Genetec eliminates passwords With YubiKeys
About our customer Genetec
Genetec Inc. is an innovative technology company with a broad solutions portfolio that encompasses security, intelligence, and operations. The company’s flagship product, Security Center, is an open-architecture platform that unifies IP-based video surveillance, access control, automatic license plate recognition (ALPR), communications, and analytics. Genetec products and services are used by over 13,000 customers in 146 countries. Genetec is also a leading Montreal tech employer with over 1,200 employees.
Genetec’s authentication challenge
Genetec had a primary goal to increase identity strength while eliminating passwords across their organization. “Strong identity is the cornerstone of any security program and passwords are fundamentally dead,” said Christian Morin, Genetec CSO and Vice President of Integrations and Cloud Services. “Ultimately, we want to go passwordless.”
Eliminating passwords and increasing identity strength is a role typically taken on by traditional employee-wielded smart cards. However, Genetec sought to find a cost-effective, single- vendor, and PIV-like method for passwordless login that was FIPS validated—without the complex infrastructure requirements and high costs typically associated with smart cards.
Genetec also had a secondary goal of using the same device for document signing, email encryption, and for trusted communication exchanges with select Genetec partners. The selected authentication solution would also need to be FIPS 140-2 validated for their government clients.
“Strong identity is the cornerstone of any security program and passwords are fundamentally dead.”
Yubico solutions and benefits
Genetec initially attempted to use smart cards to solve their combined agenda, which proved challenging due to high costs and complex infrastructure requirements. They then ran a trial of YubiKeys with embedded PIV/smart card features. Using drivers and software compatible with many platforms, YubiKeys can generate keys stored on the device, import keys and certificates, as well as create certificate requests and more. This smart card-class technology solution fit Genetec’s requirements scope perfectly.
YubiKeys also provided the ability to perform authentication with Microsoft Active Directory, and provided stored smart card-like keys for use in document signing, application public-key generation, encrypting email and communication channels, and other functions based on the application(s) employed. This inexpensive PIV technology made YubiKeys an attractive solution to Genetec.
The results
Today, all 1200+ employees are issued YubiKeys and use them in their daily computing activities. “As a future step, we’re going to start distributing YubiKeys in much larger quantities to our (partner) ecosystem, and that’s going to be the means by which they’re going to log on to our various different portals.” said Christian Morin, Genetec CSO.
“The YubiKey is now used to log on and authenticate to our product, that’s part of what we mean by implementing stronger identity for our customers and partners. This will start with our cloud services and will make its way also into our various products as well.”
Genetec is also considering additional possibilities with YubiKeys, including code signing and distribution to channel partner engineers and technicians that attend Genetec training classes. The ever-widening identity partnerships produce an increased identity umbrella that can be supported with YubiKey functionality.