Wednesday, December 4, 2024

Tide May be Turning for Smart Card Adoption

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

For several years now the smart card has been touted as the answer to a

lot of authentication and security questions. It’s sounded the death

knell of the password year after year.

But the password hasn’t shown any signs of going anywhere. The smart

card, on the other hand, has had a slow start, with few companies jumping

on board with it.

The tide may be turning, though… finally.

The U.S. government is pushing for smart cards to be issued to federal

employees and contractors starting this October. While an official

estimate has not been released as to how many cards will be issued in

total, the Department of Defense alone reports that it plans on handing

out 3.6 million cards to military personnel, employees and contractors.

That means millions of Americans will become smart card holders over the

course of the next year. Couple that with the fact that the upcoming

version of Microsoft Windows adds increased smart card support and the

falling prices of both smart cards and their readers, and industry

watchers say smart cards may finally start to get some of the traction

that people have been expecting all along.

”We’re looking at an evolution here,” says Mark Diodati, an analyst in

identity and privacy strategy services at the Burton Group, an industry

analyst firm based out of Salt Lake City, Utah. ”People have always

talked about the revolution coming. It’s not. You’ll see federal

employees carrying cards and then you’ll see consumers carrying cards in

the form of contactless debit cards. And then as Vista becomes

commonplace out there, it will pick up more.

”Real commercial adoption will be driven by the Swiss Army knife aspect

of it,” he adds. ”Here’s your card — it gets you into the building and

logs you onto Windows and then it’ll buy your lunch in the cafeteria…

People will start to look at this technology.”

A smart card doesn’t appear all that different from a regular credit

card, but this device will have a small, embedded computer chip, which

can perform tasks and store information. The cards can be used, instead

of traditional keys, to gain access to buildings. They can be used as

digital wallets, loaded up with a certain amount of money that can be

spent in corporate cafeterias, for instance.

But smart cards are getting the most attention for their network security

uses. With the addition of smart card readers to corporate work stations,

smart cards can be used along with a PIN code, creating two-factor

authentication.

Neal Creighton, chief executive officer of GeoTrust, Inc., a major

digital certificate provider based out of Needham, Mass., says growing

network security concerns will be a major driver of smart card adoption

over the next couple of years. ”The environments are a lot more ready,”

he says. ”The entire Microsoft system is ready for this. It’s all

integrated so smart cards can be used much more easily. In the past, you

had to do a lot of integration work. Now, it’s already there.”

At the RSA Security Conference last month in San Jose, Calif., Microsoft

Chairman Bill Gates told the keynote audience that he finally has the

right tools to supplant the password. Of course, this isn’t the first

time Gates has said the password is going the way of the dinosaur. In

1999, Microsoft unveiled its first stab at an alternative authentication

technology — the Passport single sign-on service. It died. The password

lived on.

This time, Gates says he doesn’t expect the password to die off over

night. In three or four years, though, he says he seems them becoming

part of the corporate security arsenal. And he’s adding increased smart

card support to Vista to back that up.

Corporate Implementation

At Steag AG, an electricity generator and distributor based in Essen,

Germany, they’ve been slowly but surely implementing smart card

technology for the past two years.

Frank Pooth, IT project manager for Steag, says they started out issuing

employee cards for access control to the physical buildings. Next,

they’ll move on to securing email with smart cards. Eventually, the cards

also will be used for access to printers and scanners, as well as to pay

for food bought in the company canteen.

”We won’t give employees a second smart card,” says Pooth. ”We will

give them one employee cad that will solve all of our problems with

access to the building and to IT resources… We don’t plan to implement

it on all systems at one time. We will take it step by step. It will

take, for the whole company, three years.”

Pooth said they have taken on the project because it’s making them more

secure and it’s saving them money at the same time.

”In combination with a single sign-on strategy, you have a more secure

log-on technique,” he says, adding that it will be cheaper to support

one authentication system across the board, rather than a different

system for every need. ”You combine what you know and what you have and

that’s the smart card. It’s more secure.”

Falling Prices — Increasing Sales

Creighton says a drop in the cost of smart cards and related technologies

will play a big part in corporate America deciding to implement them.

”If you look at when the technology was really hyped, it was early and

it wasn’t easily integrated,” he says. ”It was really expensive. That’s

where we were. Now it’s integrated and at a much lower cost. All those

components are there now so it’s a much easier decision for people.”

According to Creighton, a company of 5,000 employees could deploy smart

cards today for under $10 a user — and that includes the cards and the

readers.

That price should drop even a little more if smart card adoption is

planned into periodic hardware upgrades, says Randy Vanderhoof, executive

director of the Smart Card Alliance, a non-profit industry association

based in Princeton Junction, N.J.

Vanderhoof notes that obviously an adoption will be more expensive if a

company is starting from scratch, buying the cards and readers, paying

for training. The key will be to upgrade to desktops and laptops that

already come with smart card readers and technology built in.

”In most companies, they go through a desktop refresh every few years,”

he says. ”One of the options is to buy PCs with smart card readers

already built into them or the keyboard… Companies will slowly migrate

to smart cards as they upgrade.”

As for the password, Diodati says it will be hanging around for the

foreseeable future.

”The password is a ubiquitous form of authentication that is never going

away,” he adds. ”There are legacy applications that will never open

themselves up to PKI-based authentication… And there are going to be

applications that are low-risk. Maybe you’re not moving money around or

doing something else that is high risk. Then a password might be the

right level of authentication for that. They’re portable. Everyone knows

how to use them. They’ll be around for quite some time.”

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles