Smart Card Management – Choose your process carefully

7 Jul

Earlier in my career I had the privilege of working for Intercede, a company supplying smart card management systems. A core capability was the ability to manage the card lifecycle and credential lifecycle (e.g., PKI certificate), as distinct from other systems that manage credentials and placed them on cards without managing the card lifecycle. A part of the sales pitch was if you don’t manage the card lifecycle in the system, you will end up with a spreadsheet to manage the cards.

Img-card-topology-front
In my more recent work reviewing various customers’ PKI implementations I have come across lots of spreadsheets of this nature – with fully documented processes of how “Bernie” keeps the spreadsheet up to date.

(Ever since a sales pitch to a prospective customer that said “I don’t need a card management system, I have a Bernie”, I’ve used Bernie as the name of the spreadsheet editor.)

In some cases the customer is really happy with the spreadsheet approach and it works well for them – and is an efficient auditable process. Others have or are migrating to card and credential management system, having recognised the complexities.

The difference between the two types of customer? Scale: Less than 500 users the spreadsheets works just fine. More than 5000, a spreadsheet starts to breakdown and a card management system is needed. Between 500 and 5000 – it depends on the volume of transactions (joiners/movers/leavers). This is what I always suspected, but it has been comforting to see this play out on a customer’s site.

The moral of the story? It’s a good reminder that security is not a one-size-fits all problem. In some cases a technology approach is good, in others a robust process is a perfectly valid substitute. The key part is to assess the business need, in context.

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: