The Road to Integrated Systems Physical and Network Security Merge to Drive Business Processes White Paper



Similar documents
Finance/Banking Security Solutions YOUR PARTNER OF CHOICE. Global Solutions For A Global Economy

When Worlds Collide The Convergence of Physical and Logical Security White Paper

Virtualization Beyond the Data Center: Increase Network Infrastructure Utilization and Efficiency to Reduce Operational Costs

honeywell building solutions INNOVATIVE TECHNOLOGY ACHIEVING MEASURABLE RESULTS Intelligent healthcare Management

Bridging the Great Divide. The Convergence of Physical and Logical Security

Education Security Solutions YOUR PARTNER OF CHOICE. Challenging Times Call For Uncompromising Solutions

Clavister InSight TM. Protecting Values

Preemptive security solutions for healthcare

The Age of Audit: The Crucial Role of the 4 th A of Identity and Access Management in Provisioning and Compliance

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

QRadar SIEM 6.3 Datasheet

Convergence Retailing Automation. Maximize efficiency. Reduce costs. Enhance customer experience.

Provide access control with innovative solutions from IBM.

How To Achieve Pca Compliance With Redhat Enterprise Linux

Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Marquee

HIPAA Security Alert

The Oracle Mobile Security Suite: Secure Adoption of BYOD

Best Practices for Building a Security Operations Center

Strengthen security with intelligent identity and access management

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

Boosting enterprise security with integrated log management

CHIS, Inc. Privacy General Guidelines

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, :00 AM

How To Manage Security On A Networked Computer System

IBM Security & Privacy Services

Governance, Risk, and Compliance (GRC) White Paper

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Data on the Move = Business on the Move How Strategic Secure Managed File Transfer Adds Value and Drives Business

P2000 SECURITY management SYSTEM. More control means more freedom

CA Records Manager. Benefits. CA Advantage. Overview

Device Lifecycle Management

Solving the Security Puzzle

Feature. Log Management: A Pragmatic Approach to PCI DSS

Logical / Physical Security Convergence. Is it in the Cards?

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

A Federated Approach to Systems Management. Sr. Product Specialist Systems Engineer

Day One Employee Productivity and Increased Security: Integrated Provisioning and SSO

CDW-G School Safety Index 2009

What is Security Intelligence?

Enterprise Data Protection

SECURITY POLICY MANAGEMENT ACROSS THE NEXT GENERATION DATA CENTER

Security Center Unified Security Platform

Avoiding the Top 5 Vulnerability Management Mistakes

Convergence to Re Shape the Physical Security Industry

PEOPLESOFT HELPDESK FOR HUMAN RESOURCES

GMS GRAPHICAL MANAGEMENT SYSTEM

ACFA INTELLECT: COMPREHENSIVE SOLUTION FOR SECURITY INTEGRATION

Keeping watch over your best business interests.

Cisco Mobile Collaboration Management Service

Full Disk Encryption Drives & Management Software. The Ultimate Security Solution For Data At Rest

Life Sciences Security Solutions YOUR PARTNER OF CHOICE. Controlling Who Comes In And What Goes Out

FIRE ALARM & LIFE SAFETY

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Oracle Business Intelligence Applications Overview. An Oracle White Paper March 2007

Lots of workers, many applications, multiple locations......and you need one smart way to handle access for all of them.

Key Considerations for Information Technology Governance. 900 Monroe NW Grand Rapids, MI (616)

Wireless Local Area Network Deployment and Security Practices

How To Get Rid Of A Collection Of Disparate Systems

Pragmatic Business Service Management

Marquee. We provide tools to effectively manage your workforce and improve your bottom line. Managing the Workforce

Q1 Labs Corporate Overview

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Achieving Regulatory Compliance through Security Information Management

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Where Identity Matters

Understanding. Product Exploration

Exploring Converged Access of IT Security and Building Access Today, Tomorrow and the Future

How can Identity and Access Management help me to improve compliance and drive business performance?

PROTECT, CONTROL, and MONITOR the security of your facility in real-time.

Supporting Municipal Business Models with Cisco Outdoor Wireless Solutions

What We Do: Simplify Enterprise Mobility

Remote Services. Managing Open Systems with Remote Services

Pro-Watch Software Suite Installation Guide Honeywell Release 3.81

Tailored integration to suit you

SECURITY RISK MANAGEMENT. FIRST 2007 Seville, Spain

Walk Then Run: 10 Essential Steps to Securing the Cloud

HIPAA Security. assistance with implementation of the. security standards. This series aims to

The Business Case for Security Information Management

VISTA Operations Management Systems COMPLETE SECURITY SOLUTIONS FOR ANY RETAIL BUSINESS. Value Beyond Security

TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1

Securing Virtual Applications and Servers

Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

MANAGED SECURITY SERVICES

Security Features and Considerations

Inspection of Encrypted HTTPS Traffic

Privilege Gone Wild: The State of Privileged Account Management in 2015

5 Steps to Choosing the Right BPM Suite

Cisco SAFE: A Security Reference Architecture

The Business Value of a Web Services Platform to Your Prolog User Community

Trust. The platform for business innovation.

