Home > Information Security Magazine > Features > Marriage of Convenience
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Marriage of Convenience
by Mark Diodati
Issue: Sep 2007
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >

User Lifecycle Management
Organizations must personalize smart cards to make them usable. Personalization processes include identity badging (graphically printing the user's photo on the face of the smart card), certificate procurement (enrolling an X.509 certificate on behalf of the user and storing the certificate and associated private key on the smart card), and binding the smart card to the physical access system.

Yet there's a well-known axiom in the PL world: the greater the level of personalization, the more management complexity. As a result, most PL convergence deployments require a smart card management system (CMS). The CMS does the heavy lifting of smart card personalization. CMS vendors include ActivIdentity, Bell ID, Intercede, and EMC's RSA security division. In addition, the integration maturity between CMSes and identity management provisioning systems has greatly improved over the past 12 months. Identity management vendors include CA, Hewlett-Packard, IBM and Sun Microsystems. Of the CMS vendors, the ActivIdentity CMS has the best integration with provisioning systems.

PL user lifecycle management improves efficiency and boosts security and compliance--benefits that are more pronounced when the CMS is integrated with the provisioning system. New hires get access to both physical and logical resources in a timely manner. When an employee leaves the company, his access is quickly terminated across physical and logical resources. By quickly shutting off access after termination and providing a framework that supports minimum necessary access, PL user lifecycle management enhances compliance efforts. Nearly all regulatory requirements--from HIPAA and SOX to the Pay-ment Card Industry Data Security Standard--require strong access control policies.

Security Information Management
Security information management (SIM) systems are becoming a staple in the enterprise. They consolidate and correlate user activity to provide a holistic view of user activity across the network for compliance and forensic purposes. While the integration of IT security audit events into SIM systems is relatively straightforward, incorporation of security events from physical access systems is a mixed bag depending on maturity of the physical access system. For the most part, however, integration is possible and valuable for flagging potential security breaches.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts