Part three in a series on identity issuance and management

Issuing a credential is only the start of the identity lifecycle. As an individual moves around an organization, controlling and adjusting the systems he can and cannot access is equally important to the initial identity vetting. Throughout the ID lifecycle, this identity and credential management function is essential.

As identification has evolved, “it’s gotten much more detailed and much more broad,” says Terry Gold, vice president of sales North America at idOnDemand. “Over the past 10 years, the importance of identification within an organization has skyrocketed.” 

In light of recent security breaches that have attacked enterprises’ PKI infrastructure, Baltimore-based data protection provider SafeNet released security guidelines to enhance PKI-based transaction security.

SafeNet’s cryptographic experts first advise that companies consider securing their private keys in a hardware-based security module (HSM). While software-based security has the benefits of portability and flexibility, it’s also vulnerable to being copied and living in multiple locations simultaneously. The HSM can create a trust anchor to lock keys and grant access to key information from an authorized source. 

A U.S. Government Accountability Office report states that government agencies are making progress issuing interoperable smarty card credentials to employees and contractors but actual use of the high-tech credential isn’t happening very often.

The GAO looked at how eight agencies were progressing with their used of PIV credentials. The Departments of Agriculture, Commerce, Homeland Security, Housing and Urban Development, the Interior, and Labor; the National Aeronautics and Space Administration and the Nuclear Regulatory Commission have mixed results, the report states. 

When PKI is mentioned there are three terms that often come to mind: complicated, expensive and secure. The past few years have seen PKI deployments become simpler and more affordable but at the same time the security has become more questionable. Mark Yakabuski, vice president of HSM Product Management at SafeNet, talks about how PKI on its own is not good enough to secure computer networks and why a layered approach is necessary, including hardware security modules. “PKI is based in software. And in software, one of its largest advantages is that it’s very flexible,” Yakabuski explains. “But software is inherently insecure for a few reasons. Software can be easily copied. Hardware and a hardware device that is designed to always manage the digital certificates and keys within a PKI infrastructure changes that dynamic.”

iTunes

Aggregator

m4a

mp3

Older podcasts.  

Thursby Software Systems announced that it is providing Apple email support for the latest version of its PKard smart card authentication solution for U.S. government workers.

According to Thursby, the solution provides the smart card support that Apple’s latest OS X Lion operating system lacks. PKard v1.1 adds secure mail signing, encryption and decryption in Apple Mail to the existing Apple Safari and Google Chrome secure web and web VPN access that cover all CAC and PIV smart cards. 

IronKey announced that it will sell the assets of its data storage hardware business to Imation Corp. Terms of the deal were not disclosed, but with the acquisition, the two companies formed a partnership to allow Imation’s customers access to IronKey’s cloud-based security services.

With this deal, IronKey will focus on its cloud-based security services business, which includes the IronKey Trusted Access Platform.

To that end, Savannah-based community bank The Coastal Bank has implemented Trusted Access to offer its customers a secure browsing solution for online banking. The Coastal Bank is also offering a new Trusted Access feature called Trusted Bookmarks, which lets customers safely access popular Web sites that the bank identifies and places on a “white list” for safe browsing. 

Guaranty Bank and Trust Company, a Colorado-based community bank and wholly-owned subsidiary of Guaranty Bancorp, is starting to offer its customers IronKey Trusted Access, a secure browser that helps prevent identity theft, payments fraud and online banking account takeover

With Trusted Access, Guaranty Bank protects online business banking customers using secure browsing technology that helps to keep them safe even if their own PC is infected with financial malware.