Home > Information Security Magazine > Features > Logical, physical security integration challenges
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Logical, physical security integration challenges
by Mark Diodati
Issue: Sep 2007
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >

For example, the SIM can correlate security events from a UNIX system with the physical access system and detect when a user has left the physical premises but tries to log in to the UNIX system console within the data center. Similarly, the SIM can correlate events from Microsoft Windows and the physical access system to spot when a user has physically entered the Los Angeles campus but authenticated to Active Directory via a workstation in Chicago.

SIM vendors include ArcSight, CA, IBM, Novell and EMC's RSA. Some SIM products are directly aimed at providing physical security event correlation. For example, 3VR's suite of products works by recording events to a digital video recorder (DVR) and indexing the events--which makes them searchable--from the local console or another SIM product.

Contextual Authorization
Let's take the previous example to the next "logical" step: Is it possible to stop the user from authenticating via the workstation in Chicago when we know that he "badged" into the Los Angeles office? That's the goal of PL contextual authorization. For example, Imprivata's OneSign product is capable of denying access to Active Directory and other IT platforms based upon wheth...



er the user has badged into the building.

What's Against This Union?
One major impediment to the success of PL convergence is the typical separation of the two departments responsible for physical and IT security. It's not an easy fix, as physical and IT security teams have separate reporting structures and haven't culturally mixed well. Essentially, there's been a distinct division between the security guards and the geeks.

In addition to organizational challenges, there are physical problems to overcome.

Due to acquisitions and other factors, most large organizations have a patchwork of physical access systems at varying stages of maturity. For instance, an organization with thousands of locations may have physical access technology from centuries-old lock-and-key systems to swipe-style (think credit card) to contactless systems. There are two dimensions to this patchwork problem. First, some of these physical systems lack the required interface to connect to IT systems, which precludes them from participating in PL convergence. Second, the multiplicity of different physical access systems generally prevents the use of a single authenticator for users who move between locations.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts