Security versus convenient access

Access & Identity Management Handbook 2017 Editor's Choice, Access Control & Identity Management, Integrated Solutions, Infrastructure

Like it or not, in the application economy every enterprise is now in the software business and the challenges ahead are daunting. Budget constraints continue to be a common obstacle, but they are closely followed by security concerns.

Many have found that protecting the identity of users and safeguarding sensitive data is easier said than done when contending with:

Exploding user and application populations. The sheer volume of applications, their rate of change and the diversity of end-users has never been greater. To enable and protect the business, enterprises must efficiently manage:

a) the identities of this growing user base, and

b) their access to the appropriate applications.

The externalisation of IT. In order to meet the break-neck pace of application demand while keeping costs low, businesses have turned to cloud-based deployment models. Moreover, enterprises are increasingly embracing partner-delivered services and third-party applications to enhance their line-up of digital experiences. This diversity in application environments has erased the once well-defined boundaries of an enterprise, introducing new security considerations.

Varied endpoints. Applications are everywhere – as are the employees, partners and customers accessing them. And, these users are leveraging a dizzying array of devices, from PCs and tablets to smartphones and wearables. In order to protect the business and grant the appropriate level of access, organisations must authenticate each user and each endpoint.

As digital interactions increase in volume and complexity, identity and access security have become more critical for both the organisation and end user. However, security measures should not be achieved at the cost of convenience. Today, intuitive and easy-to-use functionality drive applications are ripe for adoption. If a customer has to jump through awkward authentication hurdles, they will not hesitate to look elsewhere. And if an employee, partner or contractor must juggle multiple logins to gain access to essential services, frustration will quickly grow while productivity plummets.

In this culture, where security is paramount and the user experience is king, the ultimate goal is to provide users with easy and secure access to the applications they require – whether on premise or in the cloud – based on their identity, role and associated entitlements.

Appropriate security levels

So, how do we ensure appropriate security levels within this complex and rapidly evolving application economy?

The answer lies in a centralised identity and access management (IAM) service. This approach ensures all identity-related functions, such as authentication – and ultimately authorisation – are consistently managed by the enterprise and executed reliably across diverse channels. And true to the trends, many have begun to leverage IAM as a hosted cloud service for its cost-saving, flexible and elastic qualities. Utilising this elastic model, one can quickly obtain enterprise-grade IAM security capabilities without having to deploy or manage the large IT infrastructure typically associated with on premise solutions.

What are the drivers of cloud IAM adoption? They include:

• The need to expand or contract identity services based on the current needs of the business.

• A requirement to reduce resource and cost pressures. The cloud-based model eliminates the need for the procurement of hardware, facilities, security specialists and other expensive IT infrastructure to support on-premise solutions.

• The demand for accelerating the release of new business services with centralised and consistent IAM across on premise and cloud-based apps.

Application and user numbers are undeniably on the rise. In fact, it is not uncommon for operations to manage a customer user base of one million-plus and/or an employee, partner and contractor population in the hundreds of thousands. IAM as-a-Service enables you to centrally manage identities from account creation and assignment of access rights to fielding access requests and managing related user attributes.

Security and authentication will be more important to enterprises in the next two years as it will have higher visibility from executives because of recent data breaches. Forecasters predict that mobile phones and devices will be the authenticator used by most. When it comes to authentication, enterprises and end-users want two things – simple and secure. Organisations want ‘zero-touch authentication’ to deliver as frictionless and password-free an experience for their customers and employees as possible, and the mobile device will be a key element.

The shift from identity management to identity access security is another predication. Data breaches have hinged on compromising a user identity and new systems will require identity and access security that is intelligent, contextual and verifiable.

The flood of recent international breaches also means that identity management and authentication will have a higher profile in the boardroom. Corporate executives and boards will be held accountable for breaches that damage their corporate brand. This will increase their level of involvement in security strategy and governance. Security will shift from an IT problem to a business executive problem.

Physical and logical convergence

With smartcard-based physical access already in place at many enterprises, the next logical step is to provide the same level of protection for digital assets. Physical access control provides a first line of defence, but a multi-layered approach is required for truly proactive security. As such, there is a compelling argument to implement smartcards for logical access.

In fact, businesses are beginning to realise the benefits in cost savings, ease of use and increased security by ‘marrying’ physical and logical access control onto a single platform. Instead of adding technological and management complexities by having separate access control systems for physical facilities and electronic data, it makes more sense to combine the two solutions and gain higher assurance, cost savings, efficiency and ease of use.

The marriage of physical and logical access into a single solution builds an infrastructure of increased trust. Deploying smart cards to employees, partners and other key individuals is a proactive enterprise approach to higher assurance. Except for information that requires little or no protection, user names and passwords will one day be considered an unacceptable access control mechanism, as they are easily forgotten or compromised.

The multi-factor authentication and PKI architecture offered by smartcards vastly decreases the likelihood of unauthorised users gaining access to sensitive data. Today’s credential management solutions help manage heterogeneous environments that combine all of the normal access management models such as passwords, software certificates and hard physical tokens, allowing migration by department or groups from one model to the next and so on.

Ease of use is another compelling argument for marrying physical and logical access onto a single platform. Users will not have to carry multiple credentials, nor will they need to remember multiple passwords or PINs to access applications and data. Instead, they will have one smart card that can be used for everything.

Collaborate and integrate

Many companies consider integrating physical and logical security to be a technical effort. Logical and physical security organisational structures are typically described as two silos, each reporting up through different management structures. While this is not ideal, the organisational chasm can be bridged by having physical security participate by collaborating with the integration of the two systems.

