Converging Physical, Logical Security Boosts Effectiveness
Integrating physical access systems with related technologies such as RFID and enterprise single sign-on tools can help companies strengthen their edata security programs, said a new white paper from Imprivata.
Access control is one of the most important, and challenging, compliance issues for FDA regulated companies, consultants and company IT staff have frequently told PIR.
The integration "enables an organization to establish and manage a single, consolidated repository for all authentication credentials, and to have a centralized means of setting access privileges for both physical and logical resources," noted the white paper, titled "Bridging the Great Divide: The Convergence of Physical and Logical Security."
Done effectively, an identity-based convergence allows companies to have:
One identity-based system for managing all physical and logical access; A unified network policy for both network and remote access that utilizes card status and location data from physical access systems; Exchange of events and alarms from the physical access system to its logical access counterpart; and A streamlined workflow for creating, deleting and modifying user identities at the same time in each system.
Many companies leverage one or several of the available physical and logical security tools, but alone those tools don't provide all the benefits of a converged solution, Imprivata said. Effective converged solutions must:
Approach security from a holistic view; Offer "fine-grained, zone-based" logical access tied in with the user's badge status and location; and Have monitoring and reporting capabilities that can demonstrate compliance with the Health Insurance Portability and Accountability Act, among other regulatory compliance requirements.
Convergence is increasingly important, in part because auditors recognize that corporate resources such as proprietary and sensitive edata "cannot be secured by door locks and firewalls alone," the white paper noted.
Convergence scenario: When an organization implements a converged physical and logical access security solution, it can support a range of company security policies. For example, with a converged solution on network access, an organization would be able to set policies with a variety of conditions, including:
A user is granted both network and remote access only with a valid ID badge; A user is granted network access only if he or she has logged in within a specified time after entering the facility; and A user is granted network access only upon entry through a specific door or zone.
There has also been something of a convergence when it comes to new technologies and best practices that make achieving physical and logical security convergence much easier, the paper added.
The reason: Widespread adoption of internet protocol (IP). IP has become the "de facto standard for corporate IT networking," and essentially provides a common protocol that reduces wiring requirements, deployment time and cost. In addition, open standards such as Open Security Exchange and PHYSbits are "being defined to enable easier physical and logical access security integration," the white paper said.
These and other developments suggest that converged physical and logical access security systems "will no longer be too costly or complex to deploy," Imprivata said. -- Michael Causey