|
Another issue for most organizations is that they are not equipped to support egress badging, in which users badge out when they leave the building. Without egress badging, the organization has difficulty correlating events across physical and IT systems because of the uncertainty of the user's location.
Then there are the IT challenges. An organization must deploy smart card "middleware" to all workstations; the middleware allows the operating system and applications (like Web browsers, VPN clients and email clients) to communicate with the smart card. Depending on the required functionality and operating system, the smart card middleware may replace the workstation's interactive logon component, commonly referred to as the GINA for Windows operating systems. Since the release of Windows 2000, Microsoft has done a good job of enhancing its operating system to make smart card deployments easier. Windows Vista is no exception, but typically organizations still must deploy middleware to make the smart card available to the operating system. Smart card support for other workstation operating systems besides Windows 2000 and Vista varies significantly.
An additional challenge is correlating the user's network and physical locations. With the advent of wireless access points, proxy servers, VPNs and network address translation features found in most firewalls, it's difficult to determine the network location of the user, which is important for the SIM and contextual authorization components.
Despite the obstacles, many organizations are pursuing PL convergence and its promises of improved efficiency and security. There are several steps enterprises can take to overcome the challenges, including investing in a smart card management system and planning for emergency access (see "8 Convergence Tips").
Nonetheless, the road to convergence can be a bumpy one, and enterprises should have a well-defined business case and execution plan to ensure a successful union.
|
