With smartphones now being used beyond conventional uses, like access to company email while on the move and as a means of identification in the work environment, this new way of thinking is driving a fundamental change in how we view, deliver and manage secure identity.
We often think about identity in terms of the card that carries it but with more and more companies allowing employees to use their NFC-enabled smartphones for physical access purposes in the workplace, ‘identity’ can now take many different shapes. A smartphone as a ‘digital key’ being used to open doors and tag-in to work locations eliminates the need for employees to carry any other access credentials.
Of course, this development inevitably raises questions about how to ensure that the identities assigned to the phones in use can be trusted. Fortunately, the issue of managing virtualised credentials in the business environment need not be a daunting process and can be done through the implementation of a trusted identity framework that functions to create a secure boundary within with the transactions or communications between devices, for example when a smartphone interacts with a card reader.
At the heart of this framework rests a secure vault which delivers the agreed corporate security policy to the devices in use. Once a ‘handshake’ is accomplished between the secure vault and the mobile device, such as a smartphone, then it is deemed to be trusted in the business network.
After this acceptance, the trusted devices no longer communicate with the vault and may operate independently. In this way, the transaction between endpoints is trusted and the resulting transaction, such as opening a door or logging onto a computer, can also be deemed trusted. This framework also allows the business to retain the power to dictate the terms in which the device functions, and also allows credentials to be revoked if the ‘identity’ in question becomes unsavoury.
Another benefit to this system is that NFC-enabled physical access control makes it easier to track who is entering and exiting monitored access points across the workplace. In doing so, the business can be assured that all endpoints – from the smartphone carrying a person’s virtualised credential to the recipient door reader – and all the systems in between, are valid before facilitating entry to the building.
The trusted boundary provides the foundation for an extremely secure mobile identity environment so that the transactions between the employee-owned phones or corporate-issued Bring Your Own Devices and the door they serve to unlock, or network they access, are conducted in a secure fashion.
Merging the management of both logical and physical security infrastructures so that their operations are conducted via one platform is integral to not only keeping pace with what technological advancements like NFC can do for workplace activity, but also responding to increasingly fluid employee culture. As mobile phones become deployed for more business uses they will seamlessly coexist with current or legacy access control systems and more traditional plastic access cards, by migrating to such a converged platform businesses can ensure that scrutinised budgets are maximised without diminishing security priorities.
It is the hybrid security ecosystem which takes account of how virtualised credentials change the way we trust identities, that will enable businesses to capitalise on the obvious benefits of the NFC-physical access trend, from convenience to interoperability, while still maintaining trust in the identities passing through its doors. Approaching the mobility surge in this way signals a more holistic, sustainable and, most importantly, unified approach to a business’s security practices.