David: What trends are you seeing in identity management?
Michael: We have been seeing government organizations using stronger multi-factor authentication (MFA) such as PKI or FIDO. Since phishing schemes have become more sophisticated and intercepting one-time passwords (OTPs) has become easier for attackers, impersonation resistance methods of MFA — such as physical hardware security credentials including smart cards or tokens — are becoming required. With FIDO, we are seeing an increase in requests for adding enterprise management capability to the FIDO-enabled credentials.
David: Tell us about management access and control and how these have been helpful with the work-from-home trend.
Michael: Identity and Access Management (IAM) for work-from-home employees continues to be significantly important. The major factor is allowing appropriate access to the verified employee who needs to work with sensitive digital information. This can be accomplished through hardware-based multi-factor authentication. To access a system, an individual needs to physically have a smart card or token along with a PIN to authenticate. These are core components of MFA. For example, Versasec’s CMS (credential management system) has enabled organizations to implement hardware-based MFA for their remote workers for years.
David: What are authentication management use cases you’d like to discuss?
Michael: I’ll stay on the topic of working from home as it is very common. Securing the work-from-home employees brings different challenges. These users need to be brought in the organization’s controllable network, but they can’t walk up to the IT helpdesk or a service desk to receive a hardware credential or reset their PIN code. There must be a better way to manage these users remotely without lowering the security or changing policies.
Over the years, Versasec has developed solutions for securely issuing or replacing a hardware MFA device, PKI or FIDO, for an employee in a remote location. For years, one of our core competencies has been protecting and securing the remote workforce.
David: Where do you see multi-factor authentication going?
Michael: I imagine we’ll see tamper resistant forms of MFA implemented at more critical access points to data. This essentially means more organizations will be implementing a Zero Trust Architecture (ZTA). With a ZTA, both internal and external networks are considered exposed or untrusted. Within these ZTA networks, the encryption of data can happen for multiple reasons, such as accessing data, storing data, sending data, or approval processes.
David: What’s your favorite “cool” application or technology?
Michael: I think it’s cool that PKI for IoT and edge devices continues to grow in importance. It makes sense for organizations to better protect themselves from leaking sensitive information. Devices can capture extremely sensitive data about a patient, a system’s performance, or location of an asset. For example, you may have a valve at a water utility plant that has a digital identity and key pairs to encipher or decipher information being sent about water flow for a town. Just think of all the other types of devices that collect and share information that you wouldn’t want the wrong party gaining access to. We have only started exploring the possibility of facilitating these types of PKI use cases with the Versasec CMS.