Smart Credential enables validation of users to buildings and computer systems with a single credential. It offers a single trusted identity that connects the online and physical environments to enable:
- Secure access to buildings and facilities
- Logical access to workstations and networks
- Authentication to online systems that require high levels of assurance
- Digital signature and encryption solutions.
“Data breaches continue to be in the news,” says Robert Parker, Verizon’s Asia Pacific head of managed identity and security. “In fact, according to the Verizon 2014 Data Breach Investigations Report, two-thirds of all breaches can be attributed to lost or stolen user credentials, such as user name or password.
“To help business better manage this risk by using a single credential in both the physical and virtual worlds. Businesses today often need to rethink their security strategy when their operations expand resulting in new locations, more users, and additional systems and networks,” said Parker.
”While this is a positive sign for business, it also means increased security challenges as more users demand fast access to corporate information. With Smart Credential, clients can boost security while streamlining the process, control costs and, importantly, improve the user experience through the use of a single credential.”
Smart Credential was developed in Canberra by Verizon’s identity management business practice. Verizon has over 300 people in Australia, and has had a strong presence here since acquiring security company CyberTrust in 2007. It has 100,000 end users in Australia.
“It grew out of talking to our customers,” Parker told CommsWire. “We have a lot of business and government users who have had trouble managing many different levels of security. They might have multiple buildings, each with different pass cards, and then they need IT security as well.
“We thought it would be a good idea to bring them together. I call it ‘one credential to rule them all,” says Parker. Employees are issued with a smartcard, which can be used for physical access to buildings and, through a card reader, to access PCs and IT systems.
Smart Credential is delivered as a cloud-based SaaS (software-as-a-service) subscription model. “This model alleviates capital expenditures required with traditional in-house PKI (public key infrastructure) systems, while allowing enterprises to take advantage of identity, data privacy and digital trust functionality,” says Parker.
Parker says Smart Credential allows for easy scalability based on the number of users, with proven technology delivered from the Verizon data centres in the US (Culpeper, Virginia), Europe (Amsterdam) and Asia-Pacific region (Canberra).
“Through the use of a single credential, Verizon's solution works with existing physical access readers and backend systems, as well as, more secure contactless readers. This allows clients to add more security over time without requiring a costly ‘rip and replace’ effort.”
Smart Credential also can be issued as basic authentication tokens, as well as credentials that are interoperable with US federal government standards, such as PIV-I. They can also be utilised as part of a multi-factor authentication solution that combines the Smart Credential with something a user knows (one-time password or answer to a security question) or a biometric factor, such as a fingerprint.
Using a Web-based portal, updates and changes can be made quickly and easily so that organisations have a view into who and how data is being accessed in both the physical and virtual realms. This is especially helpful in managing lost credentials, new hires, departed employees and a change-over with partners or suppliers as well as suspicious network behaviour.
Smart Credential is part of Verizon's Managed Certificate Service suite, which provides identity credentials for people and machines. It is part of Verizon's managed security range, which includes security analytics and intelligence, distributed denial of service defence, investigative response, and governance, risk and compliance products.