A tailored approach to mobile authentication and security with derived credentials

As mobile technology, security, and end-user preferences evolve, federal IT teams have the opportunity to embrace new approaches to security and end-user experi...

December 18, 2017 3:15 pm

This content is sponsored by VMWare

Once upon a time, the concept of mobile computing involved using a laptop with a USB modem.

Today, with smartphone capabilities rivaling those of laptops, more federal and private-sector employees choose to conduct business on their familiar and convenient smartphone and tablet devices.

A majority of senior managers and mid-level employees use mobile phones frequently for work, according to a study of 243 federal, state and local government employees by the 1105 Government Information Group.

Some IT professionals are nostalgic for a golden time of fewer professional devices, as today’s mobile use presents some sticky security challenges. But as technology, security requirements, and end-user preferences evolve, federal IT teams have the opportunity to embrace new approaches to security and user support.

The shift to identity assurance and multi-factor authentication using mobile phones with derived credentials are opportunities for federal IT teams to streamline processes and make their security considerations more forward-thinking, according to Eugene Liderman, director of product management at VMWare.

However, because mobile security and end-user experience are often competing with one another, there is not always a one-size-fits-all solution. Leveraging Derived Credentials could be the perfect compromise to this often challenging issue, Liderman explains.

Here are ways that technology security companies are providing customizable and holistic derived credential solutions to the federal IT community.

For a variety of end-user devices

Derived credentials, or Derived PIV credentials stored on an identity-assured user’s authorized mobile phone, are quickly replacing expensive and bulky hardware attachments for mobile identity assurance and authentication.

Because various mobile phones have different operating systems and capabilities, federal IT groups need to have an end-to-end solution that consists of flexible software and apps that are able to be used on whichever flavor of smart phones OS and form-factor federal users have.

Levels of assurance required

By taking a consultative approach the first thing that needs to be identified is the level and type of identity assurance that a particular agency needs to achieve.

Mistakenly aiming for higher levels of assurance, like LoA4, when it’s not required, can make implementing derived credential and other mobile security solutions more difficult than necessary.

“The higher and stricter levels of assurance are typically more complicated and time consuming, and as a result not always necessary,” Liderman says.

However, by taking a consultative approach in finding out what the agencies use cases are and balancing that with the risk they are trying to mitigate, you can avoid this trouble.

Comfortable to use

As a result of using a consultative approach where you first identify the use cases and then implement the right solution such as derived credentials, you’ll find that your employees will have a much better end-user experience and as a result feel much more productive.

In fact, deploying derived credentials on an end users device could be a simple three-step process.

With support and continual improvement of systems, you’ll be investing in forward-looking technology that will reduce hassle down the road.

One-stop for integrated systems

The best solutions to mobile security, identity, and end-user experience are connected and address the process from start to finish.

Derived Credentials is a great example of collaboration between the Government and Industry in coming up with a solution for a very long standing problem which is how to provide a great end-user experience while still mitigating the various risks around authentication.

By providing a consultative approach VMWare examines a particular agencies use cases and then provides them the optimal guidance around how to implement their derived credentials solution end-to-end.