Who needs strong two-factor smart card authentication?

It was interesting to read the speculation over at the Cult of Mac about Apple/Thursby replacing the end-of-life Blackberry/RIM architecture in “Top Secret Government Agencies”.

http://www.cultofmac.com/177923/can-iphones-replace-blackberries-in-top-secret-government-agencies/?utm_medium=twit&utm_campaign=spread-us

Our position is that strong authentication is important for mobile and office devices not just for US or foreign governments but in any strongly regulated industry from healthcare, to energy, finance or Global 2000 companies (international version of Fortune 500).

Usernames, passwords, challenge questions, profiling, or even easy to copy or spoof derived credentials unfortunately are often little more than security by obscurity, with investment made in the appearance of security rather than security itself.

In the last few days, the hacking kerfuffle over at Gizmodo, or the more serious enterprise breaches at RSA illustrate that strong two factor smart card authentication of office or mobile devices is of interest to more than just organizations in the “top secret” category.

http://www.zdnet.com/how-apple-let-a-hacker-remotely-wipe-an-iphone-ipad-macbook-7000002141/

http://money.cnn.com/2011/10/27/technology/rsa_hack_widespread/index.htm

Part of industry reluctance to embrace smart cards on mobile or office devices has been the perception that proprietary, complex “piggy-in-the-middle” servers are somehow required to intermediate between devices and Microsoft, Google or other data center or clouds resources, with the obvious initial and on-going cost, security, performance and process challenges entailed.   Another factor was the lack of fast, affordable and above all user-friendly readers for iOS devices.

Thursby’s history has been one of simplicity and elegance in connecting historically Apple Mac and now iPad and iPhones devices directly and securely to Microsoft or other third party server or cloud infrastructure for web, email or collaboration resources without adding the headaches of unnecessary, proprietary “third wheel” server or cloud software.     In looking to secure and speed network traffic from point A to point B, few would route via a point C unless they were in the tollbooth business.   And as for fast, affordable, user friendly readers, Thursby offers those too, with other form factors available from third parties.

The direct approach has an important benefit of allowing secure BYOD use for individuals as well as being eminently combinable with leading enterprise MDM software for official device rollouts that are surprisingly simple and affordable.

The actual problem isn’t technical at all just realizing that in the post PC era, solutions that marry well with the iPad and iPhone user experience, resonating with the increasing trends to BYOD and consumerization of IT with security, are unlikely to be ones forcing those devices to be just like legacy, end-of-life bricks.

Windows doesn't come into the equation since Windows 7 natively supports PIV and .NET cards for strong two factor authentication.