Despite the potential risk for security breaches and the recent wave of awareness, many organisations don’t realise that ‘the security threat’, which was once considered exclusively an “outsider” issue, as a result of the growth of IT and Communications resources, has now entered the building and is widely becoming known as an insider threat. This has created an entire new wave of security challenges that have many businesses searching for answers.
The answer is a solution that marries physical security with IT security resources to redefine how they perform identity management access. This concept has been around for quite some time, and yet in the past this move presented a set of challenges that prevented many from taking their first step. The initial hurdle was the fact that access control systems in the IT and physical had little in common technologically. As a result the integration of the two sides was a costly and complex proposition that many were not willing or able to take on.
A second challenge was the lack of interaction between the physical security experts and information technology providers. Under the old model the facilities management department would cover the physical side of things and the IT would be handled by the IT manager with help from their team. This historical separation gave the two parties very little cause to co-operate on a project.
The question is why is the convergence of physical and logical resources so important now? One suggestion is that the catalyst behind IT and physical security working comes from several sources. First it’s a shared sense of urgency driven by both regulations and fear of costly data loss, as well as with its associated negative publicity resulting from security breaches.
Further pressure has been added by evolving business models which have placed great importance on making digital assets available to third parties outside of your physical office as well as your company network, including partners, customers and contractors all of who are in remote locations. The task of ensuring the right information gets to the right user at the right location grows considerably more difficult.
Over the past decade, Internet Protocol (IP) has become the de facto standard for physical access system devices meaning physical security and IT have begun to speak with the same language. The result of this means greater confidence in identifying who is allowed access into the building and onto the network. The list of access devices that are now IP-capable has expanded considerably including cameras, card readers, and access controllers.
With IP enabling physical and logical resources to “talk” to one another, companies today can begin to take advantage of convergence more quickly and easily than they might think by using existing assets to drive new policies for improving confidence, auditing, compliance, privacy and security while lowering overall risk. Strong authentication and strong passwords have been adopted to improve security on the IT side. Physical/logical convergence is essentially just one more dimension, an enforcement mechanism for IT security that is easy to develop and overlay onto existing access policies.
Integrated security information is the key to building greater confidence around users and is especially important as both sides strive for greater security and audit tracking. The best untapped information at the disposal of both IT and physical security leaders is the real-time access data held by each other. By integrating information systems together, the two sides can now share this data and construct new policies that eliminate guess work and assumptions with decisions based on hard data around users.
Almost every company has cards or some form of physical access system. When a person badges into the office, that action is loaded with information that enables the staff to make solid decisions about rights granted to that person. Now when that user enters the building and tries to log on to the network, a check against the physical security system lets the IT system know if that person is allowed in from that particular location. On top of that, specific rules about network access within certain controlled areas of the building. For example, a policy can state that only the IT administrators within certain areas can access a server to make changes.
One small mishap or oversight, whether letting an unauthorized person enter the building or a disgruntled employ accessing confidential company documents, can quickly take on a life of its own. The results can be anything from lost revenue to a tarnished corporate reputation. As a result, companies have taken the lead in looking long and hard at their current security solutions and policies with the goal of creating one complete and unified model. IT is now just another layer in the physical security system and physical security is another layer of authentication.
"
Security Breaches
Identity Management
"
