In recent years, employers have been paying special attention to organizing and protecting remote workflow. Enterprise mobility does have certain benefits: employees can access required services at any time and take care of urgent tasks even when they are away on vacation or sick leave. And this can boost workflow efficiency and team productivity.
Leadership at many companies, large and small, try to make the most of remote access tools. However, they still need to handle a variety of tasks related to digital certificates:
- Two-factor authentication based on certificates (for example, logins to the operating system, VPN authentication)
- Website verification (SSL certificates)
- Network resource verification (for example, routers)
- Preventing unauthorized software alterations (code signing)
- Data encryption (IPsec)
- Encryption and signature for emails
- Digital signature for electronic document flow, etc.
Two-factor authentication and data encryption are especially important in the case of remote work when workstations are not protected by the corporate perimeter and employees may use unsafe public networks to connect to corporate services.
Digital certificates may have multiple advantages but they do come with one essential requirement: you need a secure device to store the key information and perform all cryptographic operations. A classic solution would be to use a hardware device — a smart card or a USB token.
However, in the context of enterprise mobility, the use of smart cards and tokens (despite their obvious strengths in terms of information security) can have serious limitations:
- Logistics related to the delivery of hardware devices to mobile workstations
- Costs related to purchasing hardware devices and readers
- Lack of smart card readers or their failure
- Issues with quick access to enterprise resources whenever a hardware device is lost or broken
The best solution would be to introduce virtual smart card technology that does not require removable devices for using digital certificates. Virtual smart cards can also be used together with classic PKI tokens both on a regular basis or ad-hoc whenever you need a virtual replacement for your hardware device, for example, when its delivery is in progress.