GlobalSign Blog

26 Aug 2016

7 Reasons to Use Digital Certificates for Mobile Authentication

Mobile devices have changed the way business is conducted, giving enterprises and employees flexibility to stay connected, whether in the office or on the road. While this level of increased connectivity is beneficial for the enterprise, it also opens up sensitive business services to mobile devices creating serious security risk, privacy concerns and vulnerabilities. How can IT know which devices to trust?

From an employer standpoint, managing trust for mobile environments is the same in theory to how IT departments must manage trust with corporate machines. IT departments utilize enterprise software management tools for centrally managing software and applications and Active Directory for setting up user role settings and policies.

Most organizations don’t give free rein for employees to download any software or application on their corporate machines, nor do they let employees bring in their own laptops from home and access all corporate networks and data. You may be able to access your email from your computer at home, but you are most likely not able to access all corporate data and networks.

So just like users on a computer, only verified authenticated devices should be allowed to access corporate networks and resources.

What Are Mobile Digital Certificates Used For?

So what can Digital Certificates be used for on a mobile device?

Secure Email Access

Securely authenticate employees to their email for increased productivity, without leaving email accounts vulnerable to intruders. With Digital Certificates enabled for authentication, only authorized devices will be able to access your corporate email servers.

Email Encryption and Authentication

Digital Certificates on mobile devices can allow employees to encrypt and digitally sign email communications sent from devices, ensuring privacy of sensitive information, proof of message origin and mitigation against phishing attacks.

Secure Wi-Fi

Do you want any cell phone to jump on your corporate Wi-Fi? Just as you restrict what computers can join the corporate Wi-Fi, by installing Digital Certificates on mobile devices you can restrict which devices can access your Wi-Fi.

VPN Access

Replace weak and vulnerable username and passwords with multi-factor authentication for corporate VPN connections. Only approved devices with properly configured certificates will be able to access your enterprise connections.

As you can see, certificates for mobile devices are multi-functional, meaning you can use the same certificate for a range of authentication and encryption means.

Why Choose Digital Certificates for Mobile?

As with most security solutions, organizations should pause before jumping into implementing invasive, expensive and all-inclusive solutions. Employees want to be able to access their corporate email and data on the go, but if you make it too challenging for them to access this information, they’ll be sure to find workarounds or forego productivity outside the office all together.

With this in mind, I’d like to help examine the benefits of expanding Digital Certificates to devices to create an easy to implement and cost efficient device Identity Management solution that your users will actually embrace!

1. Increased User Experience

When was the last time you entered in a complex password (one that uses different types of characters in unique ways to increase security) on your mobile device and actually got it correct the first time? It’s not easy between auto-correct and fat fingering; users alike are most likely to get it wrong and get frustrated. There's also the issue of having to remember multiple, complex passwords. Given the number of applications the average employee uses, it's almost inevitable that employees will give into re-using passwords or writing them down (neither of which are good security best practices).

Unlike most new security implementations, employees will actually embrace having to adopt certificate-based authentication vs. passwords for authentication, making access to email and cloud-based applications a breeze.

Unlike most other strong authentication options, such as one-time password tokens or applications or even biometrics, certificate-based authentication doesn't require any extra steps from the end user. Once the certificate is installed on his device, he/she is good to go - no need to keep track of a token, open another application, or scan a fingerprint.

2. BYOD Friendly

Digital Certificates work great on BYOD for both employees and the employer. They can help maintain user privacy while preserving control over corporate networks and data. Organizations can simply revoke the certificate if the device becomes lost, stolen, or the employee leaves the organization.

3. Widely Accepted/Used Technology

The great thing about PKI is it’s a technology that organizations trust, is industry recognized, and has been around for decades to authenticate users, machines and servers within organizations.

4. PKI is Most Likely Already in Use

Most organizations are already utilizing PKI and Digital Certificates in one manner or the other whether for server authentication, user authentication, digital signatures, or email encryption. With this in mind, it makes it very easy to expand PKI to mobile devices rather than having to invest spending time on integrating new technology and services. Most companies can simply obtain certificates directly from their preferred Certificate Authority. This means less time spent on learning a new system, setting up new policies and training staff.

5. Increased Security

Password databases are becoming stolen and attacked too frequently and passwords are commonly misused. Increase security and reduce reliance on passwords as an authentication method. Certificates are not vulnerable to attacks and you’d never share a certificate with a colleague.

6. Supported by Most Mobile OS

Digital Certificates natively work across various device platforms including Android, Windows, Blackberry and iOS.

7. Avoid Costly Invasive Solutions

Digital Certificates avoid organizations having to implement an invasive, expensive and all-inclusive solution. Setup and installation of Digital Certificates does not require extensive IT support and is easy for the end user, sometimes even requiring no end-user interaction. Additionally, the enrollment process is easy regardless of the platform or operating system.

Once setup, certificates are easily managed via a cloud-based Managed PKI platform, allowing IT staff to issue, renew, revoke from a single portal.

Power of MDM and EMM

Utilizing a Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) platform can further enhance the deployment experience of Digital Certificates on mobile devices, as well as provide enterprises additional features and benefits of implementing security across devices.

With a MDM or EMM platform incorporated into the mix, this helps enterprises streamline the process of deploying Digital Certificates to end users' devices by automatically provisioning digital identities onto devices without end user interaction.

GlobalSign currently supports integration with VMWare, AirWatch and MobileIron Cloud (Coming this September).

Want to learn more about implementing Digital Certificates for controlling which devices can access your corporate networks and data? Visit our Mobile Authentication page to learn more.

Has your organization implemented Digital Certificates for mobile? Share your opinion on the subject below.

Share this Post

Subscribe to our Blog