Page 30 - index
P. 30
Future Mobile Opportunities
The benefits of NFC technology are many as it becomes a standard feature of smart
phones, tablets and laptops targeted at the enterprise market. Users can have a smart card
or smartphone that grants access to resources by simply “tapping in” – without the need to
enter a password on touch-screen devices, or the need for additional devices to issue and
manage. In addition, there are a number of steadily growing NFC-based tap-in use cases
that are poised for strong adoption in the enterprise, including tap-in to facilities, VPNs,
wireless networks, corporate Intranets, cloud- and web-based applications, and SSO clients,
among many other scenarios. These benefits and the wide range of potential applications –
along with the fact that manufacturers are enabling more and more phones, tablets and
laptops with NFC -- are driving many companies to seriously consider incorporating secure
NFC-based physical and logical access into their facilities and IT access strategies.
The mobile model will deliver particularly robust security, and will be especially attractive in a
BYOD environment. It will be implemented within a trusted boundary, and use a secure
communications channel for transferring identity information between validated phones, their
secure elements (SEs), and other secure media and devices. The authentication credential
will be stored on the mobile device’s secure element, and a cloud-based identity provisioning
model will eliminate the risk of credential copying while making it easier to issue temporary
credentials, cancel lost or stolen credentials, and monitor and modify security parameters
when required. It will also be possible to combine mobile tokens with cloud app single-sign-
on capabilities, blending classic two-factor authentication with streamlined access to multiple
cloud apps on a single device that users rarely lose or forget.
The NFC tap-in strong authentication model will not only eliminate the problems of earlier
solutions, it will also offer the opportunity to achieve true convergence through a single
solution that can be used to access IT resources while also enabling many other
applications. These include such physical access control applications as time-and-
attendance, secure-print-management, cashless vending, building automation, and biometric
templates for additional factors of authentication – all delivered on the same smart card or
NFC-enabled phone alongside OTPs, eliminating the need to carry additional tokens or
devices. Historically, physical and logical access control functions were mutually exclusive
within an organization, and each was managed by different groups. Now, however, the lines
between these groups will begin to blur.
Additional Considerations for the Cloud
As identity management moves to the cloud and enterprises take advantage of the Software
as a Service (SaaS) model, there are other critical elements to consider. For instance, it will
be critical to resolve challenges around provisioning and revoking user identities across
multiple cloud-based applications, while also enabling secure, hassle-free user login to those
applications.
The most effective approach for addressing data moving to the cloud will likely be federated
identity management, which allows users to access multiple applications by authenticating to
a central portal. It also will be critical to ensure the personal privacy of BYOD users, while
protecting the integrity of enterprise data and resources. Several other security issues also
emerge. IT departments won’t have the same level of control over BYODs or the potentially
30 Cyber Warnings E-Magazine – August 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
