Custom Search
|
|
The Identity Ties That Bind
In the physical security world, building access cards have similar benefits to SSO - authenticating employees, enabling them to access authorized areas, while ensuring security of the physical facilities and employees. In both cases, a person’s identity is represented by something verifiable (a password or an access card) that enables them to access organizational assets (on a network or in a building). By bridging together physical access systems with single sign-on efficiencies, organizations can provide a finer level of authentication, closing security gaps often overlooked when the two security arms of an organization are kept in separate silos. Here are three ways in which bridging these typically disparate systems together can offer greater efficiencies: Increased Usability without Compromise to Security Passwords prevent unauthorized users from accessing applications to keep networks secure. However, as users are required to remember more and more passwords, they often resort to writing them down and leaving them in plain view where a nefarious person could find them and use them to gain unauthorized access. This results in every desktop becoming another point of vulnerability in the corporate security armor. To combat this, strong password policies are typically put in place to mandate the use – and frequent changing – of passwords that, in the interest of preventing password theft, are intentionally complex and difficult to remember. This too exacerbates the problem, resulting in password policy non-compliance, increased security risk and spiraling help desk costs. SSO solutions were developed to tackle these challenges, offering a relatively simple, effective and affordable way to ensure that only authorized users can gain access to important business applications. In organizations that have implemented SSO solutions, users are thrilled to eliminate the password management struggles, enabling them to work more productively, while the IT department can be sure that the security of the network is in tact. More simply, they make accessing applications easy for the user without complicating security. In the physical access world, buildings are akin to the networks in the logical world. Access cards take the place of passwords, enabling authorized users to enter a building or a specific room or area within a building. However, users often skip the step of badging in by following closely behind the person who badged in before them (a practice known as tailgating). While authorized users are often guilty of tailgating, this creates a security hole that needs to be patched because if tailgating is not eliminated, the physical security team has no idea who is and who is not inside. Just as SSO solutions eliminate the bad password management behaviors, tying building access to network access can eliminate tailgating and close that security hole. The best way to get employees to badge in is to tie that action to things they need (network access). Establish a procedure that links the swiping of a card for building access to the ability to get online once the user reaches his desk. When these two systems are tied together, employees won’t tailgate or forget to badge in because they won’t be able to do their log onto the network and start their work day. This practice does not require any additional action on the part of the user but rather it enforces the behavior (badging in) that should be done every day anyway. Centralized Management for Monitoring and Reporting SSO solutions enable enterprises to centrally manage passwords, meaning organizations can monitor, capture and log password-related user access events in one centralized database. This permits administrators to easily monitor access records for every user, application or workstation in one central location. Having this record of application access offers an added level of protection as administrators can see, for instance, if there are users that are sharing credentials to confidential applications. Without a centralized view, unauthorized access is not so simple to detect. In the physical world, a user’s location is monitored and recorded based upon where and when he/she swiped his/her badge. If there is an event at the physical location such as a fire where people are trapped inside, you know where people are based upon their last badge in. By managing this in one place, the physical security team has finer data in order to have more confidence when making security-related decisions and can more accurately monitor the building for any potential breaches, just as SSO enables the IT team to monitor the network for any security infractions. The same efficiency can be realized with a converged security solution. By uniting an employee’s identity across networks and building access, an organization can create one converged access policy for allowing or denying network access based on a user's physical location, role, and/or employee status. By incorporating events from physical security access systems into network access decisions, organizations have broader monitoring and reporting capabilities from which to better demonstrate regulatory compliance and ensure corporate security procedures are adhered to enterprise-wide. Security Policy Automation SSO solutions enable IT administrators to implement a clear, straightforward password policy across all SSO-enabled applications based on users’ primary authentication. With SSO, administrators can change automatically password constraints (minimum/ maximum length, reset intervals, auto resets, etc.), manage authentication challenges and accommodate application-generated password reset requests. This automation of password policies significantly reduces the IT burden. Access cards on the physical security side perform in a parallel way. Tying building access to the card automates the enforcement of the physical security policy of everyone in the building signing in and out when entering or leaving the building. Physical security administrators can also change access constraints and manage authentication challenges in order to maintain appropriate levels of building security. Just like with SSO, the access cards automate building access polices that, in turn, significantly reduce the physical security burden. By converging these two typically disparate systems, an enterprise’s entire security posture is covered from the building doorway to the user’s computer. As a result, the security team can apply policies that dictate what an individual can access under what circumstances based on specific criteria, such as location and employee status. Organizations can thus easily authenticate employees, enabling them to access authorized areas within the building and on the network, while ensuring security of the physical facilities, IT systems and employees. Convergence Now IT departments have realized the clear security benefits and efficiencies of SSO on their networks, while physical security professionals have seen the value provided by building access cards on their building’s security. Today with the onset of technologies that are simplifying the convergence of the two systems, the benefits of convergence is at hand. As showcased above, those organizations that tie together their physical and logical security systems can realize similar yet improved benefits to single sign-on for the most secure enterprise possible. Article Directory: http://www.articledashboard.com Imprivata, Inc. 10 Maguire Road Building 4 Lexington, MA 02421-3120 USA phone: 781-674-2700 fax: 781-674-2760 toll-free: 1-877-OneSign |
|