classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory


Security versus convenient access
November 2016, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions, IT infrastructure

Like it or not, in the application economy every enterprise is now in the software business and the challenges ahead are daunting. Budget constraints continue to be a common obstacle, but they are closely followed by security concerns.

Many have found that protecting the identity of users and safeguarding sensitive data is easier said than done when contending with:

Exploding user and application populations. The sheer volume of applications, their rate of change and the diversity of end-users has never been greater. To enable and protect the business, enterprises must efficiently manage:

a) the identities of this growing user base, and

b) their access to the appropriate applications.

The externalisation of IT. In order to meet the break-neck pace of application demand while keeping costs low, businesses have turned to cloud-based deployment models. Moreover, enterprises are increasingly embracing partner-delivered services and third-party applications to enhance their line-up of digital experiences. This diversity in application environments has erased the once well-defined boundaries of an enterprise, introducing new security considerations.

Varied endpoints. Applications are everywhere – as are the employees, partners and customers accessing them. And, these users are leveraging a dizzying array of devices, from PCs and tablets to smartphones and wearables. In order to protect the business and grant the appropriate level of access, organisations must authenticate each user and each endpoint.

As digital interactions increase in volume and complexity, identity and access security have become more critical for both the organisation and end user. However, security measures should not be achieved at the cost of convenience. Today, intuitive and easy-to-use functionality drive applications are ripe for adoption. If a customer has to jump through awkward authentication hurdles, they will not hesitate to look elsewhere. And if an employee, partner or contractor must juggle multiple logins to gain access to essential services, frustration will quickly grow while productivity plummets.

In this culture, where security is paramount and the user experience is king, the ultimate goal is to provide users with easy and secure access to the applications they require – whether on premise or in the cloud – based on their identity, role and associated entitlements.

Appropriate security levels

So, how do we ensure appropriate security levels within this complex and rapidly evolving application economy?

The answer lies in a centralised identity and access management (IAM) service. This approach ensures all identity-related functions, such as authentication – and ultimately authorisation – are consistently managed by the enterprise and executed reliably across diverse channels. And true to the trends, many have begun to leverage IAM as a hosted cloud service for its cost-saving, flexible and elastic qualities. Utilising this elastic model, one can quickly obtain enterprise-grade IAM security capabilities without having to deploy or manage the large IT infrastructure typically associated with on premise solutions.

What are the drivers of cloud IAM adoption? They include:

• The need to expand or contract identity services based on the current needs of the business.

• A requirement to reduce resource and cost pressures. The cloud-based model eliminates the need for the procurement of hardware, facilities, security specialists and other expensive IT infrastructure to support on-premise solutions.

• The demand for accelerating the release of new business services with centralised and consistent IAM across on premise and cloud-based apps.

Application and user numbers are undeniably on the rise. In fact, it is not uncommon for operations to manage a customer user base of one million-plus and/or an employee, partner and contractor population in the hundreds of thousands. IAM as-a-Service enables you to centrally manage identities from account creation and assignment of access rights to fielding access requests and managing related user attributes.

Security and authentication will be more important to enterprises in the next two years as it will have higher visibility from executives because of recent data breaches. Forecasters predict that mobile phones and devices will be the authenticator used by most. When it comes to authentication, enterprises and end-users want two things – simple and secure. Organisations want ‘zero-touch authentication’ to deliver as frictionless and password-free an experience for their customers and employees as possible, and the mobile device will be a key element.

The shift from identity management to identity access security is another predication. Data breaches have hinged on compromising a user identity and new systems will require identity and access security that is intelligent, contextual and verifiable.

The flood of recent international breaches also means that identity management and authentication will have a higher profile in the boardroom. Corporate executives and boards will be held accountable for breaches that damage their corporate brand. This will increase their level of involvement in security strategy and governance. Security will shift from an IT problem to a business executive problem.

