This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."
Download it now to read this article plus other related content.
|8 Convergence Tips (continued)|
Take these steps for a successful marriage of physical and IT security.
By Mark Diodati
eSSO systems reduce the number of user logons by replaying usernames and passwords into those applications that require them. Users authenticate once, and are transparently logged on to applications as they click on them. The use of smart cards at the workstation requires the deployment of middleware, so why not make the user's life a little easier by deploying an eSSO client at the same time? One common identity management trend--regardless of any PL convergence goals--is the coupling of stronger authentication systems like smart cards with eSSO systems because it mitigates the "keys to the kingdom" problem.
Employees will lose their smart cards or leave them at home and get locked out of buildings and IT systems. Emergency access procedures ensure that users can continue to work without their smart card. Some tricks of the trade include self-service kiosks in the building entrance where employees can authenticate and get a temporary smart card, and the use of IT software management tools to temporarily allow the user to authenticate with a password instead of a smart card.
Egress badging is an important tool to help determine when an employee has left the facilities. However, its implementation requires reconfiguration of the building entrance, and also that the user badge out when leaving the building, which can cause traffic jams at the door on a Friday. All is not lost, however, if egress badging cannot be implemented. Some PL convergence systems support a "best guess" algorithm to determine if a user is still in the building. For example, if it's 3 a.m., the system will assume the user is not in the building.
This was first published in September 2007