Identity management has now become a very important requirement for companies. The challenge, of course, lies in proper integration of different physical access control systems with an identity management system. Sophisticated security software can help overcome this challenge, says Ajay Jain, President and CEO of Quantum Secure, who adds that increasing regulatory compliance requirements make identity management ever more necessary.
|For many companies, the current state of their access control infrastructure is best described as being fractured |
For many companies, the current state of their access control infrastructure is best described as being fractured. Multiple disparate physical and logical access control systems and cumbersome manual processes are all too common. Standardizing one system throughout a company might address part of the problem, but replacing multiple access systems may require large amounts of capital.
A long-term access control issue for any company is how to manage its identities. It is important to ensure that individuals only have permission to enter authorized areas, both for the sake of security and compliance. With large numbers of employees, geographically distributed campuses and ever-changing authority levels, keeping permissions current is an important issue to address. Sophisticated identity management software can enable identity to be created for each individual across any organization. Integrating physical security systems with logical security systems requires software which can ensure synchronized and policy-based on-/off-boarding of identities.
Although effectively managing identity can be a challenge, it also provides many opportunities for any organization. These include enabling human resource and LDAP-format databases to connect instantly with physical access control systems and
...effectively managing identity can be a challenge, but it also provides many opportunities for any organization
to receive real-time reports across any number of physical access control systems. It is also possible to manage badge/credentialing systems more efficiently and to track visitors and third-party contractors and link them to an internal identity. Other new opportunities include the ability to correlate identities with alarms, events and to grant access based on a risk profile of an identity or location. Access can be granted based on training or other special requirements.
Identity management software- features and benefits
All types of identities can be managed with advanced software, including permanent and temporary employees, contractors, service providers and vendors. Users can manage details of a physical identity, such as biographic and biometric information, the results of security checks and historical usage. Software also enables various access levels to be assigned to an identity across multiple physical access control systems and can specify details such as time of scheduled access.
An urgent termination feature can allow authorized personnel to immediately deny physical access. In addition to aggregating access level information from various systems, the administrator can manage details such as risk level, area owner, multiple approvers and prerequisites for access, such as training. The system can also provide audit trails of all transactions.
From a risk perspective, automated identity management systems enable organizations to lower liability and maximize protection of assets. Furthermore, systems promote standardization within a security organization and implementation of best practices.
Cost is another important benefit. A unified, software-based approach to identity management reduces the need for labor-intensive and repetitive processes.
Regulatory compliance requirements necessitate better identity management
|Keeping permissions current is an important issue to address |
A proliferation of regulatory requirements provides an additional incentive to manage identities more effectively. United States end-user companies are subject to a growing number of regulations that require verification of identities and access to facilities and information.
For example, all corporate entities are subject to the Sarbanes-Oxley Act, a United States federal law that set new or enhanced standards for all U.S. public company boards. The act requires management of user identities and access to information while ensuring its integrity.
U.S vertical markets have their own specific regulations, such as the Chemical Facility Anti-Terrorism Standards (CFATS)
which imposes comprehensive federal security regulations for high-risk chemical facilities and the Gramm-Leach-Bliley Act enhances competition by providing a prudential framework in the financial services industry. HIPAA privacy rules for healthcare and NERC/FERC security regulations in the energy sector also moderate the actions of companies.
Furthermore, U.S governments face compliance with the Federal Information Processing Standard Publication 201 (FIPS 201) and the Homeland Security Presidential Directive 12 (HSPD-12) credentialing requirements. Airports are regulated by TSA, while Banking companies seek to comply with Basel II requirements, which consist of recommendations on banking laws and regulations. Pharmaceutical companies are regulated by the Drug Enforcement Administration, which aims to combat drug smuggling and use within the United States. Centralized identity management systems allow managers to easily monitor regulatory infractions and proactively enforce security policies and rules. Effective security software systems enable compliance initiatives to be automated in real time to create a transparent, traceable and repeatable global process to manage governance and compliance. To comply with regulations takes strict governance of security controls across both physical and IT infrastructures and management of risk on a holistic level.