Alert Enterprise Presents: The SIA 2024 Security Convergence Report – read more HERE.

The Essential Pillars of PIAM

March 15, 2022

People entering and exiting an office space utilizing electronic access technology.

Physical Identity Access Management (PIAM)

For today’s enterprise on a digital transformation journey, there are four essential pillars of Physical Identity Access Management (PIAM) to consider:

Converged Cyber-Physical Onboarding and Offboarding

Immediate benefits arise from linking the most obviously siloed sources of identity information. Connecting the Human Resources Management System (HR) with the Physical Access Control Systems (PACS) delivers immediate integration value and allow managers to make timely, informed decisions about facility or corporate access requests based on job role, function and relevance.

Another opportunity lies in linking PACS with IT directories that track who has access to corporate applications and resources such as the network, email, messaging, databases, etc. Some examples include LDAP – Lightweight Directory Access Protocol and AD – Active Directory.

Creating this critical connection delivers visibility into an individual’s role in the organization, their job function, the amount of facility access they need to get their job done as well as the amount of system or application access and authorization required to be productive while adhering to security policies.

A graphic that demonstrates all of Enterprise Guardian (PIAM)'s capabilities.

True Threat Prevention in Action

The power of security convergence is most evident when it automates and detects seamlessly across more than one domain, like IT and physical security. Consider this real-world scenario: A utilities company employee enters the company via the main lobby, takes the elevator to his floor and “badges in” to gain access through that level’s main door. He proceeds to his desk and signs into the company network to access his email, etc. At the same time, someone else is using the identical access credentials remotely via a VPN (Virtual Private Network). Obviously, he can’t be physically present locally and remotely. A converged cyber-physical PIAM platform detects the external intrusion by automatically identifying the access anomaly and allows security to immediately disable access, preventing a potential threat.
A graphic that lists out services related to true prevention with access approvals, Alert Enterprise corporate instance, firewall, and Alert Enterprise CIP Instance. This is a centralized way to disable all access.
Graphics on a computer than represent self-service access, where a user can request access for their manager to approve.
Does your organization currently send separate manual access requests to each department and then wait for what seems like an eternity before each department responds? Do requests for supporting information sometime stay in those departments and never get back to the requestor? You’re not alone. This outdated approach is time-wasting, unproductive and leaves security in limbo. Self-service access capabilities empower your users, managers and area owners and reduces the burden of security staff so they can focus on critical areas. The system automates the tedious task of collecting information related to access requests. The requestor receives acknowledgement followed by confirmation. Automated workflow capabilities notify managers quickly so they can approve access and keep staff on task and productive. It’s fast and secure.

Automated Physical Access Reviews and Re-Certification

Periodic access review and re-certification has been an audit mainstay in the IT world. However, this is often overlooked when it comes to decisions regarding physical access. Change is constant as it applies to the modern workforce ‘hire-to-retire’ journey. As each employee and contractor reach new milestones within their journey (promotions, location change, education and training) it’s important to automate the periodic review of their roles, access and security policies prior to additional access being granted. This prevents ‘access-creep’ and ensures access previously granted is still valid and re-certifies it against your most up-to-date security policies and compliance standards.
A graphic representing "My Credentials, IT, Physical & OT Access Rights," showing personal experiences at an individual's work.

Identity Intelligence and Risk Scoring

The combined categories of employees, contractors, vendors and visitors who have been granted access to the organization at any given point in time comprise the badged population. Security managers need to know how just how large this population is, what risks they pose to the enterprise and how to mitigate it. Incorporating risk scoring and behavior patterns into an identity profile allows for proactive risk analysis before granting or removing access.

Identity Intelligence technology is powered by artificial intelligence and machine learning in combination with an active policy enforcement rules-based engine to reveal critical risk insights. For example, John Q is a control room worker who has been following a steady shift pattern of working 9-5, Monday through Friday. He suddenly starts showing up at midnight on a Saturday and uses his work badge to access a secure area. The deviation from the pattern of 9-5 on weekdays and the exception to the rules – that people with John’s role should not be accessing a room that stores critical assets – sets off an automated series of alerts to management stakeholders including security personnel.

