Integration Ingenuity

Providing access control across different systems is imperative to meet compliance, regulations

IN a typical IT environment, heterogeneity is the standard -- in server operating systems, in database platforms and in software applications running on those servers. Mixed Windows®, Mac and UNIX/Linux environments, and all of the complications that come from supporting them, are a fact of life for almost all IT organizations. This situation will prevail as both Linux and Windows grow in the data center and more Java- and Web-based enterprise applications are deployed.

Organizations want heterogeneous servers and applications to be plug-and-play, so that IT does not have to spend time acting as a systems integrator or having to manually -- and expensively -- administer an ever-growing number of systems and applications individually.

Not surprisingly, achieving interoperability among the system and application platforms complicates life for IT managers. Organizations want heterogeneous servers and applications to be plug-and-play, so that IT does not have to spend time acting as a systems integrator or having to manually -- and expensively -- administer an ever-growing number of systems and applications individually. In addition, organizations want to leverage existing investments to get economies of scale, as budgets force the companies to do more with less. But most system and application vendors spend very little research and development efforts trying to make solutions play nicely with other, often competing, products.

The companies instead invest in an arms race by adding unique and differentiating features, and IT organization are left trying to manage islands of non-integrated computing infrastructures.

Leaving Systems As Is
Until recently, organizations dealt with the lack of cross-platform interoperability by leaving the islands of infrastructure as is and paying the overhead to administer systems in a separate and decentralized manner. Not only does the approach impact IT productivity, but it often forces end users to have multiple usernames and passwords for different applications, which can significantly impact the productivity and make the IT environment less secure, as passwords are often lost or stolen.

However, when it comes to managing and securing the heterogeneous and unintegrated environments, regulations, such as Sarbanes-Oxley, HIPAA and the payment card industry data security standard, call for standardized and centralized ways of controlling which users can access which systems, applications and data, and for auditing what those users did when they were granted that access.

Continuing to have separate and non-integrated mechanisms to centrally control access to key systems is no longer an option, as regulations clearly dictate that organizations should have a centralized mechanism to grant users appropriate access to corporate resources -- regardless of the platform that is being used. Some think only large, public companies need to meet the requirements. But, in fact, the requirements can be equally applicable to small retailers that accept credit cards comply with the payment card industry's data security requirements and that risk fines for failure to do so.

Different Paths
Faced with these issues -- compliance requirements; heterogeneous platforms; expensive, decentralized management; security vulnerabilities; multiple IDs and passwords per user; and pressure to reduce costs -- IT organizations have just a few paths to travel to reach a viable solution. Some of the paths include:

Do nothing and live with the balkanized environment. This short-term tactic is frequently accompanied by process or paper corrections. One company chose to solve the password change policy problem by having its administrators and developers sign an affidavit, asserting that they change their password on each system every 90 days. This hardly matches the intent of the law.

Many organizations feel forced into this situation while looking for a solution that fits a budget and doesn?t require intrusive changes to existing systems or business practices. The companies are willing to run the risk of being caught by regulators, or believe the money saved by delaying purchasing and implementing a solution will make up for any initial fines that may occur. Eventually, most organizations will have to understand potential fines will outweigh the savings from further delays and can cause negative publicity. Worse still is the security vulnerability the companies are exposing the organization to by not establishing the best practices prescribed by the regulations.

Try to implement an expensive and complex synchronization solution. Several existing identity management solutions leave existing systems in place and install solutions that map and synchronize user information and access rights between the various incompatible systems. There are a number of vendors to choose from in this category. But the approach has numerous problems

Extend an existing identity store to replace as many existing stores as possible. In this model, the goal is to select a central directory system that has a proven track record and a clearly defined future direction, and leverage that single identity system to replace and/or consolidate existing identity systems.

This option clearly makes the most business sense for solving the cross-platform identity management crisis. Consolidating and centralizing identity systems offers clear benefits in productivity, cost savings, security and reporting. The hard question to answer is: Which identity store has the potential to fill this need?

Active Identity
Given that active directory is an inseparable part of the Windows environment, and most organizations already have the system deployed, it is an ideal candidate for assuming the role as an organization's centralized identity system. Microsoft, however, focuses its efforts on the Windows platform and does not provide a comprehensive solution for embracing other platforms. This has led new identity management vendors, such as Centrify, to deliver solutions that extend active directory to platforms and applications that it does not natively support. Leveraging an existing active directory infrastructure also offers a cost-effective way to meet regulatory requirements within today's strained IT budgets.

IT organizations may be wary of leveraging a single directory for their enterprise access control needs, and it may be impractical to integrate a legacy identity system on a mainframe into a centralized environment. Still, a reduction in the islands of identity systems in the corporate network -- such as providing a single, integrated solution for Windows, UNIX, Linux and Mac -- can significantly improve end-user productivity, reduce operating costs, improve security and make it easier to meet regulatory requirements.

Regardless of whether you adopt synchronization or a strategy of embracing and extending an existing directory across the enterprise, it is essential to better integrate access control across heterogeneous systems to meet regulatory and compliance requirements. Regulations dictate organizations have a centralized mechanism to grant users appropriate access to corporate resources -- regardless of the platform that is being used. The security of organizations depend on it.

This article originally appeared in the November 2006 issue of Security Products, pg. 34.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3