classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017


Security versus convenient access
November 2016, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions, IT infrastructure

Like it or not, in the application economy every enterprise is now in the software business and the challenges ahead are daunting. Budget constraints continue to be a common obstacle, but they are closely followed by security concerns.

Many have found that protecting the identity of users and safeguarding sensitive data is easier said than done when contending with:

Exploding user and application populations. The sheer volume of applications, their rate of change and the diversity of end-users has never been greater. To enable and protect the business, enterprises must efficiently manage:

a) the identities of this growing user base, and

b) their access to the appropriate applications.

The externalisation of IT. In order to meet the break-neck pace of application demand while keeping costs low, businesses have turned to cloud-based deployment models. Moreover, enterprises are increasingly embracing partner-delivered services and third-party applications to enhance their line-up of digital experiences. This diversity in application environments has erased the once well-defined boundaries of an enterprise, introducing new security considerations.

Varied endpoints. Applications are everywhere – as are the employees, partners and customers accessing them. And, these users are leveraging a dizzying array of devices, from PCs and tablets to smartphones and wearables. In order to protect the business and grant the appropriate level of access, organisations must authenticate each user and each endpoint.

As digital interactions increase in volume and complexity, identity and access security have become more critical for both the organisation and end user. However, security measures should not be achieved at the cost of convenience. Today, intuitive and easy-to-use functionality drive applications are ripe for adoption. If a customer has to jump through awkward authentication hurdles, they will not hesitate to look elsewhere. And if an employee, partner or contractor must juggle multiple logins to gain access to essential services, frustration will quickly grow while productivity plummets.

In this culture, where security is paramount and the user experience is king, the ultimate goal is to provide users with easy and secure access to the applications they require – whether on premise or in the cloud – based on their identity, role and associated entitlements.

Appropriate security levels

So, how do we ensure appropriate security levels within this complex and rapidly evolving application economy?

The answer lies in a centralised identity and access management (IAM) service. This approach ensures all identity-related functions, such as authentication – and ultimately authorisation – are consistently managed by the enterprise and executed reliably across diverse channels. And true to the trends, many have begun to leverage IAM as a hosted cloud service for its cost-saving, flexible and elastic qualities. Utilising this elastic model, one can quickly obtain enterprise-grade IAM security capabilities without having to deploy or manage the large IT infrastructure typically associated with on premise solutions.

What are the drivers of cloud IAM adoption? They include:

• The need to expand or contract identity services based on the current needs of the business.

• A requirement to reduce resource and cost pressures. The cloud-based model eliminates the need for the procurement of hardware, facilities, security specialists and other expensive IT infrastructure to support on-premise solutions.

• The demand for accelerating the release of new business services with centralised and consistent IAM across on premise and cloud-based apps.

Application and user numbers are undeniably on the rise. In fact, it is not uncommon for operations to manage a customer user base of one million-plus and/or an employee, partner and contractor population in the hundreds of thousands. IAM as-a-Service enables you to centrally manage identities from account creation and assignment of access rights to fielding access requests and managing related user attributes.

Security and authentication will be more important to enterprises in the next two years as it will have higher visibility from executives because of recent data breaches. Forecasters predict that mobile phones and devices will be the authenticator used by most. When it comes to authentication, enterprises and end-users want two things – simple and secure. Organisations want ‘zero-touch authentication’ to deliver as frictionless and password-free an experience for their customers and employees as possible, and the mobile device will be a key element.

The shift from identity management to identity access security is another predication. Data breaches have hinged on compromising a user identity and new systems will require identity and access security that is intelligent, contextual and verifiable.

The flood of recent international breaches also means that identity management and authentication will have a higher profile in the boardroom. Corporate executives and boards will be held accountable for breaches that damage their corporate brand. This will increase their level of involvement in security strategy and governance. Security will shift from an IT problem to a business executive problem.

Physical and logical convergence

With smartcard-based physical access already in place at many enterprises, the next logical step is to provide the same level of protection for digital assets. Physical access control provides a first line of defence, but a multi-layered approach is required for truly proactive security. As such, there is a compelling argument to implement smartcards for logical access.

In fact, businesses are beginning to realise the benefits in cost savings, ease of use and increased security by ‘marrying’ physical and logical access control onto a single platform. Instead of adding technological and management complexities by having separate access control systems for physical facilities and electronic data, it makes more sense to combine the two solutions and gain higher assurance, cost savings, efficiency and ease of use.

The marriage of physical and logical access into a single solution builds an infrastructure of increased trust. Deploying smart cards to employees, partners and other key individuals is a proactive enterprise approach to higher assurance. Except for information that requires little or no protection, user names and passwords will one day be considered an unacceptable access control mechanism, as they are easily forgotten or compromised.

The multi-factor authentication and PKI architecture offered by smartcards vastly decreases the likelihood of unauthorised users gaining access to sensitive data. Today’s credential management solutions help manage heterogeneous environments that combine all of the normal access management models such as passwords, software certificates and hard physical tokens, allowing migration by department or groups from one model to the next and so on.

Ease of use is another compelling argument for marrying physical and logical access onto a single platform. Users will not have to carry multiple credentials, nor will they need to remember multiple passwords or PINs to access applications and data. Instead, they will have one smart card that can be used for everything.

Collaborate and integrate

Many companies consider integrating physical and logical security to be a technical effort. Logical and physical security organisational structures are typically described as two silos, each reporting up through different management structures. While this is not ideal, the organisational chasm can be bridged by having physical security participate by collaborating with the integration of the two systems.

With the use of embedded identity analytics, administrators will be able to drill down into potential ‘road blocks’ existing in logical and physical identity lifecycle management processes, allowing the identification of areas of process inefficiency and to ensure meeting business service level agreements.

