Cryptography | InfoSec Reviews Blog

By Michael Ginsberg

Single sign-on and encryption policies are putting credential management – and in particular public key infrastructure (PKI) – under closer scrutiny these days. The spotlight has become more intense as we witness the meteoric rise in mobile devices for business usage, as well as the growing reliance on the cloud for application development and delivery.

Recent breaches have shown that password protection is not enough to protect sensitive information in the cloud or on mobile devices. So-called encryption features in mobile devices are local to the device, and do little to protect the data moving between the device and the application. In fact they can be bypassed so easily, it’s tantamount to locking a door and leaving the key under the mat for others to break in.

While PKI represents the ideal end of the security spectrum, deployment costs are typically high, making strong credential management for mobile a significant stumbling block for organizations today. Rather than investing in a full-blown and costly PKI infrastructure however, users can now turn to managed software-as-a-service (SaaS) platforms to address their credential management needs.

Continue reading