Search for:

Articles 

Contact us 

Media 

News 

Events 

Links 

Free Downloads 

 

Article > Back Home

  

Security Convergence and its Impact on Identity
By John Petze

A converged approach to protecting physical and logical corporate assets is one of the most enticing, yet daunting risk management initiatives facing CSOs today. A wholly converged approach streamlines all security systems and processes to create both efficiencies and economies of scale. It’s difficult for any organization concerned with the bottom-line to debate its usefulness. But contrary to popular discussion, security convergence is about much more than just connecting everything to an IP network, something we hear a lot about these days. A comprehensive convergence strategy should extend beyond the security equipment itself, to encompass convergence of identity and the associated identity management processes.

A simple use case highlights the need for convergence. An executive arrives at his office to discover that his laptop computer is missing. This machine contains sensitive corporate data. Is this a physical or logical security breach? In the words of a famous 1980’s movie – “who you gonna call?”

The answer is that it is both a physical and logical security issue, or more correctly, it is a converged security issue. The lines of separation should no longer apply.

What do we mean by Convergence?
Convergence is the unification of all security systems in an organization under a single IT infrastructure AND unification of all security functions and processes under a single management environment, with the goal of increasing effectiveness and reducing costs.

There are many elements in a converged security implementation and most directly relate to the unique needs, existing systems and security posture of the individual organization. No two implementations are alike. Common attributes of converged environments include: the management of physical and logical (IT) security and access control functions by the same C-level executive (typically CSO, CIO), and the use of a single IP-backbone for all security systems - physical access control hardware, video, intrusion detection, etc., managed by the IT function of the organization.

Challenges to Achieving Convergence
Achieving effective security convergence is far from easy. There are obstacles – most of which are tied to the legacy systems and processes related physical access control systems whose roots go far farther back than those of IT security domains. Some of the primary challenges include:

    Management by different organizations. Physical and logical access control are typically managed by two distinct divisions within a company – in many cases by parallel functional groups with minimal interaction and different agendas. Addressing this chasm between domains is fundamental to moving towards converged access management.

    Incompatible hardware and software infrastructure. The back-end systems that control physical access (read cards, open doors, maintain access schedules, etc.) have a different heritage than IT systems. Newer systems may be connected to IP (Ethernet networks), but at their heart, physical access control systems are typically embedded processors running non-Windows operating systems. The user interface software may be a Windows application, and the central database of users and privileges is stored in a standard enterprise class database, but the control panels that do the work of reading cards and opening doors are typically proprietary hardware platforms that utilize few, if any, recent IT standards. All of this poses a significant hurdle for the IT staff to consider taking over management of these systems, beyond simply managing their presence on the network.

    Diverse Identity Credentials. Just as a door reader does not accept a username and password, IT access systems rarely use physical access credentials, such as key or proximity RFID cards, for logging onto a PC, signing email or encrypting a file. Any effort to converge these two domains must address the unification of identity across systems, as well as the management of the different credentials required to access them. Doing so not only simplifies the user’s life, but results in considerable cost savings by eliminating the duplication of effort from multiple issuance processes.
Identity Convergence – a New Approach
Even when systems have been converged on the back-end, the front-ends typically remain fractured such that individuals continue to have multiple “identities” – one or more in each of the different security systems (physical, logical, etc.), each managed independently from one another, like multiple accounts.

Achieving identity convergence, in which individuals have a single identity (account) across all systems and multiple credentials as required for access, requires a rethinking of identity and credentials (they are two separate things). As security systems proliferate, and a user’s “identity” becomes duplicated across many different systems, organizational redundancies are created. The duplication of effort is not only non-scalable and difficult to manage, but can also lead to security weaknesses and gaps.

It is time to move from an equipment-centric model to an identity-centric model. The primary objective should be to properly manage user identities across an entire organization, not by individual security systems. Control panels and their unique methods of recording identities and access privileges then become technical details. To realize the true benefits of convergence, the identity of users and the management of their identity through their tenure with an organization should be the focal point of identity and credentialing process.

What is needed is a unified identity solution that works across all security systems – both physical and logical.

Dramatic advances in identity verification technologies are fulfilling this need. It is now possible to provide users with tokens that securely hold multiple credentials and only deliver them after the user verifies their identity via fingerprint biometrics. This approach provides the benefits of:

  1. Consolidation of credentials by eliminating the need to carry multiple devices, cards or tokens. This reduces complexity for users and security risks associated with lost and stolen cards.
  2. Compatibility with existing physical and logical security systems to minimize the impact and cost of deployment through the ability to transmit standard credential formats.
  3. Reliable, accurate identity authentication through biometrics.
Benefits of Convergence
Benefits of true identity convergence include those that apply to the user and those that apply to the organization. Most of the benefits to the user, and many of the benefits to the organization, result from the convergence of identity as a part of the larger security convergence picture.

For the user the prime benefit is a simpler work life. There is less to remember (no more passwords!) and less to carry. Imagine one secure identity token that can provide all of the credentials needed for the processes and transactions encountered in our business life.

For the organization the benefits include:

  1. lower costs by eliminating issuance and management of multiple credentials;
  2. simplified management of identity across the various enterprise functions that depend on it;
  3. the elimination of security loopholes from tighter management of issuance and management of identity credentials;
  4. heightened security from the ability to integrate biometric technology at the user level and provide reliable identity verification; and,
  5. simplified regulatory compliance from robust identity verification and access control audit trails.
What’s Convergence without Identity Convergence?
Heightened security demands, new regulations, escalating costs – all these factors are driving the need to manage overall security and access control as a single function. It is time to converge, and a key part of that process is the inclusion of identity verification, for simplicity and heightened security. Strong identity verification, as part of a Unified Identity Management environment, needs to be a fundamental part of the journey to the true convergence of security systems.

About the Author:
John Petze is President & CEO of Privaris Inc. Petze is an experienced technology executive, having held the position of CEO, CTO, VP of Marketing and Product Management, VP of Product Development and VP of Operations over his 25-plus year career. He possesses a technical background and extensive experience leading new product development, marketing programs and customer support organizations. His experience spans hardware and software development, automation systems, networking and Internet technologies.

© IMPIRE Communications, LLC All Rights Reserved.  Website designed & managed by Oculus Networks