Leveraging a Maturity Model to Achieve Proactive Compliance

The IBM Solution Architecture for Energy and Utilities Framework

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Industrial Security Solutions

Security in Space: Intelsat Information Assurance

Transcription:

The Road to Integrated Systems Physical and Network Security Merge to Drive Business Processes White Paper www.honeywellintegrated.com

Table of Contents Executive Summary...3 The Complexity of System Information...4 The Increase in the Complexity of Vulnerabilities...4 Honeywell s Way Forward...4 Common Security Policy Management and Control...6 Common User Provisioning and Single Sign-on...6 Single Access Credential...6 Bringing it all Together...6 Going Forward...7 About Honeywell...8 About the Authors...8 2

Executive Summary Convergence The Next Step in Integration For years, industry and analysts have been touting the benefits of integrated systems that would improve the decision-making process by taking information from disparate functions and processes and organizing it efficiently. Strides continue to be made in driving efficiencies throughout the organization through just this sort of thought: Inventory and purchasing systems, payroll and HR systems, HVAC and fire systems, door entry and elevator systems all coming together in solutions that drive productivity by correlating the data that these formerly disparate systems generated. The industry calls these converged solutions, but in the end these efforts are all focused on creating systems that conform to business processes. By driving efficiencies throughout the organization, those systems improve productivity of the workforce. Unfortunately, physical security has traditionally been left out of this efficiency discussion. In most organizations, building access control and security are focused solely on securing physical assets. They are typically managed by facilities operators who deploy locking and alarm systems to minimize the risk of theft and vandalism. A more complex organization may have a corporate security department that takes experience from the law enforcement world to centralize these operations and deploy more advanced surveillance systems. But in the end, the goal of security is the same as facility maintenance: to keep a company s assets up and running. IT organizations have always had a parallel goal in mind: to deploy networks and systems that keep their companies running efficiently. But in addition to this, IT has always seen security as a priority in deploying their networks and systems. Their goal is to ensure the security of the information data that is used by their employees. But why should these worlds exist independently if they have parallel goals in mind? The answer is in technology and culture. - Physical security has always been seen as the first line of defense in managing an organization s security. In a world where all of an organization s work occurred within the confines of the four walls of a building, a good lock or physical access system was all that was needed to maintain the integrity of physical assets and data. - Facilities and security operators with a law enforcement mindset are accustomed to working in a world of command and control. This is in stark contrast to working in the IT industry, which has flourished in an environment of open communicating systems and standards. Getting these two worlds to work together takes investment and time. In an information-driven economy dominated by remote networks and VPNs, a more holistic view of enterprise security operations is needed to overcome these obstacles. We are working in a time that this opportunity is more real than ever. But what else is driving this direction? 3

The Complexity of System Information The typical organization produces several hundred thousand event logs stemming from various user activities, including accessing buildings or rooms, accessing computers and applications; communicating by e-mail and instant messaging; and printing, copying, editing, and deleting files. All of these can be highly relevant to protecting an organization s confidentiality, privacy, and security. This trend has only increased with the digitalization of physical security data. Digital video and smart card applications have taken what historically have been stores of analog data that were recalled and searched only following a precipitating event. These systems are now capable of creating useful, organizable data that can be integrated into a more holistic decision-making process. To make matters worse, an increasing number of security solutions fall outside of the immediate scope of today s security infrastructure. For example, identity management and information security clearly tie into corporate functions such as HR or strategic development, but they also need to be linked with IT security. Ultimately, combining event and systems information with security management results in better visibility, cost savings, and higher efficiency when protecting and managing enterprise-wide IT systems. 1 The Increase in the Complexity of Vulnerabilities With the introduction of regulations around data collection protection such as the Health Insurance Portability and Accountability Act (HIPAA); the Gramm, Leach, Bliley Act (GLBA); Sarbanes-Oxley and Homeland Security Presidential Directive (HSPD-12) configuration and regulatory compliance, organizations look for a framework in which to monitor and automatically enforce compliance with specific corporate-wide configurations as well as with government or industry regulations and standards. Both areas demand auditing, enforcement, updating, and documentation and therefore stretch the capabilities and budgets of many organizations. Add to this the sheer volume of expanding IT threats and vulnerabilities affecting more and more applications and other system infrastructure components. Companies are now looking for solutions that help them assess and manage their security position. They need tools that help them manage and prioritize the sheer volume of threat and vulnerability-related information generated by a variety of security systems. Honeywell s Way Forward Technology and regulatory trends are driving organizations toward integrating their IT and physical security systems. The idea of convergence represents an approach to using data generated by both physical security and IT systems to drive business process efficiency. This can be as simple as using digital video cameras on an existing LAN for video surveillance and as complex as using virus threat information to proactively control physical access to a building. The convergence of physical, network, and data security are emerging in a new way to help you manage your business. This starts by properly structuring your data. Then you can get that 1 Forrester Quick Take: The Convergence of Systems and Security Management, Thomas Raschke. 4

structured data to talk with other systems. Once the various systems are communicating, they can start to build a knowledge base that is specific to your business. Workflows are identified, bottlenecks are identified faster your business is learning to be more efficient. Honeywell wants to take this vision to your business. The vision is the culmination of our years of experience in driving efficiencies throughout manufacturing and business organizations. We are working to break down the cost barriers of deploying these types of solutions through standardized platforms, common interfaces, and application of the latest technologies. The framework can be seen not only as a technology evolution but as a migration path as your organization grows and realizes the need to drive more systems-level integration and productivity. The Honeywell SmartPlus Convergence Solution 5

