| e of security is changing dramatically. Many | | | | critical and emergency situations and achieve |
| organizations are now looking to bridge physical and | | | | compliance with regulations, such as the U.S. Homeland |
| logical access systems for unified enterprise security | | | | Security Presidential Directive -12 (HSPD-12) or Federal |
| management, and as these companies are realizing | | | | Information Processing Standard (FIPS). HSPD-12, |
| the benefits of a converged solution, the industry is | | | | which mandates a common identification standard for |
| beginning to redefine the role of security. | | | | U.S. federal employees and contractors, was issued |
| All organizations need to protect their corporate | | | | by the U.S. Executive Office of the White House in |
| assets — whether it’s preventing the | | | | 2004. The convergence of these two technologies |
| theft of office equipment, providing a safe environment | | | | provides the two-factor authentication that ensures |
| for employees and their belongings, or keeping hackers | | | | compliance with these regulations. |
| and industrial saboteurs from wreaking havoc with | | | | When physical and logical access security |
| networks, applications and databases. Yet, because | | | | components work together, organizations can use |
| physical and logical security has traditionally been | | | | them to complement and reinforce one another. For |
| handled by separate organizations and technologies, | | | | example, a network access policy could be |
| few companies could envision the benefits from their | | | | established that would grant a user logical access to |
| convergence. | | | | applications only if that user had first swiped his or her |
| Physical and IT security departments have been | | | | employee badge that day when entering a facility or |
| operating as distinctive entities for years. Security | | | | restricted area. Furthermore, companies can grant or |
| concerns around networks and databases have | | | | refuse network access based on a user’s |
| caused organizations to ask why physical and logical | | | | physical location, user role and/or employee status. |
| security systems cannot work together to share | | | | This means that all users must physically badge in to |
| real-time data and strengthen each other. | | | | use the organization’s facilities and |
| As a practical definition, converged security | | | | networkand cannot access their company’s |
| refers to the integration of physical access systems | | | | virtual private network (VPN) while already logged into |
| and related technologies (such as magnetic cards and | | | | the building. This prevents fraudulent user log-ins, further |
| readers) with identity management and user | | | | raising the protection of each user’s identity and |
| authentication technologies (such as enterprise single | | | | the organization as a whole. |
| sign-on, tokens and proximity cards). This integration | | | | Tailgating is a common security problem in which a |
| enables an organization to establish and manage a | | | | person without an ID badge gains access to a facility |
| single, consolidated repository of all user authentication | | | | by following closely behind another person who has |
| credentials and to employ a centralized means for | | | | just swiped his or her badge. With convergence, logical |
| establish access policies for all physical and logical | | | | access security can be set up to alert corporate |
| resources. | | | | security whenever employees who have not swiped |
| The concept of converging physical and logical access | | | | their badges attempt to log onto PCs, thereby |
| security is not new. It has been around for some time, | | | | providing a means to better enforce badge-swipe |
| but historically, implementation has been a problem. | | | | compliance and facilitates the enforcement of |
| Because physical and logical security systems | | | | company anti-passback/tailgating building access |
| traditionally operated in totally independent worlds with | | | | policies. |
| no reason to interconnect, convergence has always | | | | Convergence provides companies with affordable, |
| been costly and complex. Various vendors have tried | | | | two-factor authentication (complex passwords and a |
| to solve this problem using approaches such as | | | | second form of identification), which is recommended |
| multifunction cards, pure identity management solutions | | | | by experts as the best protection against unauthorized |
| and consolidating reporting systems. For a variety of | | | | application access. Convergence at the system level |
| reasons, these efforts have not been successful and | | | | enables reuse of the existing card based infrastructure |
| proved costly and extremely time consuming to | | | | and would allow even badges with magnetic stripes to |
| implement - often taking several years coupled with | | | | be used as the second factor, sparing organizations |
| major investments. However, an opportunity now | | | | the cost of additional smart cards, tokens, or biometric |
| exists for the worlds of physical and logical access | | | | scanning systems while at the same time |
| security to come together at last. | | | | strengthening IT security. |
| Physical and logical convergence makes it possible for | | | | With the convergence of physical and logical security |
| organizations to have | | | | systems, organizations have the ability to coordinate |
| One identity-based system for managing all | | | | responses to problems and/or emergency situations. |
| physical and logical access; | | | | For example, when employees resign or are |
| A unified network policy for both network and | | | | terminated, there is often a lag time of days or even |
| remote access that leverages card status and user | | | | weeks between when their physical access rights and |
| location information from physical access systems; | | | | logical access rights are terminated. This situation often |
| Tight correlation between building, LAN and remote | | | | results in disgruntled former employees logging in |
| VPN access for a tighter security posture; | | | | remotely and stealing confidential data. Convergence |
| Enforcement of company anti-passback/tailgating | | | | prevents this problem by allowing organizations to |
| building access policies; | | | | terminate physical and logical access privileges |
| Exchange of events and alarms from the physical | | | | simultaneously. |
| access system to the logical access system; | | | | What organizations are ultimately looking for is greater |
| An identity-based reporting system for use in | | | | control over all aspects of their company’s |
| forensic investigations; and | | | | security. Convergence allows organizations to |
| A streamlined workflow for creating, deleting and | | | | maximize the security potential of both systems to |
| modifying user identities from both systems | | | | protect corporate assets at the while not forcing |
| simultaneously. | | | | dramatic workflow changes on the employees. |
| With the convergence of physical and logical security | | | | Organizations of all sizes and types are taking the first, |
| technologies, organizations now have new | | | | positive steps toward physical and logical access |
| opportunities to better coordinate security resources in | | | | security convergence and a more secure future. |