Organisations need to protect themselves against the reputational damage, fines and threat to business continuity caused by a data breach.
The most effective ways to protect against the number one cause of data breach is to replace passwords with two-factor authentication, combining ‘something I have’ such as a smart card or smartphone with a second factor such as a PIN or fingerprint.
The strongest form of two-factor authentication is a digital identity comprising a PKI certificate issued to a secure device, as recognised by standards such as US FIPS 201 (PIV), enabling organisations to be sure that users accessing systems, networks and sensitive data really are who they claim to be.
Secure access with the devices you want to use
Secure devices such as smart cards, USB tokens, virtual smart cards, smartphones and tablets provide organisations with a convenient form factor to securely store and use digital identities, but to deploy certificates to devices at scale, organisations need an efficient way to issue them and manage their lifecycle.
An effective credential management solution needs to integrate with the systems an organisation already has in place such as directories, identity management solutions and mobile device management systems.
Just as important as being able to work with a wide range of systems and technologies is the need to deliver the desired credential issuance and management processes with minimal impact on the end users and operators of the solution.
MyID Credential Management System
MyID is a feature-rich credential management system (CMS) that enables organisations to deploy digital identities to a wide range of secure devices simply, securely and at scale.
Systems administrators use MyID to configure their certificate and device issuance policies, ensuring the right people receive the right digital identities. Built to integrate with infrastructure such as certificate authorities, directories, identity management solutions and mobile device management systems (MDMs), MyID minimises any impact on the existing environment reducing deployment times and operational costs.
For operators, MyID provides all the functions needed to issue credentials and manage their lifecycle. Supporting face to face, centralised and self-service issuance, MyID enables devices to be deployed quickly and in high volumes. Where users need assistance, e.g. to issue a replacement device upon loss, or to re-enable a locked device, MyID provides help-desk operators with simple process-driven features to ensure continuity of service without impacting security.
End users can perform tasks such as collecting new certificates at their own desktop via a simple self-service application, designed to walk users through processes in simple intuitive steps, it effectively reduces operational costs and the need for end user training.
MyID provides full audit and reporting capabilities allowing visibility of who issued which digital identities to which users and on what device, ensuring organisations remain in control of who can access their systems and enabling them to demonstrate compliance with best practice security standards.
Any system used for issuing digital identities must be able to do so in a secure manner to ensure that the identities it issues can be trusted.
MyID is secure by design, implementing multiple features to protect information and processes.
- MyID implements strong authentication and strict role-based access controls to ensure only authorised individuals can perform credential management activities
- Secure private keys lie at the heart of a digital identity. MyID utilises secure key management processes generating and using private keys as close to the hardware as possible
- MyID performs cryptographic operations using a Hardware Security Module (HSM) providing government-grade security to all our customers
- An important part of any secure solution is traceability. MyID keeps a central signed audit trail for non-repudiation of operations.
- With MyID you get proven security; our solutions have been validated by industry majors as well as governments, military and banks.
Ensuring that a security solution is easy to use increases the speed of deployment, reduces the day to day operational costs and ensures high levels of user adoption.
MyID is designed to be easy to use, by both operators and end users.
- Operators are guided through processes such as issuing cards or revoking credentials in simple manner protecting them from them complexities of key management and PKI
- MyID provides simple self-service options that allow end users to collect or update digital identities themselves.
- MyID’s intuitive mobile provisioning capabilities enable large scale deployments with minimal end user training.
- MyID provides ways of automating processes and performing operations in batch, minimising the amount of operator time required.
- Support of biometric technology on mobile devices, such as Apple’s Touch ID, means that end users have a highly convenient and familiar experience.
MyID is designed to work with what you already have, minimising impact on your existing environment.
A range of out-of-the-box connectors provide a plug-and-play level of integration with many commonly available components such as smart cards, certificate authorities, card printers, HSMs and MDM vendors, while a range of APIs allow for integration with in-house systems as part of a wider identity management solution.
- Out of the box support for a wide range of peripherals such as smart cards, card printers, hardware security modules and chipsets for virtual smart cards.
- MyID solutions can retrieve user data from your directory via a connector, avoiding the need for re-keying.
- Identity management systems (IDMS) can easily automate MyID product operations via the lifecycle API.
- Many mobile device management (MDM) vendors have worked closely with Intercede to integrate our apps or SDKs directly into their products, removing the need for integration. Where integration into existing apps and services is required our range of Mobile SDKs make this easy.
- APIs are provided to pass data in to MyID and trigger operations, and pass data and status information to third party systems.
Any solution that is involved in securing access to sensitive data and resources should be treated as mission critical and as such needs to be reliable and proven.
Intercede has been supporting customers for over twenty years, with MyID successfully deployed to issue millions of digital identities by governments, aerospace and defence suppliers, banks and major corporations.
- Intercede solutions have been tested and deployed in multiple security sensitive customer environments.With MyID you are minimizing risks and relying on a solution proven in the real world.
- We employ one of the largest teams of digital identity expertsin the world, with over twenty years’ experience of supporting major deployments.
- MyID has been proven at scaleto issue millions of digital identities, for employees and citizens.
- Intercede technology has been verified by a number of industry-leading companies as part of a technology partnership, including Microsoft, Intel, Citrix, Gemalto and Digicert.
Credential management has been the primary focus of Intercede for 25 years. We continually invest in our core MyID product and technology partnerships to ensure MyID remains the most feature-rich, flexible and secure credential management solution available.
As part of Intercede’s ongoing research and development activities we are constantly investigating new ways of using secure digital identities for modern infrastructure and emerging environments such as cloud access, citizen ID, Industrial IoT and Blockchain.
Our work with technology partners, research organisations and standards bodies allows Intercede to keep ahead of the latest technology trends and ensure MyID is ready to work with the latest standards and technology as our customers start to adopt it.
In the EU, when GDPR (General Data Protection Regulation) comes into force after 25 May 2018, any company processing data on EU residents will need to be compliant or risk facing heavy fines – up to 4% of worldwide annual turnover or €20 million, whichever value is greater.
In the US, NIST Special Publication 800-171 requires that all federal contractors, subcontractors and other non-federal organisations handling Controlled Unclassified Information (CUI) must protect such information using secure authentication systems. Failure to comply by 31 December 2017 will render them ineligible for relevant federal government contracts.
And in New York State, new cybersecurity regulations for the financial services sector (23 NYCRR 500) mean that all organisations regulated by the NYS Department of Financial Services must introduce secure authentication by 28 August 2017, or face enforcement action.
The MyID is exactly what businesses need. It’s a one-size-fits-all, easy to implement, and cost effective solution that allows a company to replace employee passwords with frictionless two-factor authentication: providing protection against the number one cause of data breaches – weak or compromised user credentials.