One thing is certain, everything revolves around positive identification that can be audited and potentially used in court for prosecution. Perhaps most importantly, though, such an integrated system brings down the barriers that have stalled the convergence of physical and logical access control systems for so long.

IT departments and facilities management staff can finally work together to become more efficient and eliminate security gaps in the process, once an IT and user-friendly building security system has been acquired.

Privileged access management portfolio

CA Technologies has released enhancements to its comprehensive privileged access management portfolio, giving customers control over the privileged accounts that support a hybrid IT environment and are a frequent vector for cyber attacks.

By updating and integrating CA Privileged Access Manager (formerly Xceedium Xsuite) and CA Privileged Access Manager Server Control, CA helps reduce the risk of data breaches by extending the depth and breadth of control over privileged users, from the gateway to the server and from the database to the cloud – all from a single management console.

Says Michael Horn, CA Southern Africa, security business unit manager, “In any cyberattack, bad actors have a single goal in mind – elevate privilege in order to get access to the most sensitive systems and data. And if the attacker is a disgruntled insider, he or she may already have that access. CA’s privileged access management solutions help protect an organisation’s most sensitive systems and information.”

CA Privileged Access Manager allows customers to implement controls at the network gateway, managing privileged user access to systems and applications based on the identity of the individual user. CA Privileged Access Manager Server Control resides on the server and manages user activity based on resource protection, with policies that control file access and actions taken on the server. This prevents bad actors from covering their tracks and helps accelerate breach discovery.

With the enhancements, customers can consistently manage and control privileged users at both the network and the server. When an IT administrator accesses a system, CA Privileged Access Manager automatically triggers CA’s Server Control product and to apply policies on the server resources based on the individual’s identity vs. simply the administrator account. This provides a more detailed and granular level of access control.

In addition, CA Privileged Access Manager has expanded integration with service management tools to further streamline privileged user provisioning and de-provisioning for those individuals who only require short-term privileged user access, such as temporary employees or contractors.

Michael Horn, CA Southern Africa's security business unit leader.
Michael Horn, CA Southern Africa's security business unit leader.

Biography: Michael Horn

Michael Horn is the CA Southern Africa security business unit manager. Over the past three decades Michael has accumulated extensive specialist skills based on real-world exposure to: architecting; implementing – including the operational management – of a variety of information security technologies. Michael is a Certified Information Systems Security Professional (CISSP) and the author of several publications. Michael has experience in a wide range of identity and access management technologies including advanced authentication, identity consolidation, unified access management and privileged access management.

For more information contact Michael Horn, CA Southern Africa, +27 (0)11 417 8765, michael.horn@caafrica.co.za.


Credit(s)
Supplied By: CA Southern Africa
Tel: +27 11 417 8594
Fax: +27 11 417 8691
Email: heidi.ziegelmeier@caafrica.co.za
www: www.ca.com/za
  Share via Twitter   Share via LinkedIn      

Further reading:

  • The Battle: Human vs Machine
    October 2017, C3 Shared Services, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring
    The concept of video analytics technology is to present only the information that will require an operator’s immediate attention.
  • Measurable policies and multi-layered approach hit the mother lode
    October 2017, This Week's Editor's Pick, Integrated Solutions, Mining (Industry)
    Securing mines is often a logistical nightmare as threats from common thieves to illegal miners are added to the inherent safety and security risks synonymous with mine complexes.
  • What’s in a platform?
    October 2017, Milestone Systems, Naxian Systems, Genetec, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
    Hi-Tech Security Solutions looks at what today’s security management platforms offer users from both small and large organisations.
  • Changing the SMB VMS landscape
    October 2017, Pelco by Schneider Electric, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
    Video surveillance innovations have changed the landscape for enterprise security with the ability to provide real-time monitoring, forensic investigations, risk mitigation and business operations management.
  • Trends in intruder detection
    October 2017, Elvey, Secutel Technologies, This Week's Editor's Pick, Access Control & Identity Management, Perimeter Security, Alarms & Intruder Detection
    Ease of use, integration and visual verification rule the roost in the modern intruder solution.
  • OT-Morpho becomes IDEMIA
    October 2017, News, Access Control & Identity Management
    The result of the merger of Oberthur Technologies (OT) and Safran Identity & Security (Morpho), the OT-Morpho Group has became IDEMIA.
  • Invixium integrates with Paxton
    October 2017, Paxton Access, News, Access Control & Identity Management
    Paxton has announced the integration of its networked access control system, Net2, with Invixium’s biometric software, IXM WEB.
  • Comb’s innovation showcase
    October 2017, Comb Communications, News, Access Control & Identity Management
    In September, Comb Communications held its Innovation Showcase 2017 at La Toscanna, Montecasino, and hosted close to 200 delegates.
  • Controlsoft awarded the HID European Partner Award
    October 2017, Controlsoft South Africa, News, Access Control & Identity Management
    Controlsoft was recently awarded the HID European Partner Award for Europe for PACS (Physical Access Control) in 2016.
  • Security professionals meet with the regulator
    October 2017, South African Institute of Security (SAIS), This Week's Editor's Pick, Security Services & Risk Management, Associations
    Dave Dodge, chairman of the South African Institute of Security (SAIS) and PSiRA CEO, Manabela Chauke sat down with other role players for an open discussion, the first of many.
  • ESDA golf day delivers R35 000 to charity
    October 2017, ESDA (Electronic Security Distributors Association, This Week's Editor's Pick, News, Associations
    The ESDA 2017 Charity Golf Day was held on 6 September 2017 at the Glendower Golf Course.
  • Causes of fatigue
    October 2017, Leaderware, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
    The security industry has many regulations, but in an industry where the type of work and other conditions lend themselves to fatigue, there is little on the handling of fatigue.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.