Debunking misconceptions over smart cards
(08/04/2008)

The potential benefits for any large organisation of using smart card technologies are immense, encompassing reduced security risk exposure, increased efficiency, improved compliance and better access to services for all. Despite these benefits, misconceptions over smart cards mean they are still not being embraced as widely as they should. But what are these myths and should businesses be genuinely concerned?

Myth 1 - Smart card technology is new and untested

Smart card technology is well established, having been first introduced over twenty years ago in banking and healthcare. Having evolved from single-purpose to multi-function devices, smart cards can now be used with a variety of operating systems and are installed with a chip-based solution. This provides greater capacity to store information, allowing organisations to bolt-on more applications and better manage their passwords. As a result, smart cards facilitate secure storage for credentials including passwords, PKI certificates and keys, one-time passwords and biometrics.

Myth 2 - Smart cards are difficult to deploy

Many companies shy away from adopting smart cards because they perceive the whole implementation process to be very slow and complex. Deploying smart cards in the enterprise will indeed introduce wide-ranging changes to the IT infrastructure in terms of the technological and cultural impact and must be a gradual process. To navigate through the implementation process, businesses must create an identity assurance strategy which demonstrates a rapid return on investment and a reduction in administration time. This should then be used as the platform upon which to develop longer term initiatives, both from a technological and business perspective.

Myth 3 - Smart cards are too expensive

Companies should be prepared to accept that they will always incur costs when deploying any new technology and investing in smart cards is no different. IT managers may resent having to allocate some of their limited budget to the implementation – but are they forgetting the hidden costs associated with using passwords in terms of management and helpdesk support?

Once deployed, unless smart cards are mislaid by the employee, they will never have to be reset or replaced like passwords, meaning they will simply continue to save money over time. Smart cards are now dynamic and multi-functional, enabling organisations to consolidate multiple credentials onto a single device to provide consistent, secure access to both building premises and IT systems alike across the entire business.

Myth 4 - Smart cards are too easy to lose

Some people may argue that smart cards are physical objects so are easily misplaced or lost, but the point is that they are worthless to people who may find them. In addition, by consolidating controls into a single device, employees will need to carry them at all times to ensure they can access the organisation’s buildings and IT systems. Admittedly, companies may have teething problems in the beginning as people forget to bring them and ask for replacements but they will eventually get accustomed to using them. This will, in turn, bring huge time-saving benefits to both the user and IT department.

Fact - Smart cards are on their way

Smart cards are on their way. Consolidation of physical and logical systems maximises value and this approach facilitates a reduction in security expenditure by eliminating the budgets to manage individual smart cards. Implementing Single sign-on (SSO) as a component of a smart card deployment will almost guarantee excellent end-user adoption and a successful deployment.

Smart cards should therefore be at the heart of any information assurance strategy designed to make the most of today’s technologies. The only question is, how long before you decide to put one in your wallet?

ActivIdentity is exhibiting at Infosecurity Europe 2008, on the 22nd – 24th April 2008 in the Grand Hall, Olympia, www.infosec.co.uk