With the use of embedded identity analytics, administrators will be able to drill down into potential ‘road blocks’ existing in logical and physical identity lifecycle management processes, allowing the identification of areas of process inefficiency and to ensure meeting business service level agreements.

One thing is certain, everything revolves around positive identification that can be audited and potentially used in court for prosecution. Perhaps most importantly, though, such an integrated system brings down the barriers that have stalled the convergence of physical and logical access control systems for so long.

IT departments and facilities management staff can finally work together to become more efficient and eliminate security gaps in the process, once an IT and user-friendly building security system has been acquired.

Privileged access management portfolio

CA Technologies has released enhancements to its comprehensive privileged access management portfolio, giving customers control over the privileged accounts that support a hybrid IT environment and are a frequent vector for cyber attacks.

By updating and integrating CA Privileged Access Manager (formerly Xceedium Xsuite) and CA Privileged Access Manager Server Control, CA helps reduce the risk of data breaches by extending the depth and breadth of control over privileged users, from the gateway to the server and from the database to the cloud – all from a single management console.

Says Michael Horn, CA Southern Africa, security business unit manager, “In any cyberattack, bad actors have a single goal in mind – elevate privilege in order to get access to the most sensitive systems and data. And if the attacker is a disgruntled insider, he or she may already have that access. CA’s privileged access management solutions help protect an organisation’s most sensitive systems and information.”

CA Privileged Access Manager allows customers to implement controls at the network gateway, managing privileged user access to systems and applications based on the identity of the individual user. CA Privileged Access Manager Server Control resides on the server and manages user activity based on resource protection, with policies that control file access and actions taken on the server. This prevents bad actors from covering their tracks and helps accelerate breach discovery.

With the enhancements, customers can consistently manage and control privileged users at both the network and the server. When an IT administrator accesses a system, CA Privileged Access Manager automatically triggers CA’s Server Control product and to apply policies on the server resources based on the individual’s identity vs. simply the administrator account. This provides a more detailed and granular level of access control.

In addition, CA Privileged Access Manager has expanded integration with service management tools to further streamline privileged user provisioning and de-provisioning for those individuals who only require short-term privileged user access, such as temporary employees or contractors.

Michael Horn, CA Southern Africa's security business unit leader.
Michael Horn, CA Southern Africa's security business unit leader.

Biography: Michael Horn

Michael Horn is the CA Southern Africa security business unit manager. Over the past three decades Michael has accumulated extensive specialist skills based on real-world exposure to: architecting; implementing – including the operational management – of a variety of information security technologies. Michael is a Certified Information Systems Security Professional (CISSP) and the author of several publications. Michael has experience in a wide range of identity and access management technologies including advanced authentication, identity consolidation, unified access management and privileged access management.

For more information contact Michael Horn, CA Southern Africa, +27 (0)11 417 8765, [email protected].





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Identity, Security & Access Alliance focuses on intelligence and integration
SMART Security Solutions Ideco Biometrics BoomGate Systems Bosch Building Technologies Technews Publishing Integrated Solutions Surveillance Access Control & Identity Management
The Identity, Security & Access Alliance (ISAA) hosted several launch events in Johannesburg in August, showcasing the participating companies’ technical solutions with a primary focus on the solutions made possible by integrating high-quality systems to deliver comprehensive solutions.

Read more...
Make BIG and COMPLEX small and manageable
neaMetrics Suprema AI & Data Analytics Surveillance Integrated Solutions
Traditional CCTV and access systems often operate separately, creating gaps in visibility and efficiency. TRASSIR and Suprema have partnered to develop an integrated platform that improves security, operations, and situational awareness.

Read more...
Get the AI fundamentals right
Technews Publishing SMART Security Solutions Leaderware Editor's Choice Surveillance AI & Data Analytics
Much of the marketing for CCTV AI detection implies the client can just drop the AI into their existing systems and operations, and they will be detecting all criminals and be far more efficient when doing it.

Read more...
SMART Surveillance Conference in Johannesburg
Arteco Global Africa Technews Publishing SMART Security Solutions Axis Communications SA neaMetrics Editor's Choice Surveillance Security Services & Risk Management Logistics (Industry) AI & Data Analytics
SMART Security Solutions hosted its annual SMART Surveillance Conference in Johannesburg in July, welcoming several guests, sponsors, and speakers for an informative and enjoyable day examining the evolution of the surveillance market.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Hytera supports communication upgrade for Joburg
News & Events Infrastructure Government and Parastatal (Industry)
By equipping Johannesburg’s metro police and emergency services with multimode radios which integrate TETRA and LTE networks, Hytera is bridging coverage gaps and improving response times across the city.

Read more...
South African fire standards in a nutshell
Fire & Safety Editor's Choice Training & Education
The importance of compliant fire detection systems and proper fire protection cannot be overstated, especially for businesses. Statistics reveal that 44% of businesses fail to reopen after a fire.

Read more...
IoT-driven smart data to stay ahead
IoT & Automation Infrastructure AI & Data Analytics
In a world where uncertainty is constant, the real competitive edge lies in foresight. Businesses that turn real-time data into proactive strategies will not just survive, they will lead.

Read more...
LidarVision for substation security
Fire & Safety Government and Parastatal (Industry) Editor's Choice
EG.D supplies electricity to 2,7 million people in the southern regions of the Czech Republic, on the borders of Austria and Germany. The company operates and maintains infrastructure, including power lines and high-voltage transformer substations.

Read more...
Standards for fire detection
Fire & Safety Associations Editor's Choice
In previous articles in the series on fire standards, Nick Collins discussed SANS 10400-T and SANS 10139. In this editorial, he continues with SANS 322 – Fire Detection and Alarm Systems for Hospitals.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.