HOT TOPICS
- Access Control/Identity
- Airport Security
- Business Continuity
- CCTV
- Dealers and Integrators
- Emerging Technologies
- Facility Security
- Fire/Life Safety
- Government
- Homeland Security
- Homeland/Urban Area
- Identity Management / Biometrics
- International
- IP Video
- IT Security
- Monitoring
- Network-Centric Security
- RFID
- School Security
- Transportation Security
- Video Surveillance
- Wireless Networks
Resource Center
- Products
- Industry Directory
- Vendor Catalogs
- Classifieds
- Resources
- Newsletter Subscribe
- Letter to the Editor
Magazine
Subscribe Now!
About Us
On the Verge to Converge
By David Ting · May 2007
Combined systems ease the burden on physical security, IT compliance
SECURITY policy has typically meant different things to different people within an organization. The facilities management department covers all physical access points, teaching staff to lock all doors and windows before leaving for the night. IT managers keep up to date with the latest patches and ensure users only access the applications and data they are allowed to access.
Despite the common purpose, physical and logical access technologies have existed in separate, parallel worlds for years. Physical access technologies, such as building security systems and employee access cards, are controlled by the corporate security department. Application passwords and firewalls are the domain of the IT department. Each group’s respective networks, technology paths and user interfaces are completely separate, and there is no coordination between the two departments.
Today, however, enterprise security is changing dramatically. Technological advances have finally caught up with security theories, and now many organizations are looking to bridge network and building security operations together for unified, enterprise security management.
At the heart of this intersection is security policy.
Enterprise Security Management
Enterprise security is governed by established policies employees are required to follow. Both physical and logical sides of security are tasked with ensuring respective policies are being enforced and actually adhered to by staff on a consistent basis. However, making security policies stick can be tough, especially if it changes the way employees have been working.
For a facilities management department, physical security policies can take many forms. For organizations with door access security, badging into the building is a mandatory requirement for all staff. This creates a problem—the ability to prove everyone who has entered the building has badged in. Employees oftentimes walk in at the same time as another employee who has already used their badge. This process, known as tailgating, results in no record of an individual coming into the building. This not only breaks the organization’s security policy regarding physical access to the enterprise, but it also means it is more difficult to build up a complete list of who is in the building in the event of a fire or other security threat. The result of the behavior is a gaping hole in the physical security side of the enterprise.
Securing Access
By linking the physical access system to the IT infrastructure, employee behavior can be enforced more strictly. For example, if an employee does not badge into the building, their access to IT assets can be denied. When logging in, the network can automatically query the building access system to check if the person has signed into the premises. If they have not, access will be denied until they swipe their card. This approach impacts correct user behavior and reinforces adherence to the company’s policy. Additionally, it enables organizations to enforce an anti-tailgating policy without the need to deploy an expensive and burdensome turnstile-based entrance system.
A building access card also can be used as a factor for gaining access to the IT system. By linking a user’s password to the building access card, an organization can roll out strong authentication for staff without having to invest in additional tokens, biometric readers or another form of two-factor authentication. As most building access cards are short-range RFID devices, a USB reader connected to the PC also can act as a method for secure network access. Having an additional factor replace the standard password for access means overall enterprise security is much tighter, and unauthorized access is more difficult to achieve and easier to detect.
Using a building smart card as an authentication method to gain access is not new. However, previous approaches to using the cards have not integrated the typically disparate systems. Instead of linking the two systems together and allowing the IT access system to query the building access server, a user within an organization will sign into two separate, siloed systems that happen to use one smart card. The combined approach integrates building and IT security at a system level and allows security policies to be managed and enforced across the physical and network layers. Additionally, it allows for one activity report for both systems—something that is necessary for proof of compliance.
Uniting Facilities Management
Convergence of physical and IT security brings with it the need for businesses to change approaches to managing these areas. Traditionally, there have been distinct areas of the organization responsible for managing IT and physical security. The facilities management department would cover the physical side of enterprise security, while IT issues would be handled solely by the IT manager and team. As these two divisions have completely separate budgets and targets to meet, there’s no reason to cooperate on projects.
This situation is changing. As more physical security systems rely on services provided by the network, IT will ultimately be called to participate in the design and support of physical security systems. A converged management approach allows both departments get the information required at a lower cost than what would be possible through separate systems.
Using building access systems and IT security together in a converged manner creates an infrastructure that is more secure while offering cost benefits compared to traditionally disparate solutions. Additionally, auditing and reporting within a converged security environment is simpler. Having a single overview of security, whether it is to buildings or IT assets, considerably eases the burden of proving employees are meeting company policy. A converged security system covering both physical access and IT creates an infrastructure where the whole is greater than the sum of its parts.
About the author
David Ting
David Ting is the founder and CTO of Imprivata.
Sponsored Text Links
ID Insurance
Crossing the Chasm: Deterrence to Defeat
In this age of widespread easy access to personal information, identity theft has become the fastest growing and most lucrative crime in America.
Info. Security
Leaving Your Mark
Today’s mobile professionals carry more sensitive information than ever before. A single laptop can contain information that can be valued in the millions, if not billions, of dollars.
New Webinar
UHF Gen 2 RFID Expands Possibilities
When you think about security access and tracking solutions, now you can start thinking differently.
Poll
Podcasts
Home Page | Magazine | News | Products | Industry Directory | Community | Resource Center | Classifieds | Services/Advertising
Water & Wastewater News |
Occupational Health & Safety |
Federal Computer Week
Campus Technology |
Contingency Planning & Management
Copyright 2008 1105Media Inc. See our Privacy Policy
Reproduction in whole or in part in any form or medium without express permission of 1105 Media Inc. is prohibited.
