[BreachExchange] The Operational And Cyber Security Benefits Of An IT-Centric Access Control Solution

Audrey McNeil audrey at riskbasedsecurity.com
Thu May 5 20:30:51 EDT 2016


http://www.bsminfo.com/doc/the-operational-and-cyber-security-benefits-of-an-it-centric-access-control-solution-0001

Ever since security systems and related peripheral devices made the jump to
IP, there has been a desire to combine the two functions to derive greater
intelligence and value from them. This has driven not just a technology
convergence, but also a departmental convergence. The alignment of security
and IT departments within an organization is driven by the desire to
monitor all network devices due to evolving cyber security threats, and the
need to manage access and identity across the enterprise more cohesively.

In today’s enterprise, an organization’s physical access control should
adhere to the same standards and deployment models any other IT application
would. Unfortunately, this is not the reality that most organizations face
due to the fact that some access control systems — the platforms that
monitor physical access to facilities — are based on legacy architectures
that operate in a standalone nature. Increasingly, however, end users are
looking for ways to eliminate these silos as part of a larger effort to
build unified systems that operate with common practices. The first step in
that process occurs when organizations start to view access control as an
extension of identity management.

Because of the growing demand for robust identity management across the
enterprise, an increasing number of organizations are looking to provision
physical/logical identities of users through a common set of rules and
policies. Many organizations in both the public and private sectors have
invested millions of dollars into managing and protecting virtual
identities because of increasing cyber threats, and now it has become
necessary to apply the same rules, policies, and procedures from the
virtual world to elevate and transform physical access control. In this
article, we take a look at the potential benefits derived from this
combined approach.

Streamline Business Efficiency
The cost savings and operational efficiencies that can be achieved through
the unification of physical and logical access control are numerous. In an
IT-centric access control model, the application software platform looks
and responds like any other native IT application, deployed and supported
by in-house IT staff. This access control model delivers a myriad of
benefits in a wide variety of environments, including government,
enterprise, education, and healthcare.

Cyber Secure
The number of high-profile data breaches that have taken place over the
past several years has been a source of great concern for security
professionals. From retail giant Target to the U.S. Office of Personnel
Management, the number of people whose personal data has been compromised
by hackers is astronomical. Given the increasing pace of migration to
digital technology, the chances that other networked-based systems might
become the next target have become undeniable. The growth of the Internet
of Things and the demand for a secure, mobile enterprise have opened doors
to streamlined business operations, but with this mobility comes
significant risk. Malicious viruses can either infiltrate or disable
IP-based devices, or hackers can use unsecured endpoints to gain access to
corporate networks.

Compliance
End users need to be asking their integrators about the types of compliance
tools that have been used on access control systems to better gauge the
cybersecurity safeguards in place in comparison with standards established
by industry bodies, such as PCI, NIST, etc. If bad actors are searching out
the vulnerabilities in access control, then we can assume malicious hackers
are, as well. That is why it is paramount that organizations take steps to
harden any networked-based system through rigorously tested access
management solutions.

It is clear that the role of IT in deploying security will only become more
involved moving forward. CISOs, CSOs, and IT security managers require
solutions that operate on the standards they’re used to seeing in their
environments, as well as ones that offer greater efficiencies and
cybersecurity safeguards. The days of closed systems and devices are coming
to an end, while the dawn of unified identity management solutions is just
beginning to break.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160505/2fbf1d5b/attachment.html>


More information about the BreachExchange mailing list