For companies that make public key encryption and smart cards part of their security strategy, Microsoft's acquisition...
of Alacris Inc., and the subsequent integration of this technology into Windows, could potentially cut time and expenses out of otherwise costly projects.
Microsoft acquired the identity and certificate management software vendor earlier this week for an undisclosed sum.
The acquisition choice of Ottawa, Canada-based Alacris is logical given that Alacris' software is already tailored to work with Windows, experts said. Some of Alacris's competitors, such as Bell ID, Rotterdam, The Netherlands, and U.K.-based Intercede Group PLC, are more focused on heterogeneous environments, said Trent Henry, a senior analyst at Burton Group, a Midvale, Utah, consulting company.
Alacris software helps streamline the management of smart cards and digital certificates, but the technology can also be used for secure VPN, IPsec and Web-based SSL certificates.
The use of secure badges is one major IT initiative that may benefit from this technology. These are next-generation smart cards that include a smart chip to store logical credentials, which include a digital certificate, Henry said. This is a far more secure way to store passwords than hanging sticky notes with passwords on a computer terminal, which is a common practice.
The use of smart cards can strengthen authentication but, over time, people tend to lose them, step on them or forget their PINs. The Alacris software can help by making it easier to manage passwords and automate key recovery.
The Alacris technology has a Web-based policy and workflow tool that manages all activities that take place in the life of a smart card, starting from when the card is provisioned to the end user, through certificate installation, blocking smart cards if need be, removing services if necessary, adding functionality or revoking the card, to cite some examples.
Microsoft has some of these capabilities, but they are not as automated as most IT administrators would like them to be. This is where Alacris comes in. Large smart card projects can be expensive and take a long time to complete. "If Microsoft does a good job integrating these products, then project costs may be greatly reduced," Henry said.
Microsoft said it hopes to integrate Alacris technology into its own product set and expand its functionality. The technology is already integrated with Active Directory.
"We will put it through the full Microsoft security review and look for more opportunities to enhance it beyond smart cards, in areas such as biometrics and one-time password solutions," said Michael Atalla, a group product manager for Windows security at Microsoft.
Atalla said Microsoft is expecting to release a beta sometime in 2006.