Good Technology, a mobile security software company based in Sunnyvale, Calif., is always looking for innovative new ways to make its enterprise and government products more secure, and also boost the security of its own systems and facilities.
So the company jumped all over the opportunity to become one of the first large enterprises to pilot the use of Near Field Communications (NFC) enabled smartphones for physical access to buildings and offices.
A few months ago, Good started working with physical-access reader and card-maker HID Global, as part of what HID is calling the "world's first NFC-enabled smartphone pilots in the enterprise." HID announced other high-profile NFC-based mobile-access pilots in the past, including one with Arizona State University. But the Good technology pilot, along with another similar pilot at Netflix headquarters, is one of the first enterprises using NFC in this way, according to HID.
First, Good Technology contracted San Jose's RFI Communications & Security Systems to install three new HID Global ThinLine II proximity readers on the second floor of Good's Sunnyvale office. The new readers are compatible with the low-frequency proximity-based ID badges Good currently uses, as well as the HID NFC credentials stored on the smartphones given to pilot participants. (HID wouldnt comment on the specific pricing of the readers, saying only that HID "sells through distributors [not direct], so [price] varies so greatly its difficult to provide even a general number&There is an incremental price difference [when compared to older-generation readers] as these new iCLASS SE readers are both software and field upgradeable.")
Good chose the popular Samsung Galaxy S III for its 10 pilot participants, one of whom was the company's Senior Product Marketing Manager for Secure Mobile Platforms, Chris Webber.
"The GSIII came out right around the same time as we went into the pilot, it had the NFC capabilities built in, it ran the applet that we needed from HID, and it's a cool new device," Weber says.
"We wanted to hit both sides: to have a desirable device for people that has a nice big screen; and also have something that was compatible with what HID was piloting. It was through talks with HID that we settled on that device because it had all the technological requirements and it also had the wow factor."
Samsung's Galaxy S III smartphone supports NFC, but due to security concerns, Good didn't use the device's built-in "Open NFC" functionality. Instead, it used "Secure NFC" microSD cards that support NFC in card-emulation mode, which enabled Good to securely store and emulate user credentials on the memory cards. (The NFC-enabled memory cards can still be used as external storage.)
Physical-access credentials (HID's Corporate 1000 credentials) for each pilot participant were then sent wirelessly to the appropriate users' device via the HID Secure Identity Service, which also lets IT admins manage and monitor credentials and identities tied to specific devices. Next, an HID Mobile Keys app was installed on appropriate devices. That app communicates with the secure microSD cards and pulls the appropriate credentials for building access when the user needs them.
"You can push and revoke the credential over the air," Webber says. "We're just piloting this in one small area, but if we move to the whole office or to multiple officesour office in Dallas, for exampleit's possible to provision a credential to me when I'm traveling that, on Monday, Tuesday and Wednesday of next week, will get me into the Dallas office, but then pull it back when I leave.
"IT could manage where I can go at what time, and I don't have to remember to bring multiple things. In the future, I imagine this will be something like a calendar invitation. When I accept, my credentials are pushed to me appropriately and when I leave they're gone."
As part of the pilot, Good also used the Samsung smartphones to access the office of the company's SVP, Special Markets, Michael Mahan. Mahan travels frequently, and other Good staffers use his office when he is gone for conferences and meetings.
Good had a SARGENT SE LP10 lock installed on the Mahan's office door, which integrates with the company's physical access system, to allow pilot participants to use NFC credentials to enter the office. The system also allows Mahan to grant access only to the users who should have access, specify the times those staffers can access the room and run reports to see who used the office and when.
Webber said the smartphones adds a layer of security to the physical-access process, because users not only need an actual badge or credential, they need to know the password to unlock the device. From a user perspective, that added step may add some time, but in the long run, mobile-phone-based physical access could actually save corporations, and their employees, time, according to Webber.
"I didn't feel slowed down much by it at all. It's easy to forget my badge, after a long weekend or after traveling, because it's not part of my routine to bring it," he says. "Nobody in the pilot, including myself, forgot the phone because it's their phone. If I forget it, I'm going to go back and get it. The speed comes from the fact that I'm never slowed down or inconvenienced by reaching a doorway and not being able to get through it [because of a forgotten phone]."
Good Technology started with just 10 pilot participants, but that number has more than doubled to about 25 participants, due largely to the interest the pilot attracted, according to Webber.
"We put up signs across the doorways [with the compatible readers] to talk about what this pilot was about and how it was being used. And because of that I continue to get email inquiries," Webber says.
"I expected lots of people in product management and engineering would want to see this, and that has been true. But people in finance and HR and the people who don't live and breathe the technology aspect of Good every day, they're sending me emails and saying 'Hey, this is something I'd like to try. How can I become part of this pilot? '"
From an IT perspective, Webber says the pilot hasn't really required any heavy lifting.
"I was surprised when I talked to the folks in facilities and IT because we didn't have to make any changes at all to the back end," Webber said. "There is a step there to provision these credentials out, so I will say that there is a little bit of work. But IT was happy to do it because of the extra layer of security."
Pilot participants were similarly pleased with the results, according to a user survey. More than 80 percent of participants said the smartphone was more convenient to use for physical access than their access badges; more than 83 percent said Good's physical security was improved with the NFC-based access thanks to the two-factor authentication; and 100 percent of participants said the actual HID Mobile Keys app was good looking, intuitive and easy to use.
As for the future of NFC-based physical access at Good Technology, Webber says the pilot is still ongoing, but the company is considering new ways to expand the technology.
"We're thinking about where we'd also put it in the building, what other devices we might want to bring in, but we haven't made those plans yet for the end of the phase," Webber says. "It was a fun pilot for us. It's exciting to see how we can be part of the ecosystem and potentially to help get [the word out about NFC-based physical access control]."