In the consumer driven world of mobile computing, it goes without saying that not only the chatter around BYOD (Bring Your Own Device) is on the rise but that it is also driving profound changes within organizations around the world. Even the US Federal Government is paying serious attention to this trend as a potential cost saving measure.
If employees are willing to buy a device and use it for work, so be it.
However, there is one sector of the economy and not just any sector but the trillion dollar US defense sector where a small device could spell doom for BYOD even before it can take roots.
The Common Access Card (CAC), a DoD issued smart card about the size of a credit card, is the standard photo identification for active-duty military personnel, selected reserve, DoD civilian employees, and eligible contractor personnel.
The CAC, which comes with a built-in micro chip that stores a PKI security certificate, is also the principal authentication mechanism to enable access to defense computer networks and systems. Just like an ATM card, a user is required to physically insert/attach the CAC to a computing device (such as laptop or iPad) and enter a secret pin before that device can gain access to DoD network. In the PC/Desktop world, most computers either come equipped with a slot for CAC or the department would generally provide a USB CAC reader costing around $15 for free of charge.
In the new world of mobile devices however, DoD will have to spend a lot more than just $10 bucks for the smart card reader. Actually, it would be close to $400 for an iOS device and still over $300 for Android.
Biometric Associates is the only manufacturer who makes this CAC reader (baiMobile™ 3000MP Bluetooth Smart Card reader). And a single available manufacturer could also be the primary reason behind the high prices for CAC readers. One may argue that competition may drive down the prices in future but as I would explain next, it may not be so simple.
The baiMobile CAC reader also provides its own API which must be programmatically integrated with any application that wishes to perform a CAC authentication from a mobile device. Presently, many software vendors and app developers are investing time and money to integrate this API into their products. If new CAC reader manufacturers enter this segment they will likely have their own API, but by then industry support for any new CAC reader would depend upon how willing the same software vendors and app developers are to start the CAC integration process all over again. Therefore, in my opinion, the API integration and DoD certification/approval process could present significant barriers to entry for the competition in this space.
So when thinking about BYOD in defense, a question comes to mind. Who would pony up almost $400 for a baiMobile CAC reader? The employees, who would have already paid for the mobile device; or DoD?
I am not so sure if DoD would offer to buy this device for hundreds of thousands of employees and incur huge expense at a time of deep budget cuts. Doing so would also directly challenge the basic argument of cost savings in Government through BYOD. And I certainly don’t believe defense employees would buy this CAC reader in significant numbers with their own money any time soon, just because they would like to bring their own devices to work.
Therefore, unless prices for the Smart Card reader come down significantly, it could become an impediment to not only a successful BYOD but also to a wide spread rollout of mobility within DoD.