For today’s enterprise on a digital transformation journey, there are four essential pillars of Physical Identity Access Management (PIAM) to consider:
- Converged cyber-physical onboarding and offboarding
- Self-service access request across the enterprise
- Automated physical access reviews and re-certification
- Identity Intelligence and risk scoring
1. Converged Cyber-Physical Onboarding and Offboarding
Immediate benefits arise from linking the most obviously siloed sources of identity information. Connecting the Human Resources Management System (HR) with the Physical Access Control Systems (PACS) delivers immediate integration value and allow managers to make timely, informed decisions about facility or corporate access requests based on job role, function and relevance.
Another opportunity lies in linking PACS with IT directories that track who has access to corporate applications and resources such as the network, email, messaging, databases, etc. Some examples include LDAP – Lightweight Directory Access Protocol and AD – Active Directory.
Creating this critical connection delivers visibility into an individual’s role in the organization, their job function, the amount of facility access they need to get their job done as well as the amount of system or application access and authorization required to be productive while adhering to security policies.
True Threat Prevention in Action
The power of security convergence is most evident when it automates and detects seamlessly across more than one domain, like IT and physical security. Consider this real-world scenario: A utilities company employee enters the company via the main lobby, takes the elevator to his floor and “badges in” to gain access through that level’s main door. He proceeds to his desk and signs into the company network to access his email, etc. At the same time, someone else is using the identical access credentials remotely via a VPN (Virtual Private Network). Obviously, he can’t be physically present locally and remotely. A converged cyber-physical PIAM platform detects the external intrusion by automatically identifying the access anomaly and allows security to immediately disable access, preventing a potential threat.
True Prevention – Converged IAG | NERC-CIP Compliance | Centralized way to disable ALL access
2. Self Service Access
Does your organization currently send separate manual access requests to each department and then wait for what seems like an eternity before each department responds? Do requests for supporting information sometime stay in those departments and never get back to the requestor? You’re not alone. This outdated approach is time-wasting, unproductive and leaves security in limbo. Self-service access capabilities empower your users, managers and area owners and reduces the burden of security staff so they can focus on critical areas. The system automates the tedious task of collecting information related to access requests. The requestor receives acknowledgement followed by confirmation. Automated workflow capabilities notify managers quickly so they can approve access and keep staff on task and productive. It’s fast and secure.
3. Automated Physical Access Reviews and Re-Certification
Periodic access review and re-certification has been an audit mainstay in the IT world. However, this is often overlooked when it comes to decisions regarding physical access. Change is constant as it applies to the modern workforce ‘hire-to-retire’ journey. As each employee and contractor reach new milestones within their journey (promotions, location change, education and training) it’s important to automate the periodic review of their roles, access and security policies prior to additional access being granted. This prevents ‘access-creep’ and ensures access previously granted is still valid and re-certifies it against your most up-to-date security policies and compliance standards.
4. Identity Intelligence and Risk Scoring
The combined categories of employees, contractors, vendors and visitors who have been granted access to the organization at any given point in time comprise the badged population. Security managers need to know how just how large this population is, what risks they pose to the enterprise and how to mitigate it. Incorporating risk scoring and behavior patterns into an identity profile allows for proactive risk analysis before granting or removing access.
Identity Intelligence technology is powered by artificial intelligence and machine learning in combination with an active policy enforcement rules-based engine to reveal critical risk insights. For example, John Q is a control room worker who has been following a steady shift pattern of working 9-5, Monday through Friday. He suddenly starts showing up at midnight on a Saturday and uses his work badge to access a secure area. The deviation from the pattern of 9-5 on weekdays and the exception to the rules – that people with John’s role should not be accessing a room that stores critical assets – sets off an automated series of alerts to management stakeholders including security personnel.
The automatic baseline of identity profiles allows Identity Intelligence technology to quickly sort through millions of events to detect anomalies and trends for an effective response to potential malicious behavior and policy violations.
Enterprise Guardian software incorporates all four essential components of effective PIAM, allowing you to turn PIAM into a true business enabler.
Wherever you are in your PIAM journey, there’s no better time to step into the future of identity. Connect with our identity and security convergence experts to discuss your next steps.