This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."
Download it now to read this article plus other related content.
User Lifecycle Management
Organizations must personalize smart cards to make them usable. Personalization processes include identity badging (graphically printing the user's photo on the face of the smart card), certificate procurement (enrolling an X.509 certificate on behalf of the user and storing the certificate and associated private key on the smart card), and binding the smart card to the physical access system.
Yet there's a well-known axiom in the PL world: the greater the level of personalization, the more management complexity. As a result, most PL convergence deployments require a smart card management system (CMS). The CMS does the heavy lifting of smart card personalization. CMS vendors include ActivIdentity, Bell ID, Intercede, and EMC's RSA security division. In addition, the integration maturity between CMSes and identity management provisioning systems has greatly improved over the past 12 months. Identity management vendors include CA, Hewlett-Packard, IBM and Sun Microsystems. Of the CMS vendors, the ActivIdentity CMS has the best integration with provisioning systems.
PL user lifecycle management improves efficiency and boosts security and compliance--benefits that are more pronounced when the CMS is integrated with the provisioning system. New hires get access to both physical and logical resources in a timely manner. When an employee leaves the company, his access is quickly terminated across physical and logical resources. By
Security Information Management
Security information management (SIM) systems are becoming a staple in the enterprise. They consolidate and correlate user activity to provide a holistic view of user activity across the network for compliance and forensic purposes. While the integration of IT security audit events into SIM systems is relatively straightforward, incorporation of security events from physical access systems is a mixed bag depending on maturity of the physical access system. For the most part, however, integration is possible and valuable for flagging potential security breaches.
This was first published in September 2007