The automatic baseline of identity profiles allows Identity Intelligence technology to quickly sort through millions of events to detect anomalies and trends for an effective response to potential malicious behavior and policy violations.

Next Steps

Enterprise Guardian software incorporates all four essential components of effective PIAM, allowing you to turn PIAM into a true business enabler.

Wherever you are in your PIAM journey, there’s no better time to step into the future of identity. Connect with our identity and security convergence experts to discuss your next steps.

A black and white headshot of David Cassady.

David Cassady

Chief Strategy Officer

David Cassady has been selling and leading teams in Silicon Valley for more than 30 years. During that time, he’s led a mix of established software players and startups. Cassady has also been involved with five IPOs — and at least as many acquisitions. 

As Chief Strategy Officer, David leverages his extensive experience helping software businesses drive growth through deep and impactful partnerships with the world’s most successful SaaS providers like ServiceNow, Microsoft and SAP. 

A black and white headshot of Mark

Mark Weatherford

Chief Security Officer
Senior Vice President, Regulated Industries

Mark Weatherford brings years of high-level cyber-physical expertise to Alert Enterprise, and as Chief Security Officer (CSO), he guides the strategy of data management and protection by advising cyber-physical security policies and procedures within the company. Weatherford also works in liaison with businesses and executive professionals in the cyber and physical security industries to further accelerate security convergence adoption.

Mark has held numerous high-level cyber-centric positions, including Vice President and Chief Security Officer at the North American Electric Reliability Corporation (NERC), the Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity under the Obama administration, California’s first Chief Security Officer, and the first CISO for the state of Colorado.

A black and white headshot of Harsh Chauhan

Harsh Chauhan

Chief Technology Officer

As Chief Technology Officer (CTO) of Alert Enterprise, Harsh Chauhan is responsible for the company’s engineering technology innovation and solution delivery. A 20-year technology veteran and leader, Chauhan is focused on the growth of the company’s 3D Governance Risk Compliance (GRC) hyperscale cloud platform.

He also continues to develop integrated solutions with leading technology partners like SAP, SAP NS2, and ServiceNow. Before Alert Enterprise, Mr. Chauhan held multiple CTO positions, as well as Product Owner and Head of Development at SAP GRC 10.0, delivering targeted solutions to high-profile SAP clients.

Ruby Deal headshot

Ruby Deol

Chief Operations Officer

Ruby Deol oversees all business units at Alert Enterprise. With more than 20 years of experience in global sales and support services, Deol nurtures existing client relationships with a customer-first approach. As Alert Enterprise continues to grow in industry recognition and stature, Deol is charged with developing and implementing methods to meet organization goals and facilitate the company’s ongoing transformation.
A black and white headshot of Kaval

Kaval Kaur

CFO and Co-Founder

As Chief Financial Officer (CFO) and Co-Founder of Alert Enterprise, Kaval Kaur leads all finance and administrative back-office operations. Kaur is a member of the national professional organization American Institute of Certified Public Accountants (AICPA) and the California State CPA Society.

Prior to joining Alert Enterprise, she was the CFO and Co-Founder of Virsa Systems, a position she held until its acquisition by SAP.

Kaur is a philanthropist at heart, embracing the diversity of the San Francisco Bay area by assisting with and promoting special cultural events. She recently sponsored 2,000 public schools in rural India to advance computer literacy skills for children and is a foster mother to a 10 year old.

Jasvir Gill

Founder and CEO

Leading the charge of digital transformation and security convergence is Jasvir Gill, Founder and CEO of Alert Enterprise, Inc. An accomplished engineer by trade, Gill is driving the long-overdue digital transformation of the physical security industry.

Prior to launching Alert Enterprise, Gill was the founder and CEO of Virsa Systems, where he grew the company into a global leader of application security software. An early pioneer in establishing governance, risk and compliance as a software market segment, he drove exponential growth at Virsa, facilitating its acquisition by SAP in 2006.

In his free time, Jasvir helps drive social and economic empowerment in the community. He’s also a trustee at the American India Foundation.