In an effort to secure sensitive data and protect critical assets, IT and security leaders in highly regulated industries, including the U.S. federal government, mandate strong authentication tied to their mobile employees’ smart/personal identity verification (PIV) card for corporate app and resource access. Considering the physical validation associated with issuing a smart/PIV card, it is considered a safe and trusted source of identity for resource access.

While accessing physical resources does not pose much of a user experience challenge when completed on desktops and laptops, the experience is very poor when it comes to smart/PIV card-based access on mobile devices.

Attend the webinar to learn more

Where Traditional Smart Card Methods Fail

Traditional approaches to this problem required an external smart card reader connected via USB or Bluetooth. While these technically worked, the experience was poor, expensive and restrictive to the notion of mobility. Among the reasons for this less-than-ideal user experience are:

  • Smart card readers are bulky and unaffordable;
  • Attaching or tethering an external smart card reader to a smartphone or tablet creates usability and portability issues; and
  • Smart card readers do not natively integrate with mobile operating systems and, therefore, can only be used by third-party applications.

These issues often prevent companies from boosting productivity by allowing employees to access corporate resources from their mobile devices, leaving highly regulated organizations behind in the mobile and digital transformation journey.

Embracing Derived Credentials for Strong Authentication

To address this challenge, the National Institute of Standards and Technology (NIST) endorsed the concept of derived credentials. A derived PIV credential is a new a digital certificate stored on a mobile device that is derived from the trust of a valid PIV card.

In discussions with public key infrastructure (PKI) vendors, NIST published Special Publication 800-157, which details the agency’s “Guidelines for Derived Personal Identity Verificiation (PIV) Credentials.” While the concept of derived credentials took shape, the implementation of the solution had its own challenges around ensuring both security and ease of use.

Integrating the PKI infrastructure with the right unified endpoint management (UEM) solution addresses most of these technical and end user challenges while delivering scalability and security, adherence to NIST guidelines, and ease of deployment and use.

Having the right UEM solution that integrates with the PKI infrastructure allows organizations to:

  • Seamlessly integrate derived PIV credential creation, issuance and renewals;
  • Provide strong multifactor authentication (MFA) to a wide range of resources, including native profiles, email, PIV-enabled websites and third-party apps;
  • Extend simplified authentication options for nonmobile endpoints such as desktops and laptops; and
  • Cut costs by incorporating the user’s previously established PIV identity into the new derived PIV credential, thereby eliminating the need for further identity proofing.

Learn More

Join us for a live webinar on Oct. 30 to learn how IBM MaaS360 with Watson UEM and Entrust Datacard developed an integrated derived PIV credentials solution that solves the strong authentication challenges experienced by IT and security professionals in highly regulated industries.

Attend the webinar to learn more

More from Endpoint

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Threat Management and Unified Endpoint Management

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at its peak, with 79% of all organizations experiencing a loss of business operations during that time. The risk of cyberattacks increased so much that the…

3 Ways EDR Can Stop Ransomware Attacks

Ransomware attacks are on the rise. While these activities are low-risk and high-reward for criminal groups, their consequences can devastate their target organizations. According to the 2022 Cost of a Data Breach report, the average cost of a ransomware attack is $4.54 million, without including the cost of the ransom itself. Ransomware breaches also took 49 days longer than the data breach average to identify and contain. Worse, criminals will often target the victim again, even after the ransom is…

How EDR Security Supports Defenders in a Data Breach

The cost of a data breach has reached an all-time high. It averaged $4.35 million in 2022, according to the newly published IBM Cost of a Data Breach Report. What’s more, 83% of organizations have faced more than one data breach, with just 17% saying this was their first data breach. What can organizations do about this? One solution is endpoint detection and response (EDR) software. Take a look at how an effective EDR solution can help your security teams. …