Card image cap

Blazing a Path to Simple,

Secure Derived Credentials

Card image cap


Senior Director, Technologies and Solutions at Cygnacom

The issuance and management of derived credentials makes me think of the venerable Jeep Wrangler. There are strong parallels between the Jeep Wrangler, which started out as a versatile, solid and dependable choice, and government and enterprise IDs that once served a rudimentary purpose in a far more simple world. The changing requirements forced the Jeep brand to evolve through the years to blaze new trails and handle far tougher terrain, just as the requirements for authentication credentials have evolved and forced new capabilities. Authenticating access to sensitive data has become more important than ever in new, evolving mobile-first models. Unexpected bumps — cybercriminals, fraud, hacking, etc. — give new urgency to constantly anticipating and adapting to stay ahead of imminent threats.

As more federal agencies and enterprises continue to go digital, mobile technologies have become the primary enabler for protecting critical assets, empowering employees and modernizing IT infrastructures. Mobile platforms are also the gateway to transforming service delivery and reducing overhead. In today’s world where change and threats are constant, organizations need a simplified digital roadmap to securely enable mobile users — while addressing evolving challenges in a highly complex landscape.

The Road to Mobile Security

Whether in government or commercial enterprises, mobile devices are quickly displacing traditional desktop computers. As a result, the old way to authenticate identities — user names and passwords — falls far short from a security standpoint. The move to mobile requires special consideration to ensure compliance with the federal HSPD12 / FIPS 201 Personal Identity Verification (PIV) requirements that mandate smart card authentication to ensure the integrity of both data and individuals accessing data. This PIV requirement is also aligned with the NIST SP 800-157 guidelines for derived PIV credentials. Mobile PIV credentials are also known as derived PIV credentials, which need to be placed onto mobile devices to they can be easily accessed by employees and provide secure anywhere, anytime access to work files and systems.

However, the road to seamlessly implementing derived credentials can be fraught with obstacles. Common IT challenges include disparate systems that weren’t designed to communicate with each other. Some applications aren’t mobile-ready and they don’t support the same desktop functions for a mobile device. From an infrastructure standpoint, supporting systems may not be under your control and supporting multiple types of hardware becomes burdensome. And from a human standpoint, often there is resistance among those that don’t want to go mobile.

Driving Best Practices for Derived Credentials

Enterprises often need outside guidance to smooth out the obstacles they face in authenticating identities for mobile — a partner that can help you select the right technology solutions for derived PIV credentials. An experienced partner can help you establish best practices, such as:

  • Determining your device strategy, the platforms that will be supported and who controls the data and hardware
  • Choosing the right path forward — Bring Your Own Device (BYOD), Choose Your Own Device (CYOD), Corporate-Owned Business Only (COBO) or Company-Owned, Personally Enabled (COPE)
  • Preparing for any potential bump in the road to mitigate issues if and when they occur
  • Getting ahead of the policy — don’t try to put a policy in place behind the technology
  • Understanding what the current technology can and cannot do
  • Planning for a test environment to ensure the solutions work prior to widespread implementation
  • Involving the right stakeholders early in the process to gain buy-in for mobile and ensure the process is supported throughout all stages
Deep in the Trenches of Derived Credentials

Federal government and commercial enterprises have trusted Cygnacom to help them build, implement and support trusted identity and authentication solutions for more than two decades. Our approach enables agility and flexibility to support everything from traditional desktop authentication to secure access to digital applications — including website, VPN or workstation authentication, encrypted email and digital signatures.

We have the deep expertise to help our customers decide which options are best for their unique derived PIV credential issuance program. We address the big questions such as to whether a shared service provider or dedicated agency-based PKI fits their needs. For credential management, we guide them on whether a fully managed cloud-hosted environment or on-premises systems make the most sense. We also help our customers support and solve some of the most common challenges related to mobile device management (MDM) such as deriving a credential based on a user’s existing digital ID and deploying digital certificates to mobile devices.

Ready for the Mobile Road Ahead?

Managing IT deployments for derived credentials is already complex. And that complexity is only going to increase as organizations work to support the needs of ecosystems comprised of increasingly mobile and connected people, systems and devices.

How will your organization navigate the road to mobile security?
Contact me at Cygnacom to learn how we can help.

Consult with our cybersecurity experts.