Integrated Identity Management Whitepaper



Similar documents
The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control

Executive Summary P 1. ActivIdentity

Bridging the Great Divide. The Convergence of Physical and Logical Security

Financial Security Symposium Singapore

Guard All Security Symposium. Identity and Access Management

Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Marquee

Exploring Converged Access of IT Security and Building Access Today, Tomorrow and the Future

Access Control Manager

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Security and Convenience A Paradox on Campus

Card Personalization Software. Asure ID 7

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

Advanced Authentication Methods Determining the Best Fit for Your Agency. Strong Authentication. Simplified.

An Operational Architecture for Federated Identity Management

Take the cost, complexity and frustration out of two-factor authentication

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

More Power and Performance With Each Printed Card

IDaaS: Managed Credentials for Local & State Emergency Responders

PROPOSED SOLUTION FOR BIOMETRIC FINGERPRINT TIME AND ATTENDANCE MANAGEMENT SYSTEM

PCI Data Security Standard

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Provincial IDIM Program BC Services Card Project Identity Assurance Services Solution Architecture Overview

Integration of Visitor Management with Access Control Systems

Identiv is a publicly traded company and its common stock is listed on the NASDAQ Capital Market in the U.S. under the symbol INVE.

Functional Specification Document

Alternative Device Integration For Enhanced Security

Strategic Identity Management for Industrial Control Systems

Achieving HIPAA and HITECH Compliance. with Enterprise Single Sign-On

MIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Contactless Solutions

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

Hard vs. Soft Tokens Making the Right Choice for Security

Photo ID card SoftWArE

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

Choosing an SSO Solution Ten Smart Questions

Today, there are three major initiatives for cards and credentials. Every security

Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, :00 AM

TimeLOG. Small to Mid-size Enterprise Workforce Management System. The Complete Workforce Management Solution!

Secure Your Enterprise with Usher Mobile Identity

Security Center Unified Security Platform

Credential and Workflow Design with TruCredential. DataCard Corporation. All rights reserved.

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

The Benefits of an Industry Standard Platform for Enterprise Sign-On

Role Based Access Control for Industrial Automation and Control Systems

Combatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs

Frequently asked questions

Security Architecture Whitepaper

Extending Identity and Access Management

NACCU Migrating to Contactless:

The Return on Investment (ROI) for Forefront Identity Manager

3 Security needs to keep pace with evolving computer architecture. 1 General perceptions and understanding of computer security vary considerably.

Marquee. We provide tools to effectively manage your workforce and improve your bottom line. Managing the Workforce

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

ConCERTO Secure Solutions for Converged Systems

Status: Final. Form Date: 30-SEP-13. Question 1: OPDIV Question 1 Answer: OS

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Enterprise Single Sign-On City Hospital Cures Password Pain. Stephen Furstenau Operations and Support Director Imprivata, Inc.

GMS GRAPHICAL MANAGEMENT SYSTEM

Presentation to House Committee on Technology: HHS System Identity & Access Management

solutions Biometrics integration

A Fully Integrated Online Hotel Locking System

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

Time Clocks for Employee Attendance Tracking

Converged Smart Card for Identity Assurance Solutions. Crescendo Series Smart Cards

C21 Introduction to User Access

Introducing... The Word's Most Advance. Biometric Time Attendance Door Access Security System

HIPAA Assessment HIPAA Policy and Procedures

Surveillance and Security for Casinos. Cost-Effective Solutions for Any Size Facility

Information Technology Policy

CRESCENDO SERIES Smart Cards. Smart Card Solutions

IQS Identity and Access Management

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

5 Day Imprivata Certification Course Agenda

NSF AuthentX Identity Management System (IDMS) Privacy Impact Assessment. Version: 1.1 Date: 12/04/2006. National Science Foundation

The ROI case for smart cards in the enterprise

Integrating Hitachi ID Suite with WebSSO Systems

White Paper. From Policy to Practice: A Practical Guide to Implementing HIPAA Security Safeguards

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

s t a t e - o f - t h e - a r t i n h i g h s p e e d t r a c k i n g a n d t r a c i n g Smart Track Never Lose Track of an Item Again

Biometric Access Control Retail Applications Benefits of e-data Access Control with Fingerprint Key biometric reader

Simplifying Security with Datakey Axis Single Sign-On. White Paper

Student ID card and campus security solutions. Colleges and universities

What s Best. for You? Protecting What s Important to You

Biometrics in Physical Access Control Issues, Status and Trends White Paper

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Sarbanes-Oxley Act. Solution Brief. Sarbanes-Oxley Act. Publication Date: March 17, EventTracker 8815 Centre Park Drive, Columbia MD 21045

HIPAA SECURITY RULES FOR IT: WHAT ARE THEY?

mobile payment acceptance Solutions Visa security best practices version 3.0

STATE-OF-THE-ART IN HIGH SPEED TRACKING AND TRACING. Smart Track. Never Lose Track of an Item Again!

