Modern enterprise security uses a layered identity approach for access to more sensitive networks, systems, applications and information. Sensitive data is normally protected using multi-factor authentication where, as well as user-id and password, a user is required to swipe a security badge into a reader. The security badge is a smart card that is likely to contain a digital certificate issued to the user by the enterprise.
This requires the implementation of a PKI infrastructure to support the identity authentication interactions within the enterprise and can be achieved by implementing a dedicated in-house PKI environment or by partnering with a Certificate Authority to host, manage and maintain the PKI environment offsite.
Four factors have developed over the last several years which have driven enterprises to consider widely deploying a PKI architecture for access management:
• Weakness of passwords
• Adoption of smart cards
• Emergence of biometrics
Weakness of Passwords
Passwords are recognized as being an extremely poor form of protection. Password problems are very difficult to manage because an enterprise network may have hundreds or thousands of password-protected accounts and only one has to be compromised to give an attacker a way into the system or network. With today's interconnected networks, the problems are potentially devastating on an even larger scale; a skillful intruder may break into one system and never harm it but instead use it as a platform for attacks on other systems in the network. With the implementation of identity and access management systems user password length and content are more tightly regulated leading users to write down password and keep them where unauthorized users can access them.
Smart Cards
Smart cards have now been widely adopted. The smart card is a physical token the user carries with them. The challenge with any token is ensuring that the person presenting the smart card is the same person to whom it was issued. The ability to use digital certificates in the card and encrypt things like biometrics and user identity information provides additional validation the user is who they claim to be.
Biometrics
The emergence of biometrics, with some forms becoming lower priced for deployment, has seen a widespread implementation of biometrics. Biometrics is often used as part of multi-factor authentication. The combination of biometrics with smart cards and digital certificates results in much stronger validation of identity.