It will also enable improved efficiency through the centralization of credential management for multiple logical and physical access control identities across IT resources and facilities.
In a white paper titled “The Convergence of IT and Physical Access Control,” HID Global identified key developments that are driving the industry toward tighter integration of credential management and a more seamless user experience for both logical and physical access control:
- Moving beyond cards: not only are organizations consolidating applications onto a single credential that can be used to control access to IT resources and facilities, they are also moving these multi-application credentials onto smartphones for improved convenience. This will make it possible for smartphones to grant access to everything from the door, to data, to the cloud.
- Moving beyond readers: As users move to a model where they simply tap their smart card or smartphone to a personal tablet or laptop for authenticating to a network, there will be no need for a separate card reader. Users will be able to use their phone or smart card to “tap in” to VPNs, wireless networks, corporate intranets, cloud- and web-based applications, single-sign-on (SSO) clients and other IT resources.
- Moving beyond costly and complex PKI solutions: The advent of Commercial Identity Verification (CIV) cards enables organizations to implement strong authentication for accessing data and opening doors, without having to purchase certificates from a trust anchor or pay annual maintenance fees as they do with PKI-based government Personal Identity Verification (PIV) cards.
- Moving to true converged access control: Converged access control cards today are typically either dual-chip cards (where one chip is utilized for PACS and the other logical access), or dual-interface chip cards (carrying a single PKI-capable chip with both a contact and contactless interface to support both physical and logical access control). In the future, users will have the third option of credentials using a data model that can represent any type of identity information, on a card or inside a smartphone. This includes PACS credentials as well as OTPs for strong authentication, all of which can be used seamlessly across multiple system architectures. There will be one set of converged security policies that span both physical and logical domains, one credential, and one audit log.
This will eliminate the need for separate processes for provisioning and enrolling IT and PACS identities. Instead, it will be possible to apply a unified set of workflows to a single set of managed identities for organizational convergence.