Challenging corporate thinking

August 2010 Access Control & Identity Management, Healthcare (Industry)

Organisations around the world are facing more security threats to their business than ever before. Breaches of confidentiality, crippling cyber attacks and data theft by their own employees are just some of the issues that companies now have to contend with and plan for. These security threats can also necessitate taking a more tangible approach to security where controlling physical access to premises is high on the agenda for many companies.

As soon as lurking security risks are exposed, they can exact a costly penalty in terms of reputational damage, eroding the confidence of investors and the market. This can be disruptive to a company’s operations and can even have a knock-on impact on customer service.

At the same time, companies are also wrestling with swathes of regulations like Sarbanes-Oxley, ISO 9000 and Basel II that require them to take a more consistent and comprehensive approach to risk management, corporate governance and compliance in their day-to-day operations.

Successfully managing physical and logical access to high-value resources or sensitive data is one of the most effective ways for companies to protect themselves against the barrage of threats they now face. Driven by these corporate imperatives, identity and access management (IAM) is fast securing its position as a cornerstone of information security, with a growing number of organisations recognising the potential benefits of an effective IAM programme in terms of cost savings, better service levels, tighter IT governance and improved regulatory compliance.

A survey carried out by technology and market research firm, Forrester, found that over 75% of enterprise IT security professionals in the UK, France and Germany feel that governance, risk and compliance are motivating them to consider IAM solutions for their organisation. So if the majority of IT professionals recognise the need to implement IAM, why has this so far failed to translate into wide-scale adoption?

Costs hindrances

One of the foremost barriers to adoption cited by companies that have considered – but reluctantly decided against – IAM is the cost issue. The ravages of the recession have blown a sizeable hole in the IT budgets of many organisations, with other corporate issues sometimes prioritised over IT security. However, when a company slashes its IT budget, it can leave itself dangerously exposed to security and financial risks where the money saved by reducing budgets can soon be more than swallowed up by the costs of security breaches. While it is impossible to wholly quantify the financial impact of security incidents, the Ponemon Institute estimates that data breaches cost around £60 per compromised record. Furthermore and according to a survey by Datamonitor, smartcard security solutions can actually result in a savings of more than $2 million for every 2000 employees.

A further reason why IAM has not yet been broadly taken up by organisations is because it is still viewed in some quarters as a tactical rather than a strategic implementation. Too many companies still treat IAM as a series of ad hoc projects instead of a process that is as dynamic as their company itself. But adopting a scattergun approach to IAM across an organisation can be counterproductive to say the least.

Juggling multiple, mutually exclusive systems is doomed to failure. Not only is this an expensive and resource-intensive way to approach IAM, but the lack of integration or coordination between these systems generates substantial – and unnecessary – complexity. This often leads to a lack of buy-in from senior management and thus a lack of engagement amongst employees themselves.

Where to start

IAM can seem like a bit of a minefield for companies that know they need to implement it, but do not know where to start. For many businesses, the obvious place to begin is with smartcards. Let us call out one of the biggest bugbears for corporate IT departments: managing identities is inherently difficult at the best of times, but the existence of multiple, disparate identities for each user within the companies is nothing short of a nightmare for IT managers. If users are utilising several identities to access information stored in multiple locations, it can be very complicated to bring this information together into a single format when systems are combined.

A recent survey by IT security firm, Sophos, revealed that a third of respondents use one password across multiple sites. This means that if one account is compromised, all accounts are vulnerable. A username/password combination is still the most popular method of accessing IT systems, but its shortcomings are well documented.

Companies at the cutting edge of secure corporate ID cards have developed a novel two-factor authentication approach to managing and protecting access control within their organisations. The user has to provide a hardware token (corporate identification card) in addition to a secret PIN number to strengthen the overall security of a desktop log-on. Even better, the very same smartcard can be used to control physical access to the company’s premises, making this kind of solution one of the most effective, cost-saving methods to protect workplace and data security.

Smartcard technology is becoming increasingly advanced; cards can now offer three levels of security: single, dual or three-factor authentication. With single-factor authentication, using the card on its own will grant access to a system or open a door. Dual-factor authentication adds an extra level of security in the form of a PIN number. Three-factor authentication goes a step further, using a PIN number and an extra security measure such as a biometric scan.

Expanding card usage

Smartcards are also finding effective applications outside the corporate world. Smartcard technology is now helping to solve some long-standing thorny issues in the healthcare sector, such as safeguarding patients and staff while protecting confidential patient information. In the UK, for example, many hospitals are now waking up to the benefits of using smartcards to control physical access to their buildings and adding logical security to the IT networks that house confidential patient data.

