Seven Superior Steps

Enterprises are challenged with having to deal with many categories of identities who need access to myriad of systems and resources that could be geographically dispersed across locations

Today’s instant economy requires that more of a company’s business processes be open to external stakeholders. Employees, contractors, vendors, partners, service providers and visitors all need access to particular assets, facilities and resources within the enterprise. But how much access is too much? And, if granted, how much risk is the company taking? To ensure that commercial transactions and internal operations remain up and running at all times, successful and secure enterprises track the individuals in each of these classes as identities.


Most organizations today rely on the corporate security department to manage policies on how much physical access to facilities zones and assets should be granted to each identity. Separately, the IT department manages access to the information systems. Regardless of the diligence of these departments, changes to the status of individuals is rarely correlated on a timely basis between the IT and physical security data silos. Full-time employees may leave the company, change jobs or move to new locations. Contractors may become permanent employees, complete their projects or be replaced. There is seldom an integrated and up-to-date profile on how much access has been granted and what happens when an individual’s status, class or category changes.

The added dimension of constant changes in the workforce, or the types of individuals needing short term temporary access makes it a lot harder to manage. Often times these processes are disjointed and decentralized making it impossible for business managers to know how much risk the organization is taking. Unbeknownst to managers granting access in one area of the company, they may potentially create huge risks in another part of the company.


The majority of today’s key business processes are automated. IT manages the underlying applications for these processes. Security practices relating to application and database access and authorization are tracked by IT security personnel. However, this tracking is rarely coordinated with physical security staffs who are tasked with protecting the facilities and physical assets and who are responsible for managing building access. Further, there is often a lag before status changes noted in HR systems are reflected in IT and physical security systems. Here lies vulnerability. Imagine a disgruntled employee in a two-week termination notice period. The employee may access the data center outside their normal hours and systematically download more information in one night, to an external drive, than they ever had in the prior two years. This often repeated scenario can trigger potentially devastating damage to the company from loss of data, trade secrets or confidential information. Detecting such an event, much less preventing it, is very difficult without correlating the employee’s activity across the information systems, the physical access control (badge access systems) and HR management systems.

Today’s top threats in the workplace can be linked to a lack of integrated identity systems that extend across the enterprise.


Many enterprise functions, from HR to finance to parking, are tasked with ensuring security. However, few are enabled to do so, or feel that it is someone else’s responsibility.

Examples of user/stakeholder functions are generally impacted by security decisions. All these enterprise functions need to access a variety of systems to accomplish their tasks. Some of these systems are managed by IT, some are managed by corporate security, and others are managed by operations. The systems have been established over time to efficiently perform the tasks for which they are responsible. Obviously, someone that is a visitor to an organization is not going to get carte blanche access to all the areas inside the corporate facilities.

Similarly, we do not want to grant contractors, who are on short term assignments, permanent access to facilities. Since many organizations deal with these actions manually, the policies within the same company about who can access what types of systems or facilities often vary from site to site. Policies not applied uniformly lead to higher risk.


PIAM software has evolved to resolve these issues, delivering a solution that addresses the entire extended enterprise. This Physical Identity Management software must deliver capabilities beyond just onboarding and offboarding. Modern and effective PIAM software must be comprised of four key building blocks:

Basic PIAM capabilities: Converged logical-physical on-boarding and offboarding.

  • Self-service access request handling: extending the capabilities across the enterprise.
  • Access certification and audit of access granted: Is it still relevant and still secure.
  • Identity intelligence: learning access patterns over time and identifying anomalies.


In addition to taking stock of all the existing applications and systems that need to be integrated, there is the organization challenge of bridging cultural gaps across various departmental entities within the same organization. Many of these entities, until now, did not have to consider the impact of security decisions on other departments.

A seven-step approach streamlines the process of deploying Physical Identity and Access Management. Each step is a unique capability that differentiates AlertEnterprise from all other providers in the market.


A modern PIAM solution delivers a bundle of features includes a comprehensive Corporate Badging solution to leverage a dynamic connector framework for realtime integration with multiple Physical Access Control Systems (PACS) such as Lenel, Honeywell, AMAG and many others.

Additionally, full integration with IT applications from Microsoft, SAP, Oracle and many others delivers reliable and secure data transfer with HR, Identity Management, Directory Services (Active Directory, LDAP, etc.). OT integration enables access assignment and monitoring across various SCADA/Industrial Control Systems, providing complete IT-OT-Physical convergence.

This capability enables full control of the target PACS systems including Create Badge, Disable Badge, Print Badge, and Badge Designer functionality. Additional capabilities of assigning roles-based area access and door-by-door access authorization, regardless of the PACS vendor make the PIAM software a powerful tool for operational security.