Spotting ID Theft Red Flags A Guide for FACTA Compliance. An IDology, Inc. Whitepaper

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Self Service Portal and 2FA User Guide

DO YOU NEED CORRELATION?

Transcription:

Integrated Identity Management Whitepaper Tom Stiles, Identification Systems Group 9600 N. Locust Drive Kansas City, MO 64155 Phone: 816.582.1596 tstiles@identificationssystemsgroup.com

Contents 1. Introduction...... 2 2. Issues Faced.... 3 3. Key Points for Identity Management 3 4. How to Get Started...... 4 5. Secure Identity Platform.... 4 6. Issuance of ID Credentials.... 4 7. Contactless Card Technology.. 4 8. Benefits... 4 9. Considerations... 5 10. Identification Systems Group.. 5 1. Introduction In security related publications you will hear about the importance of: Convergence of Physical & Logical Security Identity & Access Management (IAM) Enterprise ID Physical Security Information Management (PSIM) Logical Access Management Systems (LACS) We all recognize that in today s world, there is a growing need for increased security. Current trends in identification security include Contactless and Contact Smart Cards, biometrics, vulnerability of information, government and industry group mandates and recommendations, and the convergence of physical and logical security. You need to make the right decisions, but operate within a finite budget. Most industry experts are saying similar things. A lack of effective identity and access management poses significant risks not only to compliance but also an organizations overall security. These risks include: Privilege creep. Privileges are granted as needed when an employee duties increase, but the access level escalation is not revoked when no longer needed. Credential overflow. Cards not de-activated when an employee leaves Why Integrate Physical & Logical Security, a whitepaper by Cisco, John Carney, 2011 This paper describes the importance of integrating physical and logical security under a single governing body or department. A lack of integration creates the following challenges: No single system to identify a person s identity because each functional security department controls its own identity database Increased potential for theft Lack of IT management and application of best practices applied to physical security device, or a lack of best practices applied consistently across departments Lack of physical monitoring of logical security devices that can detect tampering; that is, unauthorized access to a logical security device console Some benefits of integration: Provides information on who entered the building Eliminates tailgating since the network cannot be accessed without the person swiping his/her badge Allows for a more productive work environment by making it easier for the employee to authenticate by using an integrated solution 2

In an open, trusting and tech savvy environment, the best access control system may be predicated upon a line to system access. If you failed to badge into the building, you don t get access to the systems. The collateral benefits abound: building management systems, incident awareness, and who is in the affected building. Edward Erickson, Senior Director of Safety & Security, Cisco The Value of Converged Access Control, a whitepaper from HID Global, 2014 Truly converged access control consists of one security policy, one credential and one audit log. This approach enables enterprises to: o Deliver Convenience Replaces on-time passwords tokens and key fobs, negating the need for users to carry multiple devices. o Improve Security Enables strong authentication throughout the IT infrastructure and at the door. o Reduce Costs Eliminates the need to invest in multiple access solutions. The Case for Convergence, a whitepaper from Identiv, 2014 Similarities between PACS and LACS, both systems are based on similar concepts and theories of operation. 1. A high confidence credential. Where authenticating to the door or a desktop, organizations want confidence in the credential being used. 2. Unique identification of individuals. The back-end systems authenticating the users must associate the user credential with the correct user account. 3. Limit access to authorized only individuals. Organizations don t want unauthorized persons wandering around their buildings (PACS) and they don t want them wandering around their network and files either (LACS). 4. Auditing of system activity. The PACS system creates logs in its database, whereas the LACS system does so in the network logs and/or Security Information & Event Management (SIEM) systems. 2. Issues Faced Many organizations have a variety of ID and security technologies reside on one credential. Examples are barcode, magnetic stripe, Proximity, and Contactless. They also have a variety of applications that require ID information, including Access Control, Time & Attendance, Parking, Cafeteria, Housing and Active Directory, among others. This can raise many questions and red flags, like: Can you issue a credential in one step? Will the credential be active in all systems that require identification data? If not, how do you accomplish this? How is information shared among security applications? Can you coordinate getting information to the various systems and issue the various card technologies like Proximity, Magnetic Stripe and Contactless? How do you transition to different card technologies over time without complete card and reader replacement? When someone loses their ID credential and needs a replacement, how do you deactivate the old ID and issue a new one, all in one step? The replacement card may have a new Proximity card number, or ID number + Lost Card Code. How do you store a photo in your ERP/HR system? Most of these systems have a field for photo; however, it is rarely populated. How do you get database information into security applications like Visitor Manager and avoid the hassle of manual data entry? An example is the list of employees to be seen by visitors. Where do you store identity information that is not suited for ERP system, such as Visitors, Guests & Recruits? How do you prevent card numbers and serial numbers from being duplicated in your access control system? 3

