Multi-application smart cards can provide different levels of security

05 March 2010

Organisations around the world are facing more security threats to their business than ever before. At the same time, tighter regulation and stricter compliance measures mean that these same organisations are under growing pressure to demonstrate to their investors, shareholders and customers that they are taking a consistent and comprehensive approach to managing these risks in their day-to-day operations.

Faced with these external pressures, more and more organisations are recognising the potential benefits of an effective identity and access management (IAM) programme in terms of cost savings, better service levels, tighter IT governance and improved regulatory compliance. Smart cards are at the very heart of this drive.

Not so long ago, many organisations were relying on multiple credentials to fulfil different tasks. On arriving at work, employees would often have to fumble in their pockets to find one card for physical access to the main building, a separate card to access their own floor, and a security token to give them access to their computer. But these hassles are a thing of the past for organisations that have recognised the flexibility and convenience that smart card technology can provide: several smart card technology leaders have developed converged card solutions that combine both physical and logical access.

The contactless payments space is a striking example of how innovations in smart card technology are helping organisations to streamline their operational processes and make their employees’ lives easier through a converged card solution. Willis, a major international insurance brokerage, was keen to create the best possible working environment for its 1,600-plus employees at its London headquarters.

The company was looking for a solution that would allow it to extend the functionality of its existing access control cards – provided by HID Global - to incorporate cashless payments for its new catering facilities. In this case, HID worked with a partner, VMC, to leverage the technology already in place to create a seamless solution that gave employees a convenient and efficient way to access the building and pay for meals with a single card.

Contactless physical and logical access smart cards are also being integrated with transit systems around the world. Take Murcia University in Spain as an example: HID recently worked with integrator Protelsa to create a converged card solution for the University’s fleet of buses, which transports students around the two campuses. This provided a practical and cost-effective way for the university to monitor the usage of buses to ensure the correct number of vehicles was available to meet demand at peak times, as well as restricting access to authorised students only and ensuring the safety of passengers and drivers alike.

A further example of converged smart cards making a real difference in practical terms can be found in the healthcare industry. Up until a few years ago, it was relatively easy for an intruder to walk unchallenged around a hospital, accessing areas meant only for authorised staff. In rare cases, this led to security breaches where babies were removed from paediatric wards. Contactless smart cards are addressing this physical access problem by using encryption to offer differing levels of building access to certain staff. For example, a cardio-thoracic surgeon would require access to the operating theatre, while a registrar might need access to all the wards in the hospital.

Medical professionals can also use their smart card to access sensitive patient data on an IT network. So as well as safeguarding the security of patients’ personal information, using a smart card for logical access can also create efficiencies in terms of time. If a doctor can access crucial IT systems with just a smart card, this saves on time wasted in remembering and entering usernames and passwords and frees up more time for patient care. It also helps healthcare professionals to demonstrate that they are storing and managing patient details in a safe and secure way to comply with the Data Protection Act.

So, in view of these potential benefits, why aren’t more organisations using smart cards? One of the foremost barriers to adoption cited by companies is the cost issue. The ravages of the recession have blown a sizeable hole in the IT budgets of many organisations, with other corporate issues sometimes prioritised over IT security. However, when a company slashes its IT budget, it can leave itself dangerously exposed to security and financial risk, and the money saved by reducing budgets can soon be more than swallowed up by the costs of security breaches.

As a flexible solution, multi-application smart cards can provide different levels of security according to the specific needs of an organisation, and this is reflected in the price. However, the returns in terms of cost and time savings – not to mention enhanced security – show that if your organisation is investing in smart card technology, it is well worth partnering with a trusted brand.

In today’s increasingly risk-conscious environment, managing digital identities and user access is more important than ever.

Portable and secure, smart cards are becoming an increasingly valuable tool for safeguarding physical security and guaranteeing the privacy of sensitive electronic information across corporations, hospitals, government agencies and any organisation seeking heightened security solutions. Converged cards also simplify installation training and operations and streamlines maintenance costs. When you weigh up the benefits of converged smart card solutions against the costs of reputational damage, security breaches and non-compliance, they can offer outstanding value by saving time and money while protecting an organisation’s assets.

HID Global are exhibiting at Infosecurity Europe on 27th – 29th April at Earl’s Court, London, www.infosec.co.uk.