As companies implement security strategies and technologies they must work toward three very important goals:
* Security must be comprehensive.
* Security must be user-friendly.
* And most of all, security must be extensible.
The security technology that delivers an excellent combination of all these benefits is the smart badge. Smart badges are superficially identical to the credit cards, ID cards, building keycards and affinity programme cards that jam our wallets.
Smart badges and the enterprise
Smart badges are based on smartcard technology, which is winning acceptance for enterprise security applications because it delivers solutions to persistent problems. The proliferation of systems and applications that require passwords work against security because users will defeat the intent of multiple passwords by keeping password lists in their desk drawers, or by using the same password for all their applications.
Smart badges can make stronger authentication less intrusive for users and can serve as secure containers for certificates and insure the secrecy of encryption keys.
The other great benefit of smart badges for the enterprise is flexibility. A single smart badge can play multiple roles in enterprise security. It can be a building access card, a photo ID badge, a digital access card or a secure container for digital credentials.
This ability to integrate security functions into a single badge or card means that one can introduce enhanced security into the organisation without proliferating new layers of procedure and protocol. Thus the badge issuing authority for both digital and building security can be centralised in one department. Investments in existing systems - magnetic stripe readers for building access, for example - can be preserved.
Smart badges in the digital world
Controlling physical access to facilities and resources has long been a major security issue in the enterprise. But as business moves online, controlling digital access is becoming equally important. For many companies, controlling digital access begins at the PC.
Smart badge-based systems can help secure workstations and support corporate access policies in several ways:
* Two-factor authentication is a significant improvement on simple password security and smart badges make it more enforceable: without a badge, the workstation is unusable, even if an unauthorised user knows the password. Smart badges can be used to secure both single-user workstations and shared PCs.
* They help enforce mixed password policies. Users do not have to remember passwords stored on a badge and they do not have to write them down.
* Together with card readers they can provide an extra layer of protection for portable computers and the sensitive data they carry.
* Smart badges can help reduce, if not eliminate, the burden of multiple passwords and multiple sign-ons to corporate applications and Web services. The reduction in help desk calls, in turn, will improve the return on investment in smartcard technology in addition to improving system and network access security.
* As enterprises are beginning to deploy digital certificate technology and enable their applications and websites to accept digital certificates to authenticate users, the use of digital certificates enables 'single sign-on' (SSO) capabilities to users of these certificate-enabled applications. Smart badges and two-factor authentication can enhance SSO security, which benefits both users and administrators. The user's certificates and keys can be stored in the smart badge and cryptographic functions executed on it. Using a smart badge as a secure container provides a high level of security for the digital credentials used in PKI and SSO strategies.
Smart badges for building security
Smart badges are chameleons. They can look very different and work very differently from application-to-application and enterprise-to-enterprise.
Using the same smart badge for both digital access and building access reinforces the importance of security for employees in ways that are both philosophical (for example, by emphasising the equivalency of the two) and mundane, (for example, an employee's smart badge is less likely to be left in a PC card reader if he needs it to get back into the office after lunch).
The smart badge's appearance can be customised with the corporate identity of a company - colours, logos and graphic design. It can also be personalised, like all photo IDs, with a picture and other information about the badge holder. These two things are related: the customisation validates the badge and the badge validates the badge holder.
Building access cards use a variety of well-developed technologies to hold data about the badge holder and transmit it to door lock readers. Magnetic stripe cards are swiped through readers.
The variety of badge formats makes it possible to add security functionality without increasing the number of badges employees must manage. Likewise, it allows one to overlay smart badge-based digital security on almost any building access system.
Perhaps most importantly, it allows one to deploy smart badges gradually and at low cost by taking advantage of the existing ID or building access system: one can begin by issuing new employees badges for door access that have smartcard technology embedded, so that later on they can program the badges for digital access as well.
ROI benefits of smart badges
Smart badges can provide demonstrable return on investment in several ways:
* Consolidate 'islands of enforcement'.
Integrating smart badge-based digital security with existing systems can lower costs by reducing islands of enforcement within the enterprise - bringing control of digital access and building access together can eliminate redundant administration and support expenses. Benefits include single point of issue, better control of access and reduced programme costs.
* Piggyback new strategies on existing systems. Improved security strategies can be piggybacked on spending for current access security systems. Upgrading single function access and ID badges to multifunction badges that include smart badge technology can add value and enable new security initiatives at very little additional expense and with no disruption to employees' use of the current systems. Smart badge-based authentication does not have to be an either/or choice. It can be interoperable with standard password-based access, so you can implement security strategies based on smart badges and readers on a department-by-department or even a user-by-user basis.
* Protect investments in existing systems. The ability to combine multiple functions in a single smart badge can help preserve the investment in an existing system. If a company invested in a proximity card system to control and monitor door access throughout the building and now wants to add PC and network access security through smart badges, but does not want to issue multiple badges, it does not have to - and does not have to rip out the proximity card readers, either. It can upgrade its proximity cards to dual-function cards that include smart badge technology. Even if it expands its operations by taking over a facility with an existing magnetic stripe access system, it would probably be able to continue to issue just one card and continue to use the existing systems.
* Reduce administration and support costs. Smart badges make security more user friendly.
Functionality for the future
New applications for smart badges are surfacing constantly. There is no shortage of ideas for using smart badges in the enterprise. Enterprises use smart badges to make employee records such as HR and health records and financial information more accessible without compromising their security or privacy.
Other applications use smart badges as an enabling technology for complex systems. Smart badges make it possible to use biometrics efficiently in decentralised systems. If the organisation is looking at digital certificates and a public key infrastructure for single sign-on, it will find smart badges useful. It can begin by using smart badges in less dramatic ways - for two-factor authentication to access public workstations or Web-based applications for password storage. Smart badges, with their compatibility with existing card security solutions, can position the enterprise now to further enhance its security, both digital and physical, as more complex systems become standard. Smart badges can help make the transition to the future a managed evolution, not a chaotic revolution.