York City and vice president of marketing for smart cards worldwide based in Paris.

A past chairman of both the Smart Card Alliance and the former Smart Card Industry Association, Beverly is a leading advocate and activist for the industry. He is a regular guest speaker at premier events such as CardTech/SecurTech, Cartes, Card Forum, APTA, SCA and the United Nations.

Visit Axalto on the web at www.axalto.com.