This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."
Download it now to read this article plus other related content.
|8 Convergence Tips|
Take these steps for a successful marriage of physical and IT security.
By Mark Diodati
Due to the complexity of integrating heterogeneous systems, reorganizing the organization's physical and IT security teams, upgrading physical access systems and reissuing credentials, PL convergence is an ongoing process and can take at least several years to complete. Survey the organizational environment, inventory your systems, and evaluate the benefits of convergence with a healthy sense of skepticism before you consider this effort.
Many of the benefits of PL convergence result from providing a single authenticator, which enhances usability and reduces management complexity. Before beginning a convergence project, consider reducing the number of authenticators and physical access systems. This reduction may require the replacement of older physical access technologies, including those components at each door. However, multi-technology door readers and smart cards can ease the transition to a single technology.
management system (CMS) A smart card management system is all but a requirement, unless you want to place significant burden
Many companies with successful PL convergence deployments have shifted the responsibility for physical and IT security to a single organization, which ensures that the two security teams cooperate and work toward the same goal. Oftentimes, these integrated organizations report to a common leader such as the CSO.
Identity management systems can provide enhanced usability, timely and efficient control of the user identity lifecycle across heterogeneous applications, and ease compliance. Most of the goals of PL convergence relate to identity management, so it makes sense for organizations to integrate the convergence effort into the larger identity management fabric.
Provisioning systems can help automate the identity lifecycle: new hires, departmental changes, terminations. Without integrating the CMS and provisioning systems, the organization opts to maintain two distinct islands of identity, each with a separate set of management processes.
This was first published in September 2007