Physical and logical convergence

With smartcard-based physical access already in place at many enterprises, the next logical step is to provide the same level of protection for digital assets. Physical access control provides a first line of defence, but a multi-layered approach is required for truly proactive security. As such, there is a compelling argument to implement smartcards for logical access.

In fact, businesses are beginning to realise the benefits in cost savings, ease of use and increased security by ‘marrying’ physical and logical access control onto a single platform. Instead of adding technological and management complexities by having separate access control systems for physical facilities and electronic data, it makes more sense to combine the two solutions and gain higher assurance, cost savings, efficiency and ease of use.

The marriage of physical and logical access into a single solution builds an infrastructure of increased trust. Deploying smart cards to employees, partners and other key individuals is a proactive enterprise approach to higher assurance. Except for information that requires little or no protection, user names and passwords will one day be considered an unacceptable access control mechanism, as they are easily forgotten or compromised.

The multi-factor authentication and PKI architecture offered by smartcards vastly decreases the likelihood of unauthorised users gaining access to sensitive data. Today’s credential management solutions help manage heterogeneous environments that combine all of the normal access management models such as passwords, software certificates and hard physical tokens, allowing migration by department or groups from one model to the next and so on.

Ease of use is another compelling argument for marrying physical and logical access onto a single platform. Users will not have to carry multiple credentials, nor will they need to remember multiple passwords or PINs to access applications and data. Instead, they will have one smart card that can be used for everything.

Collaborate and integrate

Many companies consider integrating physical and logical security to be a technical effort. Logical and physical security organisational structures are typically described as two silos, each reporting up through different management structures. While this is not ideal, the organisational chasm can be bridged by having physical security participate by collaborating with the integration of the two systems.

With the use of embedded identity analytics, administrators will be able to drill down into potential ‘road blocks’ existing in logical and physical identity lifecycle management processes, allowing the identification of areas of process inefficiency and to ensure meeting business service level agreements.

One thing is certain, everything revolves around positive identification that can be audited and potentially used in court for prosecution. Perhaps most importantly, though, such an integrated system brings down the barriers that have stalled the convergence of physical and logical access control systems for so long.

IT departments and facilities management staff can finally work together to become more efficient and eliminate security gaps in the process, once an IT and user-friendly building security system has been acquired.

Privileged access management portfolio

CA Technologies has released enhancements to its comprehensive privileged access management portfolio, giving customers control over the privileged accounts that support a hybrid IT environment and are a frequent vector for cyber attacks.

By updating and integrating CA Privileged Access Manager (formerly Xceedium Xsuite) and CA Privileged Access Manager Server Control, CA helps reduce the risk of data breaches by extending the depth and breadth of control over privileged users, from the gateway to the server and from the database to the cloud – all from a single management console.

Says Michael Horn, CA Southern Africa, security business unit manager, “In any cyberattack, bad actors have a single goal in mind – elevate privilege in order to get access to the most sensitive systems and data. And if the attacker is a disgruntled insider, he or she may already have that access. CA’s privileged access management solutions help protect an organisation’s most sensitive systems and information.”

CA Privileged Access Manager allows customers to implement controls at the network gateway, managing privileged user access to systems and applications based on the identity of the individual user. CA Privileged Access Manager Server Control resides on the server and manages user activity based on resource protection, with policies that control file access and actions taken on the server. This prevents bad actors from covering their tracks and helps accelerate breach discovery.

With the enhancements, customers can consistently manage and control privileged users at both the network and the server. When an IT administrator accesses a system, CA Privileged Access Manager automatically triggers CA’s Server Control product and to apply policies on the server resources based on the individual’s identity vs. simply the administrator account. This provides a more detailed and granular level of access control.

In addition, CA Privileged Access Manager has expanded integration with service management tools to further streamline privileged user provisioning and de-provisioning for those individuals who only require short-term privileged user access, such as temporary employees or contractors.

Michael Horn, CA Southern Africa's security business unit leader.
Michael Horn, CA Southern Africa's security business unit leader.

