The move to a more “frictionless” security experience, meaning a security experience that does not slow users down, is one of the key trends HID Global anticipates will drive the industry in 2013, according to a recent HID blog entry bu Debra Spiler. One way to remove friction is to embed credentials inside NFC-enabled smartphones and other mobile devices, so that users needn't carry separate cards, keys and tokens. This not only removes friction but also meets the need for improved cost and convenience. For instance, organizations can still benefit from the use of strong authentication as a primary security pillar, without forcing employees to carry a dedicated security token. Instead, the token is on the user's phone, which can also be used to open doors and conduct other secure transactions.
To make this frictionless security experience a reality, credentials will be embedded into NFC-enabled phones, and identity management will move to the cloud.
Organizations will enable frictionless user login using both SaaS as well as internal enterprise applications. In a Bring Your Own Device (BYOD) environment, employees will be able to use their personal devices. Cloud security becomes a critical ingredient. While much of today's focus is on securing the platform, it will also be critical to resolve challenges around provisioning and revoking user identities across multiple cloud-based applications, while enabling secure, frictionless user login to those applications.
HID Global has worked with pilot partners including Netflix and Good Technology to test some of these frictionless security concepts in the enterprise. The goal was to see how users would react to a mobile access control model, with cloud-based provisioning of digital keys and credentials. Both companies realized that people carry their phones everywhere and consider them to be almost like an extension of their ID (having conversations, conducting bank transactions, storing photos). This makes the devices an extremely convenient access control platform.
Frictionless access control requires more than convenience; solutions also must be easy to use. HID's enterprise pilot participants found mobile access control to be as easy as using a traditional plastic card. Another requirement identified by pilot participants was a high level of device choice. This creates the need for widely available NFC-enabled phones and solutions that are based on open standards to simplify adoption, especially in a world of BYOD deployment and IT consumerization. Frictionless access control solutions based on open standards will also future-proof the access control infrastructure, ensuring that investments in today's technologies can be leveraged in the future.
In addition to delivering the convenience and simplicity of frictionless security, the industry will also need to define best practices for managing and supporting today's influx of BYOD mobile phones. Authentication from a personal device to an application on a corporate network or in the cloud will be critical. It also will be critical to ensure the personal privacy of BYOD users, while protecting the integrity of enterprise data and resources.
As we meet these challenges, we will deliver an increasingly frictionless security experience in a new era of cloud-based applications and services. This experience can spread rapidly as we take advantage of the smartphone's on-board intelligence. Consider the possibilities for physical access control, alone. Today, approximately five percent of all facility doors have some sort of electronic access control. The rest are unsecured, or secured by a mechanical lock and key. When we let NFC-enabled smartphones serve as both the key and the rules engine that makes the access control decision, we could see more than five times that number secured and delivering a frictionless mobile experience in the future.