HID Global released a white paper describing an emerging security environment in which users will have a seamless experience when using cloud-based applications and services, accessing data and opening doors.
This environment will move the industry beyond traditional strong authentication approaches, cards and readers to simplify and improve how identities are created, managed and used across different applications on both smart cards and smart phones. It will also enable efficiency through the centralization of credential management for multiple logical and physical access control identities across IT resources and facilities.
The white paper, “The Convergence of IT and Physical Access Control,” HID identified key developments that are driving the industry toward tighter integration of credential management and a more seamless user experience for both logical and physical access control.
These developments include:
- Moving beyond cards: Organizations are consolidating applications onto a single credential that can be used to control access to IT resources and facilities, they are also moving these multi-application credentials onto smart phones for improved convenience. This will make it possible for smart phones to grant access to everything from the door, to data, to the cloud.
- Moving beyond readers: As users move to a model where they simply tap their smart card or smartphone to a personal tablet or laptop for authenticating to a network, there will be no need for a separate card reader. Users will be able to use their phone or smart card to “tap in” to VPNs, wireless networks, corporate intranets, cloud- and web-based applications, single-sign-on clients and other IT resources.
- Moving beyond costly and complex PKI solutions: The advent of Commercial Identity Verification cards enables organizations to implement strong authentication for accessing data and opening doors, without having to purchase certificates from a trust anchor or pay annual maintenance fees as they do with PKI-based government Personal Identity Verification cards.
- Moving to true converged access control: Converged access control cards are typically either dual-chip cards — where one chip is utilized for PACS and the other logical access — or dual-interface chip cards, carrying a single PKI-capable chip with both a contact and contactless interface to support both physical and logical access control.
In the future, users will have the third option of credentials using a data model that can represent any type of identity information, on a card or inside a smartphone. This includes PACS credentials as well as OTPs for strong authentication, all of which can be used across multiple system architectures. There will be one set of converged security policies that span both physical and logical domains, one credential, and one audit log.
In addition to the trends towards new technologies that enable convenient and highly secure strong authentication, these technologies will also make it possible for organizations to leverage the existing credential management infrastructure for achieving true convergence through a single device that can be used for many security applications. This will eliminate the need for separate processes for provisioning and enrolling IT and PACS identities. Instead, it will be possible to apply a unified set of workflows to a single set of managed identities for organizational convergence.
A copy of the white paper can be downloaded here.