3. Key Points for Identity Management The key features of Secure Identity Management are: A single point of enrollment and ID issuance Ability to add data needed for applications to the ID card at time of issuance Ability to send data needed for applications to the various systems, such as HR, Network Directory, Door Access Control, Time/Attendance, Parking, Housing, Cafeteria, etc. Automatic deactivation of ID in all security systems when it is lost or stolen Good communication between various departments, such as HR, Security and IT. 4. How to Get Started Creating a plan is not impossible, you just need a team effort. Create a list of ID applications you currently have, and those you want to add in the future. Create a list of data each application needs. Gain buy-in from other departments. Speak to various vendors involved. Below is an example of a list of applications and possible data elements. Application databases Human Resources/Student Information ID Badging Network Directory Door Access Control Time & Attendance Parking Housing Cafeteria & other Payment Data that may be needed for any app Name Photo ID Number Door Access Control card number Bar-code number Magnetic stripe number Lost card code number Department, Title, Building, Room Date of Birth Active/De-active Flag 5. Secure Identity Platform Unlike other expensive and complex identity management solutions, the BadgePass Secure Identity Platform from Identification Systems Group is reasonably priced and easy to understand. Identity management data is stored in a powerful SQL database. The provided synchronization tools and powerful event notification service allow for realtime or scheduled messaging and cross-platform communication, creating a world where one identity works with many applications. The Active Directory Plug-In provides the ability to synchronize BadgePass entities with your exiting Active Directory Users. 6. Issuance of ID Credentials We all understand the importance of recognizing members of the team and identifying visitors and guests. To take ID security to the next level, credentials must be ready to use when issued. That means the various card technologies must be read (e.g. Proximity or Contactless Number) and written (bar-code, magnetic stripe, contactless) during the issuance process. The resulting data is sent to the needed databases. Card issuance systems from Identification Systems Group automate the credential issuance process and will revolutionize the way you think of secure identity. 7. Contactless Card Technology The world is moving to Contactless Card technology, and for good reason. However, there are a wide variety of card products to choose, and some can be very expensive. What is best for you? 4

One good choice is the MOCA Card (Multi-application Open Card Architecture) from Identification Systems Group. Based on world leading Mifare technology, MOCA Cards are more secure, yet more flexible and open. You have further freedom to choose applications that you want to add. And, in many cases, the price of MOCA cards are less than traditional Proximity cards. 8. Benefits The benefits of enacting a solid game plan are strong, yet simple. Greatly improved security Increased efficiency Affordability 9. Considerations Some of the topics of discussion when considering a system include: Cost. Does the cost justify the benefit? Card Technology. What card do you want and need? Card Durability. If you invest in a technology card, you want it to stand the test of time. What features and options should you consider to ensure it lasts? Security of system, data and supplies. Use of Biometrics. Adding a second factor, such as biometrics, to certain high security areas (IT, Research Lab, etc) can greatly increase your organization s security. Logical Access. Do you want to use your credential to log-on to workstations? Public Key Infrastructure (PKI). When considering PKI, storing the digital certificate on a Contact Smart Card is usually recommended, as it provides for portability. 10. Identification Systems Group A good source for your solution is a local dealer that is part of the Identification Systems Group (ISG). The ISG included 32 members that cover the USA and Canada. They are your local experts for identification technology. Strong local sales and technical support is provided by all dealers, and they share common products, knowledge and practices. ISG members are very unique in the industry. They provide local support, vast expertise and cost effective solutions. Your local ISG member can assist you in determining the best and most cost effective solutions to meet your needs. They are available for on-site presentations and consultation. To find your local ISG member, go to www.identificationsystemsgroup.com and enter your zip code in the Dealer Locator. About the author: Tom Stiles is the Executive Director of Identifications Group. He has 37 years of experience in the identification industry, including extensive work with the education market. Tom Stiles, Identification Systems Group 9600 North Locust Drive Kansas City, MO 64155 Phone: 816.582.1596 tstiles@identificationsystesmsgroup.com 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information