Taking cues from the credit card industry, Security Dynamics Technologies Inc. said it has come up with a way to significantly accelerate the distribution of its SecurID authentication devices within large enterprises.
The Bedford, Mass., company last week announced SecurID Express, a service designed to combine card industry techniques for mass issuance with the sophisticated controls that network security administrators insist upon.
Bill McQuaide, director of product marketing, called it "one of our most significant ease-of-use announcements." Senior product manager Rebecca Buisan said, "We basically just mirrored the credit card process and are rolling it out," with full availability scheduled for mid-September.
Using such techniques as serial-number tracking and sending temporary personal identification numbers ahead of the physical security token, Security Dynamics can typically reduce to 14 days the time needed to put tokens into operation, down from months in some cases. Ms. Buisan pointed out that token issuance for large companies is complicated by the fact that they are served by multiple contractors.
Scott Schnell, vice president of marketing for Security Dynamics and its data encryption subsidiary, RSA Data Security Inc., said, "By working closely with our customers, which include nearly three-quarters of the Fortune 500 companies, we have developed a service that lets administrators expedite SecurID deployment, quickly secure their systems, and save money by off-loading this process to a team equipped with the systems and expertise to handle it in the most efficient manner."
Security Dynamics made two other announcements last week, indicating that it is picking up its own pace to serve a rapidly growing information security market. Also to hit the market in coming weeks are SecurID Software Token 2.0, an upgrade of the software alternative to the hardware SecurID devices, and ACE/Server 4.0, the latest version of the security management system.
The company said Polaris Securities of Taiwan has placed the largest SecurID order from outside the United States, $3.5 million over multiple years for 50,000 key-fob tokens and ACE/Server software to secure on-line brokerage transactions.
Security Dynamics has long claimed leadership in two-factor authentication, supplying card-size generators of random numbers that combine with personal identification numbers to create unique identifiers for any given transaction. The research firm Frost & Sullivan said such physical and software tokens will garner an increasing share of an authentication market growing at a compound annual rate of 42% through 2005, when it should reach $4 billion.
Digital certificates and biometric security are other components of that market, and "we are positioning ourselves to be a leader in authentication across a range of technologies," Mr. McQuaide said.
Security Dynamics takes off from a base of 5 million SecurID users at 4,500 companies worldwide, and 400 million computer installations with RSA cryptography. Indicating how the enterprise security phenomenon is spreading, Mr. McQuaide said it took Security Dynamics 40 months to deploy its first million SecurID tokens, 20 months to get to the second million, 10 months for the third, nine months for the fourth, and only six months for the fifth million.
The devices historically had mainly internal uses, in such places as banks' wholesale money transfer departments. With the advent of Internet and intranet technologies and virtual private networks, "customers want to go to a broader set of users" with access to computer systems and data bases, such as suppliers and business partners. "A common denominator is the need for strong authentication," Mr. McQuaide said.
No longer confining itself to the original SecurID format, Security Dynamics now delivers the two-factor technology also on Palm organizers, key fobs, and smart cards as well as software. The company emphasizes "flexibility and choice," Ms. Buisan said, and other "form factors" are in development. A customer could start simply with software tokens, later upgrading to smart cards or other hardware.
Security Dynamics sees its range of products as "bridges" to public key encryption infrastructures and to smart cards' serving as user-identification tools with digital certificates and possibly biometrics. A forthcoming product, the SecurID 3100 smart card, would be a breakthrough in this regard, capable of storing a public-private key pair on the single card.
These systems could come together under the Keon framework that Security Dynamics and RSA are selling, but the technology is interoperable with other vendors' products.