This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."
Download it now to read this article plus other related content.
Integrating physical and logical security can bring many benefits to the enterprise, but a successful union isn't easy.
Typically, physical and logical security--also known as IT security--are separate operations in most enterprises. In fact, IT and physical security teams have tended to mix like oil and water. But marrying physical with logical security can reap considerable benefits.
Convergence enhances efficiency because user access to physical and IT resources is streamlined, reducing help desk calls. Employees can enjoy the ease of having a single device that gives them access to both the office building and the network. Better access management translates to improved security--and enhanced compliance with various regulatory requirements--because users only access the resources they are authorized to, and no more.
The U.S. government is sold on the benefits of physical and logical (PL) convergence. Its Personal Identity Verifi-cation (PIV) program, the result of Homeland Security Presidential Directive 12 (HSPD-12) (see "
However, any marriage takes work, and PL convergence is no exception. Just getting the two security teams together can be tricky. Then there's the complexity of combining heterogeneous systems, upgrading a patchwork of physical access systems, deploying smart cards and installing workstation software. We'll look at the challenges associated with PL convergence. What Are We Talking About, Exactly?
Physical and logical convergence sounds good to many IT security professionals, but there is some confusion about what it really is. PL convergence is about a single user authenticator and a single set of management processes for physical and IT identities and resources. The milestones for convergence--in typical order of maturity--are common authenticator, user lifecycle management, security information management and contextual authorization.
This was first published in September 2007