Keeping track of each and every person within an enterprise environment can be quite a task. Couple that with managing their access and the task becomes all the more complicated.
Keeping track of each and every person within an enterprise environment can be quite a task. Couple that with managing their access and the task becomes all the more complicated. Utilizing a physical identity and access management (PIAM) system could not only help enterprises ease management, but also protect them from avoidable risks.
Wanted: Flexibility, scalability, adaptability
Overcoming the challenges presented by enterprise environments means choosing the right PIAM system. This starts with choosing the right system provider.
“Enterprise customers want to know that the PIAM system provider has a very complete understanding of the differing workflows for onboarding various identity types, how those workflows can be supported in an efficient, customized way, and the implications of workflow decisions on operations,” Don Campbell, VP of Products at Quantum Secure said.
Experienced providers understand that enterprise environments need flexible, scalable systems that makes use of the full range of available identity data and possible workflows. Such a system could become the central source of identity data when it comes to onboarding and offboarding, according to Campbell, and should have the ability to tie into the full range of relevant data systems, including PACS, IT, HR and training, for example.
“Having the flexibility to connect to the relevant systems and support the appropriate workflows is a high priority for enterprise customers,” Campbell said.
Magnus Malmström, VP of Product at identity and security company Nexus Group highlighted how “a good PIAM solution must be adaptable to new processes and changes in an organization and preferably through visualization in terms of process mapping and workflows.” He noted that when implemented correctly, it is possible to keep traceability for all actions in regards to authorization and access management.
Scalability is also a priority for enterprise users. “Many enterprise customers prefer to roll out systems across their organizations or locations in steps. This approach works well because it allows time for training, testing and operational adjustments with a smaller support team and lower overall risk,” Campbell explained. He further added that larger enterprise customers are likely to grow or acquire additional teams, so choosing a system that can grow as the organization grows is vitally important.
Differences among verticals
It is safe to assume that all users want flexible and scalable systems; however, when it comes to other requirements, different verticals have different needs. These differences are often a result of regulatory requirements and business model.
Divyakant Gupta, CEO of IDCube noted specific requirements for several different vertical markets: “For example, for oil and gas and manufacturing, PIAM requirements would normally revolve around contractor management, biometrics, de-duplication, time attendance reporting, etc. For pharmaceuticals, a solution would demand adherence to CFR Part 11 compliance, touchless credentials, interlocking, etc. For IT/ITES/banking and services sectors, solutions would require solving the security needs of dedicated development centers (companies within a company), distributed though centralized security framework for globally spread offices.”
Four building blocks for the modern and effective PIAM
Building the best PIAM system for an enterprise environment may differ among specific verticals and company needs; however, Jasvir Gill, CEO of AlertEnterprise believes there are four building blocks necessary for every modern and effective PIAM system.
Basic converged logical-physical onboarding, offboarding
Immediate benefits can be gained from linking the most obviously silo-ed sources of identity information. For example, connecting the human resources management system (HR) with the physical access control systems (PACS) can deliver immediate integration value and allow managers to make more informed decisions related to the extent of facility or corporate access based on job role, function and relevance. Another important opportunity is to link the PACS with IT network directory structures that track who has access to corporate applications and resources such as network access, email, messaging, databases, etc.
Self-service access request handling – across the enterprise
The old-fashioned practice of sending separate access requests to each department (e.g., IT security and physical security) leads to dead periods during which productivity and planning are disrupted and security exists in limbo. Self-service capabilities distribute the tedious task of collecting the information related to the request back to the requestors. This ensures that all required information is collected. The requestor receives acknowledgement followed by confirmation, and security functions can focus, instead, on assessing risk and closing security gaps.
Certification and audit of access granted – is it still relevant?
It is important to review security prior to access being granted. However, it is equally important to ask the questions during all phases of the employee or contractor lifecycle. Periodic access certification has been an audit mainstay in the IT application segment; however, this has not been the case when it comes to decisions regarding physical access control. Access certification in a converged context can be very helpful in deciding how much access and authorization to grant or how much access and authorization should be blocked to employees who have had job changes.
Identity intelligence – learning access patterns over time and identifying anomalies
The combined categories of employees, contractors, vendors and visitors that have been granted access to the organization at any given instant in time make up the badged population. It is important for security managers to know how large the badged population is, what risks they pose to the enterprise and how to mitigate the risk. Identity Intelligence software can rely on machine learning and the deployment of rules.
What’s to come
Like most other security offerings, PIAM solutions are also embracing technology trends such as the Internet of Things (IoT), big data, and mobility.
IoT could simplify the implementation of a PIAM project without compromising on reliability and security, especially in sectors where customers cannot afford to create and maintain expensive IT infrastructure, according to Gupta. Furthermore, he believes mobility in the form of a mobile app would allow different stakeholders to more easily interact with a PIAM portal.
According to Campbell, some of the more advanced PIAM offerings today already make use of collected data to support contextual analytics and predictive analysis, such as identifying indicators of compromise, and cross-comparing data from siloed data systems to improve accuracy and provide more actionable information.
In the future, expect PIAM systems to continue connecting to more devices with security value and utilizing more big data methods. By doing so, PIAM systems will further help enterprises enhance their security operations, reduce costs, leverage existing investments and manage risks.
Product Adopted:Software