Smart cards – mainly used for access, remote access, sign on and physical access – allow quicker authentication, people are happy to use them, and they can host many different applications, Hoyer argued.
Among the benefits of using smart cards, Hoyer listed:
- A reduction password related queries to helpdesks, which typically cost US$20-50 per call, as they bring down the amount of passwords needed
- In the USA, they use a lot more insurances, and strong security lowers the insurance premium
- Smart cards are slightly less expensive than other two-factor authentication such as security tokens
- Smart cards allow control over who has access to what and when
- Smart cards are quick to install, although it can take time to manage the rest of the credentials.
Hoyer also told the ISSE 2009 audience that the use of smart card can save over 2000 man-hours a year, and quicker entry access can save a 2000-strong company US$470 000 a year.
Tokens have to be replaced after three years, smart cards last longer and require no batteries. Furthermore, more and more computers now come with smart card readers, which further reduces implementation costs.
However, there are also some pitfalls to be aware of when deploying smart cards, Hoyer warned:
- Not having a clear business case for smart cards to start with
- Not educating the end user of smart cards on why and what is happening
- Going for the ‘big bang’ approach of implementing it all at once
- Not involving the infrastructure team early enough in the smart cards planning and development
- Choosing the wrong smart card technology – it evolves very fast
- The misconception that smart card middleware is not needed
- Not involving enough senior stakeholders in the planning of smart card deployment
- Technical resources making business requirements decisions.
To avoid these pitfalls, Hoyer suggested some ‘best practices’ for deploying smart cards:
- Not be too technology centric
- Look at it from a business perspective: what can smart cards do for you?
- Get executive support
- Keep business line owners involved
- Educate the smart card users
- Fine tune what you have
- Learn from other people’s mistakes...