Common Security Policy Management and Control Pro-Watch Physical Security Systems Your IT infrastructure serves as the backbone for deploying your converged solution. By deploying IP-enabled security systems you are able to take advantage of the fixed investment and improve its ROI. While the analysis will vary based on application, the investment will have an even higher ROI when including the indirect benefits of creating a more actionable and integratable form of data-enabled by technologies such as IP-enabled video surveillance. Developing common protocols for managing access to your company s assets and data enables more efficient provisioning and management. Your organization can start developing role-based policies that can manage badge issuance, enrollment, revocation processes, and XML interfaces for integration with identity management solutions. Common User Provisioning and Single Sign-on SmartPlus Identity Manager The various systems running on your IT infrastructure were all implemented to improve the productivity of your workforce. These systems have become so ubiquitous that we often forget how many of them we use in any given day. Today, unfortunately, most of these systems run independently and require unique user provisioning. Driving a common interface will improve productivity and ensure that the right employees have access to the right information and workflows. Single Access Credential SmartPlus Badging Pro-Watch Physical Security Systems As a result of HSPD-12, the deployment of smart card credentials and applications is experiencing widespread adoption. The technologies allow the integration of physical access, network access, and other data onto a single credential. These technologies enable strong authentication for access to assets and data. Bringing it all Together Correlating Physical Security and IT Security Events By creating usable data through IP-enabled technologies, physical security events and IT security events can now be correlated that would have remained independent from each other in the past. For instance, access to the network should only be granted to employees who have used their secure credential to access the building. Access to certain areas of your building can be granted based on IT security threat levels. This event addition recognizes threats by correlating seemingly disparate events. The data can now be compared on an apples to apples basis to drive an enhanced security policy. Unified Auditing and Response of Physical and IT Events Once you are receiving common data, you can create a common policy for responding to physical and IT events. This can be useful for meeting compliance regulations, but can be even more effective in managing your business through common response protocols across the organization. 6

Going Forward Learning and Proactive Event Management in a Real-time Environment Most IT and physical security systems are reactive and take action based on events. Proactive event threat management allows your business to correlate real-time information with historical events. The system learns how to manage the current environment and can react in a real-time manner, increasing the value of your system and improving your ROI. The benefits to an organization using such a system can be substantial. By integrating several systems together to share information, an organization is able to see vulnerabilities in real-time; a PC left logged on while an employee is at lunch, established VPN connections while the employee is badged into the building, and the ability to link IT security events with physical security responses all drive real-time security policy management. How organizations choose to implement these new toolkits is left up to them and their individual security and compliance requirements. Over the coming months, Honeywell will introduce several technologies that will allow your organization to take advantage of the convergence between IT and physical security. Given all of the benefits of a converged system productivity from common protocols, increased security of physical assets and data, and improved ROI on IT and security infrastructure investments Honeywell is positioned to be your partner of choice for converged solutions. For more information, visit www.honeywellintegrated.com. 7

About Honeywell Honeywell International is a $34 billion diversified technology and manufacturing leader, serving customers worldwide with aerospace products and services; control technologies for buildings, homes and industry; automotive products; turbochargers; and specialty materials. Based in Morris Township, N.J., Honeywell s shares are traded on the New York, London and Chicago Stock Exchanges. It is one of the 30 stocks that make up the Dow Jones Industrial Average and is also a component of the Standard & Poor's 500 Index. For additional information, please visit www.honeywell.com. About the Authors Peter Fehl, Marketing and Business Development Leader Peter Fehl leads marketing and business development for Honeywell s Integrated Security segment. In his current role he is responsible for driving business development opportunities and strategic direction. Before he joined Honeywell, Mr. Fehl provided engineering consulting services as part of an engineering firm in Atlanta, Georgia and worked as an engineer for Honda of America. He holds a Bachelor of Science degree in mechanical engineering and an MBA from the Georgia Institute of Technology and is Six Sigma Black Belt certified. Sean Leonard, Strategic Marketing Manager In his role as strategic marketing manager for Honeywell s Video and Access Systems, Sean Leonard is responsible for the strategic planning process, competitive analysis, market intelligence, and business development. His background includes three years of experience in strategy and marketing in various industries including security, building automation, and aerospace. He has seven years of project management experience in the aerospace industry. Sean received his Bachelor of Science degree in engineering from the University of Illinois at Urbana-Champaign, his MBA from Vanderbilt University, and is Six Sigma Green Belt certified. For more information: www.honeywellintegrated.com Honeywell Security Honeywell Integrated Security 135 W. Forest Hill Avenue Oak Creek, WI 53154 800-323-4576 www.honeywell.com 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information