PIAM capabilities include:

  • Support for all major access control vendors
  • Built-in integration with directory services like AD and LDAP
  • Perfect integration with enterprise applications like HR, IAM and others


A fully converged solution enables corporations to manage identities for employees, contractors and visitors, while providing complete identity governance capabilities, together with management of IT and OT roles, and Physical Access Authorizations. A full identity lifecycle can be managed, along with role-based access assignments, workflow automation, access certifications and transaction authorizations. Unified “Area Administrator,” User Self-Service and Delegated Administration views further enhance the feature set.

Key capabilities include:

  • Common identity for logical and physical identities
  • Identity lifecycle management with automated workflow
  • Access certification and authorization: logical and physical
  • Contractor management and visitor management capabilities
  • IT roles, OT roles and physical access authorizations


A built-in controls repository houses controls for compliance with multiple regulations and company policies. Automatic verification of training and background certification allows rules to be enforced. In the event requirements are not met, physical access can be automatically revoked.

Compliance and Active Policy Enforcement features enable organizations to meet regulatory requirements easily. In addition, organizations can now easily enable roles-based and individual user-based access to critical assets based on user profile attributes. Most PIAM solutions lack this capability.

Key capabilities include:

  • Regulatory compliance requirements
  • Validate training and certification systems
  • Roles-based access to critical assets—dynamic update upon role change

Automated notifications allows the software to ascertain if requested access meets regulatory compliance or company policy requirements, and then notify security managers.


PIAM software needs to be designed to scale to hundreds of thousands for users for large enterprises and government applications. A major government agency uses our software worldwide to globalize their deployment, cover eighteen time zones across the globe and unify security policies across 200 countries. Our solution is fully scalable, and supports geographically dispersed deployments.

High availability as well as enterprise fail-over and backup capabilities rely on the most flexible technology architecture for an enterprise-class platform. Database, operating system and other component technologies are interchangeable and can support specific requirements that organizations may choose mandate.

Key capabilities include:

  • PACS globalization
  • Aggregated reporting
  • Powerful yet flexible technology platform


Recent incidents such as the Target Corp. data breach and the PG&E substation physical attack have underlined the need for holistic security to close the gaps between IT and physical security of critical assets. AlertEnterprise enables organizations to fully integrate their IT systems with OT, not only for unified provisioning but also for monitoring and correlation of blended threats. IT and OT administrators should be able to easily define and enforce these policies.

IT-OT convergence delivers role-based and user-based access:

  • Roles that should have corporate access and authorizations.
  • Roles that should have sensitive area access and authorizations.
  • Roles that have OT system access, combined with IT Access..


Purpose-built Risk Analytics and Risk Management features provide capabilities not available in traditional badging solutions. AlertEnterprise can leverage user attributes, access patterns, and policy violations to calculate risk scores for individual users. Our solution automatically detects anomalies and sends alerts on exceptions. Combined with customizable reports and dashboards, and a dynamic reports designer, enterprises can leverage this capability to address hard-to-find insider threat vectors and indicators of compromise.

Key capabilities include:

  • Risk scoring attributes
  • Access behavior monitoring
  • Anomaly detection
  • High-risk individual accessing high risk area


As organizations focus cybersecurity measures on protecting their network perimeters, attackers are starting to test new and previously untapped vulnerabilities in corporate armor. This often includes cyberattacks on PAC system components, and even video surveillance/CCTV systems. The next era of the hybrid attack is here and it is imperative to address the blended threats that exist across the silos of IT, OT (Operational Technology, SCADA, ICS and IoT) and Physical Security. Consequently, enterprises are increasingly concerned about their PACS being vulnerable to cyberattacks.

Key capabilities include:

  • Monitor PACS privileged user or administrator activity
  • Alerting on unauthorized configuration changes
  • Alerting when badges or identities are created in the PACS back end bypassing standard procedures.


Implementing a converged logical and physical security solution can be a complex task with many moving parts. It is important to select a solution that can address all of the seven steps outlined above. Having a solution that will scale to the needs of the enterprise is key to future proofing your security.


Many large enterprises, multinational corporations and government institutions operate multiple facilities that include owned buildings, leased properties and plant operations that extend across cities, states and countries. Many of these facilities operate Physical Access Control Systems that were procured over long periods of time, owned by landlords, or acquired as a result of company mergers.

Guardian Physical from Alert Enterprise is a PIAM software solution designed to meet all the criteria outlined here. It establishes a common operating environment and extends all the benefits of common identity management across multiple PACS, buildings and geographies. It uniquely leverages all existing access control systems by overcoming limits on the number of users a system can support and by converting native systems to completely scalable enterprise systems with common provisioning and reporting across systems and multiple vendors.

This article originally appeared in the March 2016 issue of Security Today.


  • CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

    CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

    The Cybersecurity and Infrastructure Security Agency (CISA) recently announced the kickoff of the 20th Cybersecurity Awareness Month. Throughout October, CISA and the National Cybersecurity Alliance (NCA) will focus on ways to “Secure Our World” by educating the public on how to stay safe online. Read Now

  • Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

    October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum. Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3