In the past, it was relatively easy for an intruder to walk unchallenged around a hospital, accessing areas meant only for authorised staff. In rare cases, this led to security breaches where babies were removed from paediatric wards. Smartcards are addressing this physical access problem by using encryption to offer differing levels of building access to certain staff.

Medical professionals are also using their smartcard to quickly access sensitive patient data on a network. So, in addition to safeguarding the security of patients’ personal information, using a smartcard for logical security can also create efficiencies in terms of time.

Properly implemented, identity and access management solutions can help companies by fortifying the security of their data and their business while making it far easier for users to access the information they need. In simple terms, the challenge for any organisation implementing an IAM system is to bring together physical access control and logical security to establish how they can work better for their customers.

In today’s increasingly risk-conscious environment, IAM is fast becoming a basic, non-negotiable part of corporate IT infrastructure – although IAM is designed to deal with some big security challenges, it does so with a straightforward, common sense approach.

Portable and secure, smartcards are becoming an increasingly valuable tool for safeguarding physical security and guaranteeing the privacy of sensitive electronic information across corporations, hospitals, government agencies and any organisation seeking heightened security solutions. When you weigh up the benefits of identity and access management solutions against the costs of reputational damage, security breaches and non-compliance, IAM can offer outstanding value by saving time and money while protecting an organisation’s assets.

For more information contact HID Global SA, +27 (0)72 923 9426, [email protected], www.hidglobal.com



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Unlock data insights and integration
Gallagher Access Control & Identity Management Products & Solutions
Gallagher Security announced the release of its security site management software, Command Centre v9.20, which enables integration with Microsoft Entra ID, a cloud-based identity and access management system that provides seamless synchronisation of cardholders across systems.

Read more...
Gallagher Security opens Cape Town office
Gallagher News & Events Access Control & Identity Management
Acknowledging a significant period of growth for the company in South Africa, opening a second office will enable Gallagher to increase its presence across the region with staff based in Johannesburg and Cape Town.

Read more...
Securing access against unwanted visitors
Intelliguard Access Control & Identity Management Residential Estate (Industry) Products & Solutions
In today's residential estates and complexes, one of the biggest concerns is preventing unauthorised access, while ensuring a smooth and convenient experience for residents and approved visitors.

Read more...
Smart access for a safer community
neaMetrics Suprema Access Control & Identity Management Residential Estate (Industry) Products & Solutions
Suprema's BioEntry W3 integrates AI-powered facial authentication into a sleek design that prioritises security, privacy and user experience, and even allows users to store their facial templates on their mobiles instead of external devices.

Read more...
Effortless and secure visitor management
Secutel Technologies Access Control & Identity Management Residential Estate (Industry)
Secutel Ventures has introduced SecuVisit, an access control solution designed to simplify visitor management while enhancing security. With two innovative components onboard, SecuVisit ensures seamless visitor check-ins anytime, anywhere.

Read more...
Glovent’s SOS Suite triple protects estate residents
News & Events Access Control & Identity Management Residential Estate (Industry)
One hundred and fifty-three years since the world’s first panic button was introduced in New York City, Glovent offers estate residents three different ways of summoning emergency assistance at the touch of a button.

Read more...
Security professionals gather at Integrate 360
Gallagher Access Control & Identity Management News & Events
Gallagher Security’s Integrate 360 brought together some of the best minds in security, innovation, and technology for two days full of insights, demonstrations, and future-focused discussions.

Read more...
Suprema showcases enterprise security at Integrate 360
Suprema News & Events Access Control & Identity Management
Since 2006, neaMetrics, Suprema’s distributor in Africa, has worked closely with Gallagher, building a robust partnership resulting in seamless integration between Suprema’s advanced biometric readers and Gallagher’s security management platform.

Read more...
New ASSA ABLOY facility opens in South Africa
ASSA ABLOY South Africa iDSystems Impro Technologies Access Control & Identity Management News & Events
ASSA ABLOY announced the opening of its new facility in Durban, South Africa. This new site unites IDS and Impro operations, bringing both manufacturing plants under one roof to create a hub for innovative access solutions.

Read more...
Unique fire detection challenges in hospitals
Securiton Fire & Safety Healthcare (Industry) Training & Education
Africa’s healthcare sector is a growth opportunity for business as new hospitals bring better health for millions, and the fire safety industry has a key role to play by ensuring these long-desired new hospitals do not go up in flames.

Read more...