Biography: Michael Horn

Michael Horn is the CA Southern Africa security business unit manager. Over the past three decades Michael has accumulated extensive specialist skills based on real-world exposure to: architecting; implementing – including the operational management – of a variety of information security technologies. Michael is a Certified Information Systems Security Professional (CISSP) and the author of several publications. Michael has experience in a wide range of identity and access management technologies including advanced authentication, identity consolidation, unified access management and privileged access management.

For more information contact Michael Horn, CA Southern Africa, +27 (0)11 417 8765, michael.horn@caafrica.co.za.


  Share via Twitter   Share via LinkedIn      

Further reading:

  • Smart services reduce costs
    May 2017, This Week's Editor's Pick, Asset Management, EAS, RFID, News, Integrated Solutions, Security Services & Risk Management
    Naxian’s smart services deliver lower maintenance costs and require fewer resources to manage electronic security installations as it streamlines the move to a service-oriented industry.
  • More than verification
    May 2017, iFacts, This Week's Editor's Pick, Security Services & Risk Management
    Employee verification covers a lot of ground as it confirms people’s identities, qualifications and more, but perhaps it’s time to look a bit deeper.
  • Securex 2017 Preview
    Securex 2017 preview, Technews Publishing, This Week's Editor's Pick
    Hi-Tech Security Solutions looks at a few of the companies and products you can expect to see at Securex 2017 from 30 May to 1 June at Gallagher Convention Centre in Midrand.
  • From the inside out
    May 2017, This Week's Editor's Pick, Perimeter Security, Alarms & Intruder Detection, Integrated Solutions
    When it comes to large areas that need to be secured, protecting your perimeter is a complex task.
  • Trusted Platform Module explained
    May 2017, Bosch Security Systems, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Cyber Security
    Bosch IP cameras, encoders and selected storage systems have an onboard security chip – actually a system-on-a-chip called the Trusted Platform Module – that provides functionality similar to crypto smartcards.
  • Morpho goes extreme
    May 2017, Morpho South Africa, This Week's Editor's Pick, Access Control & Identity Management, Asset Management, EAS, RFID, News, Security Services & Risk Management
    April 2017 saw the international launch of Morpho’s (or Safran Identity & Security’s) MorphoAccess SIGMA Extreme. Morpho SA’s Paul Jeremias also took the opportunity to speak about the future of the company.
  • Secure your disruption
    May 2017, Johnson Controls, Financial (Industry), Integrated Solutions
    A high level of digital disruption in this sector has seen new business models emerge, ushering in new, more digital and virtual means of engaging with customers.
  • Co-operation and data delivers returns for SAICB
    May 2017, This Week's Editor's Pick, Security Services & Risk Management, Financial (Industry), Associations
    Data analysis and information sharing among insurance companies is producing sterling results in the fight against fraud.
  • Give passwords the finger
    May 2017, Virdi Distribution SA, Financial (Industry), Access Control & Identity Management
    Biometrics in its many forms has become standard in many organisations, especially for access control and time and attendance (T&A) functionality. But biometrics can be used for much more.
  • Suprema
    Securex 2017 preview, Suprema, Access Control & Identity Management, Integrated Solutions
    Suprema will be showcasing a handful of new products and solutions at Securex SA alongside its extensive range of IP access control devices, PC fingerprint solutions, mobile biometric platforms and integrated ...
  • Duxbury Networking
    Securex 2017 preview, Duxbury Networking, Integrated Solutions, Access Control & Identity Management
    Duxbury Networking will highlight future-ready security solutions for physical and virtual networks at Securex. Under the spotlight will be a range of offerings designed to promote proactive security ...
  • Keystone Electronic Solutions
    Securex 2017 preview, Keystone , CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management
    Keystone Electronic Solutions is an electronics research and development company. During Securex 2017 the company will be showcasing Project V, a ‘stream on trigger’ solution that provides centrally managed ...

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.