classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017


Awareness and trust in context
November 2017, Access Control & Identity Management, Security Services & Risk Management

Identity management is often seen as a specialised field that is applied somewhere in an organisation to control who has access to what, sometimes in both the digital and physical realm. Yet, while IAM is definitely a specialised field, it is one that is central and crucial to the concept of secure computing.

Markus Krauss, senior director, Digital Identity and Security, CA Technologies says identity management today is central to all forms of authentication and communication, whether it’s between people or things, or people and things – referring to the Internet of Things (IoT). Moreover, central to all identity management is the concept of trust: someone is granted access to something because you trust that the person is who they claim they are and that identity has permission to do whatever they are trying to do.

Within an enterprise, for example, if a person logs into their PC and wants to access certain information, applications or authorise transactions, they will have the ‘privilege’ of open access to those assets due to their position and permissions granted when they started their job. If a person is doing something that is higher risk, such as authorising a payment, the system may automatically ask for additional verification, a second factor to provide additional proof the person actually is the person who is authorised to do the transaction.

Hence the term ‘privileged access management’. The company decides your identity has certain privileges based on your job, and the identity management systems grants you access to those assets and prevents you from accessing or even seeing what you don’t have the privilege to see. In certain conditions, it requires something in addition to a password to ensure that high-risk activities are more secure.

Getting this right in an organisation is not easy, however. We have all heard of identity management projects that have failed for a variety of reasons. Nowadays, it’s even harder as an organisation is no longer bound by walls and buildings. Although it may not be advised, your CEO (or any approved person) can authorise transactions from anywhere, even via his/her mobile device. This takes the concept of trust and privilege to another level.

Trust is relative

This is where additional attributes are required in the trust relationship: the company’s identity management system must now incorporate other factors into the trust it assigns. If the CEO is logging in from home on the company laptop, it’s a known device and location so there may be very little change in the trust assigned. If the login is on another device that the organisation doesn’t control, it’s a different matter.

If the login is from a public Wi-Fi at an airport, for example, the trust issue is escalated as there are a number of additional attributes to take into account. In a case like this, additional authentication factors are not the answer because no matter how sure we are of the identity requesting access, the environment is not trusted because it is out of the control of the organisation and is known to be insecure. In this case, taking the all attributes into account will increase the risk of access and decrease the trust assigned, meaning that the CEO may be allowed only restricted access to certain company digital assets.

The same process applies to everyone associated with the company, from the CEO to clerks and other employees. In addition, Krauss explains that the same process can be applied to the IoT. Just because it is a device wanting access, doesn’t mean the company can simply allow it – we have all heard of security breaches being conducted through devices such as security cameras and recorders. Today there are no ‘dumb’ devices, only insecure devices that can be exploited by those with malicious intent.

Controllable billions

This may seem a bit much as we hear about the billions of devices that will be connected in the IoT in the near future; and who can manage billions of identities? It is manageable, however, as Kraus explains that while there are many devices, many of them are the same devices performing the same functions. And the context, once again, defines the trust assigned. For example, a camera overlooking a parking lot needs to be secured, but it doesn’t need as much protection and trust associated with it as one in your living room.

Just as we have privileged access management in organisations for people, the IoT will require similar ‘Identity of Things’ processes to ensure that data transfers are managed effectively and securely. The good news is that the trust concept in today’s privileged identity management systems can be extended to things and the relationships between them, and between them and humans. When the data being transferred is the temperature of a generator outside your office, you don’t need to go crazy worrying about risk and trust. However, when you are monitoring the temperature and other readings from nuclear reactors, the importance of trust becomes critical.

Of course, trusting things is much easier than people because they are predictable in what they do and how they operate. When it comes to people, there is always the human factor to consider when ascribing trust and risk levels. Edward Snowden is a good example. He had all the clearances to access sensitive information, but his behaviour was not as expected, but nobody picked up on it. An IAM tool that assigns a risk score which is used to define the level of trust is therefore critical, but so is the ability to use behavioural analysis as an additional level of risk measurement.

For example, Snowden accessing files his employers considered sensitive was acceptable, but was copying them to a USB drive within his normal behaviour patterns? We don’t know the exact story of how and why he was able to collect so much information, but the principle applies to any company. Does your sales person really need a copy of the entire customer database on a USB drive or on their mobile phone?

Identity for all

CA is a company that has been operating for around four decades and over the years has developed one of the leading IAM solutions in the market. Krauss says that for much of its existence, CA focused on a limited number of customers, specifically the Top 500 companies globally. During this time it acquired a number of technology companies and expanded its portfolio of solutions and services which it supplied to its 500 customers.

Over the past few years, however, the company has changed its focus and is now more open to partnerships and bringing its technology to a broader market. One of the ways it is doing this is by combining its technical expertise into a single product that can cater to the simplest as well as the most complex installations.

It accomplishes this through its virtual appliance (the CA Identity Suite – Virtual Appliance) which Krauss says can be deployed in as little as 7 minutes and then be configured to the organisation’s requirements via a web-based interface. It’s one virtual service that can be scaled and updated easily as required, depending on the customer’s identity management and governance requirements. The virtual appliance is, of course, sold in addition to the various products the company has developed over time.


Credit(s)
Supplied By: CA Southern Africa
Tel: +27 11 417 8594
Fax: +27 11 417 8691
Email: heidi.ziegelmeier@caafrica.co.za
www: www.ca.com/za
  Share via Twitter   Share via LinkedIn      

Further reading:

  • Alcohol detection turnstiles
    February 2018, Flow Systems, Access Control & Identity Management
    Flow Systems has introduced a newly designed turnstile to the South African industrial market. This full height turnstile, model ‘Alky’, not only allows controlled access, whether it be by fingerprint, ...
  • Deep learning of AI (artificial intelligence)
    February 2018, ZKTeco, Access Control & Identity Management
    ZKTeco adopts AI to enhance biometric recognition algorithms for facial, palm vein, iris and now even fingerprint technologies.
  • What lies ahead in 2018?
    February 2018, Axis Communications SA, Cathexis Technologies, Forbatt SA, Milestone Systems, neaMetrics, Suprema, ZKTeco, G4S South Africa, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management, Cyber Security, Integrated Solutions
    To find out what the physical security industry is expecting in 2018, Hi-Tech Security Solutions asked a few of the leading players what they expect in 2018 in South and southern Africa.
  • TAPA SA conference 2017
    February 2018, This Week's Editor's Pick, Asset Management, EAS, RFID, Integrated Solutions, Security Services & Risk Management
    TAPA held its South African conference at Emperor’s Palace late last year. Hi-Tech Security Solutions was there to cover the event.
  • Tshimologong and ACSA partner for security challenge
    February 2018, News, Access Control & Identity Management
    Are you a maths genius, mad scientist, engineering wizard, IT wonder child or tech boffin? ACSA needs your skills.
  • Paxton announces exclusive distribution with Regal Group
    February 2018, Paxton Access, News, Access Control & Identity Management
    Paxton has updated its distribution network in South Africa by announcing an exclusive distribution partnership.
  • Hikvision and Paxton create seamless vehicle entry system
    February 2018, Hikvision South Africa, News, CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management, Integrated Solutions
    Hikvision has announced the successful integration of the Hikvision automatic number plate recognition system into Paxton’s Net2 access control system.
  • Teacher’s biometric pet
    February 2018, Powell Tronics, Education (Industry), Access Control & Identity Management
    There are a number of challenges faced in ensuring adequate access control and monitoring within the educational sector that portable biometrics can solve.
  • Technology in education
    February 2018, ZKTeco, Education (Industry), Access Control & Identity Management
    Imagine being able to keep track of where your child goes the moment he or she is dropped off at school on your cell phone or PC at home.
  • Secure student accommodation
    February 2018, Powell Tronics, Education (Industry), Access Control & Identity Management
    Fast Fire & Security provides a variety of security and fire services that include access control at six of CampusKey’s campuses.
  • Pharmaceutical security in Turkey
    February 2018, Access Control & Identity Management
    Rosslare supplies fully integrated access control and surveillance solutions for Roche facility in Istanbul.
  • PAVIRO public address and voice evacuation system
    February 2018, Bosch Security Systems, Integrated Solutions, Security Services & Risk Management
    The PAVIRO system can address up to 984 zones with a total of 164 000 watts of amplifying power in one system, making the system suitable for bigger installations.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.