Logical, physical security integration challenges


This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."

Download it now to read this article plus other related content.

User Lifecycle Management
Organizations must personalize smart cards to make them usable. Personalization processes include identity badging (graphically printing the user's photo on the face of the smart card), certificate procurement (enrolling an X.509 certificate on behalf of the user and storing the certificate and associated private key on the smart card), and binding the smart card to the physical access system.

Yet there's a well-known axiom in the PL world: the greater the level of personalization, the more management complexity. As a result, most PL convergence deployments require a smart card management system (CMS). The CMS does the heavy lifting of smart card personalization. CMS vendors include ActivIdentity, Bell ID, Intercede, and EMC's RSA security division. In addition, the integration maturity between CMSes and identity management provisioning systems has greatly improved over the past 12 months. Identity management vendors include CA, Hewlett-Packard, IBM and Sun Microsystems. Of the CMS vendors, the ActivIdentity CMS has the best integration with provisioning systems.

PL user lifecycle management improves efficiency and boosts security and compliance--benefits that are more pronounced when the CMS is integrated with the provisioning system. New hires get access to both physical and logical resources in a timely manner. When an employee leaves the company, his access is quickly terminated across physical and logical resources. By

    Requires Free Membership to View

quickly shutting off access after termination and providing a framework that supports minimum necessary access, PL user lifecycle management enhances compliance efforts. Nearly all regulatory requirements--from HIPAA and SOX to the Pay-ment Card Industry Data Security Standard--require strong access control policies.

Security Information Management
Security information management (SIM) systems are becoming a staple in the enterprise. They consolidate and correlate user activity to provide a holistic view of user activity across the network for compliance and forensic purposes. While the integration of IT security audit events into SIM systems is relatively straightforward, incorporation of security events from physical access systems is a mixed bag depending on maturity of the physical access system. For the most part, however, integration is possible and valuable for flagging potential security breaches.

This was first published in September 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: