News Article
The Essential Pillars of PIAM
For today’s enterprise on a digital transformation journey, there are four essential pillars of Physical Identity Access Management (PIAM) to consider:
- Converged cyber-physical onboarding and offboarding
- Self-service access request across the enterprise
- Automated physical access reviews and re-certification
- Identity Intelligence and risk scoring
1. Converged Cyber-Physical Onboarding and Offboarding
Immediate benefits arise from linking the most obviously siloed sources of identity information. Connecting the Human Resources Management System (HR) with the Physical Access Control Systems (PACS) delivers immediate integration value and allow managers to make timely, informed decisions about facility or corporate access requests based on job role, function and relevance.
Another opportunity lies in linking PACS with IT directories that track who has access to corporate applications and resources such as the network, email, messaging, databases, etc. Some examples include LDAP – Lightweight Directory Access Protocol and AD – Active Directory.
Creating this critical connection delivers visibility into an individual’s role in the organization, their job function, the amount of facility access they need to get their job done as well as the amount of system or application access and authorization required to be productive while adhering to security policies.
Another opportunity lies in linking PACS with IT directories that track who has access to corporate applications and resources such as the network, email, messaging, databases, etc. Some examples include LDAP – Lightweight Directory Access Protocol and AD – Active Directory.
Creating this critical connection delivers visibility into an individual’s role in the organization, their job function, the amount of facility access they need to get their job done as well as the amount of system or application access and authorization required to be productive while adhering to security policies.
True Threat Prevention in Action
The power of security convergence is most evident when it automates and detects seamlessly across more than one domain, like IT and physical security. Consider this real-world scenario: A utilities company employee enters the company via the main lobby, takes the elevator to his floor and “badges in” to gain access through that level’s main door. He proceeds to his desk and signs into the company network to access his email, etc. At the same time, someone else is using the identical access credentials remotely via a VPN (Virtual Private Network). Obviously, he can’t be physically present locally and remotely. A converged cyber-physical PIAM platform detects the external intrusion by automatically identifying the access anomaly and allows security to immediately disable access, preventing a potential threat.
True Prevention – Converged IAG | NERC-CIP Compliance | Centralized way to disable ALL access
2. Self Service Access
Does your organization currently send separate manual access requests to each department and then wait for what seems like an eternity before each department responds? Do requests for supporting information sometime stay in those departments and never get back to the requestor? You’re not alone. This outdated approach is time-wasting, unproductive and leaves security in limbo. Self-service access capabilities empower your users, managers and area owners and reduces the burden of security staff so they can focus on critical areas. The system automates the tedious task of collecting information related to access requests. The requestor receives acknowledgement followed by confirmation. Automated workflow capabilities notify managers quickly so they can approve access and keep staff on task and productive. It’s fast and secure.
A Fortune 100 diversified healthcare enterprise with upwards of 20,000 employees and contractors, found that over 75% of their workforce identity and access request could be automated with PIAM software from AlertEnterprise.
The same healthcare enterprise estimated that an AlertEnterprise physical identity access management can save hundreds of thousands on budgeted manpower based on eliminating the manual processing of identity and access related request tickets.
3. Automated Physical Access Reviews and Re-Certification
Periodic access review and re-certification has been an audit mainstay in the IT world. However, this is often overlooked when it comes to decisions regarding physical access. Change is constant as it applies to the modern workforce ‘hire-to-retire’ journey. As each employee and contractor reach new milestones within their journey (promotions, location change, education and training) it’s important to automate the periodic review of their roles, access and security policies prior to additional access being granted. This prevents ‘access-creep’ and ensures access previously granted is still valid and re-certifies it against your most up-to-date security policies and compliance standards.
4. Identity Intelligence and Risk Scoring
The combined categories of employees, contractors, vendors and visitors who have been granted access to the organization at any given point in time comprise the badged population. Security managers need to know how just how large this population is, what risks they pose to the enterprise and how to mitigate it. Incorporating risk scoring and behavior patterns into an identity profile allows for proactive risk analysis before granting or removing access.
Identity Intelligence technology is powered by artificial intelligence and machine learning in combination with an active policy enforcement rules-based engine to reveal critical risk insights. For example, John Q is a control room worker who has been following a steady shift pattern of working 9-5, Monday through Friday. He suddenly starts showing up at midnight on a Saturday and uses his work badge to access a secure area. The deviation from the pattern of 9-5 on weekdays and the exception to the rules – that people with John’s role should not be accessing a room that stores critical assets – sets off an automated series of alerts to management stakeholders including security personnel.
The automatic baseline of identity profiles allows Identity Intelligence technology to quickly sort through millions of events to detect anomalies and trends for an effective response to potential malicious behavior and policy violations.
Identity Intelligence technology is powered by artificial intelligence and machine learning in combination with an active policy enforcement rules-based engine to reveal critical risk insights. For example, John Q is a control room worker who has been following a steady shift pattern of working 9-5, Monday through Friday. He suddenly starts showing up at midnight on a Saturday and uses his work badge to access a secure area. The deviation from the pattern of 9-5 on weekdays and the exception to the rules – that people with John’s role should not be accessing a room that stores critical assets – sets off an automated series of alerts to management stakeholders including security personnel.
The automatic baseline of identity profiles allows Identity Intelligence technology to quickly sort through millions of events to detect anomalies and trends for an effective response to potential malicious behavior and policy violations.
It is important for security managers to know how large the badged population is, what risks they pose to the enterprise and how to mitigate the risk.
Next Steps
Enterprise Guardian software incorporates all four essential components of effective PIAM, allowing you to turn PIAM into a true business enabler.
Wherever you are in your PIAM journey, there’s no better time to step into the future of identity. Connect with our identity and security convergence experts to discuss your next steps.
Wherever you are in your PIAM journey, there’s no better time to step into the future of identity. Connect with our identity and security convergence experts to discuss your next steps.
Additional Resources:
The Role of Physical Identity Access Management During A Pandemic
3 identity technology considerations for COVID-19
As COVID-19 strengthens its grip across the globe with over 118,000 cases of infected people and the World Health Organization (WHO) declaring it a pandemic, it’s important for us to have a conversation about how and where technology can support enterprise efforts to protect its workforce. Here are three considerations on how a Physical Identity Access Management (PIAM) platform can help…
8 Steps to An Effective Physical Identity Access Management Strategy
Identity, trust and security are at the heart of enterprise digital transformation, making it easier and faster to engage customers and partners, create amazing experiences and offerings and level up operations. Security is now a true business enabler. Here are 8 steps to implement a holistic approach to managing physical and logical identities for employees, contractors, vendors and visitors to align security with business goals and reduce enterprise risk.
6 Ways Visitor Identity Management Transforms Guest Experiences
You know the saying about first impressions. AlertEnterprise Visitor Identity Management (VIM) software makes a powerful first impression for your customers, prospects, vendors, partners and workforce.
CYBER-PHYSICAL SECURITY CONVERGENCE
The digital transformation couldn’t come at a better time for physical security. It ushers in an era of true convergence – where connecting cyber/IT, security and OT data across the enterprise leads to heighted situational intelligence, reduced risk and the integration of critical business processes.
SECURITY IS THE NEW BUSINESS ENABLER TO ACCELERATE ENTERPRISE DIGITAL TRANSFORMATION
As digital technology dramatically improves the economics and capabilities of every business, Digital Transformation or DX, is a quest for high-performance companies to gain further efficiencies/improve operational metrics and pull ahead of their competition.
Take YOUR next step and request a demo today.