Dissecting the Advantages

Realizing the cost benefits for small- and medium-size businesses

• By Don Campbell
• Feb 01, 2017

Physical identity access management (PIAM) solutions have changed the way leading organizations approach security. In recent years, advances in PIAM software and related technologies have not only improved the accuracy and capabilities of these powerful systems, but they have also brought the cost within reach of small- and medium-sized businesses. Now, mobile access and management of PIAM systems capabilities are opening up a new way for organizations to further increase their productivity and speed up responses to system alerts.

Here are four advantages of mobile PIAM that offer organizations new capabilities for improving their security posture.

Convenience

Security staff has a wide variety of important tasks to accomplish, and that not all of these activities take place at their desks. Instead, staff can be on the move throughout the day, involved with supervision, training, inspections, and many other tasks in the course of their work. If access to the PIAM system was only available at the security office, then it would only be possible to update the system with new information, or take action on approval requests, from that location. This limitation could mean that important updates would be delayed until an officer with the information returns at end-of-shift, or until they could be relayed to a staff member who is actually in the office.

Providing access to the PIAM system through a mobile device provides a much higher level of convenience. Mobile access lets them accomplish relevant system tasks from any location at the time they find the need. For example, reporting lost badges or lost and found items. Mobile access also lets them respond immediately to time-sensitive system tasks, such as responding to system alerts or approving or denying access requests.

Thus, the convenience of mobile access is not just a ‘feelgood’ benefit—there is a real positive impact on productivity and effectiveness.

Improved Security

In the past, security forces shared information at daily briefings, through reports, and other traditional methods. Today, a mobile security force may still start their shift with a daily briefing, but that force relies upon many more information updates during the day to understand the ever-changing current situation and shifting priorities, and to manage developing needs and incidents.

If such security officers have real-time access to the PIAM system, then they will have access to the most up-to-date status and relevant information, leading to an improved level of security. And, officers that are so equipped can make decisions and take actions with confidence, thereby improving their effectiveness.

As an example, it is still relatively common for security guards at entrances to sports facilities, outdoor festivals, construction sites, and similar situations to rely on physical lists of authorized visitors that are used to control entry and access to these sites. This low-tech approach appears to save money but exposes the organization to glaring security gaps. And, because the lists are prepared in advance, it is difficult to update them, categorize visitors with different access levels, correct errors, and so on. These time lags are not just inconvenient—they actually create security risks and interfere with the ability of the security guards to do their jobs.

With mobile PIAM, these security risk loopholes are closed. PIAM solutions ensure identities are properly vetted and authenticated before issuing a credential or allowing access. The same policies and procedures of authentication and verifying are extended into the mobile environment. For example, as part of an event registration process, attendees might be required to upload a photo ID. When their temporary event credential is issued, it would include a barcode and when scanned, the profile of the person quickly appears on the mobile device of security staff. In this way, security staff can quickly confirm that the person presenting the credential is the authorized person. Color coding on the mobile device can also help with rapid vetting. For example— by providing a green for approved—security simply verifies the photo matches the person and allows entry. If orange or red appear on their device upon scanning, they can take the necessary precautions and deny entry.

Greater Efficiency

Even with improved security, many organizations will not be satisfied with a solution that slows down established processes or extends wait times. Mobile PIAM is one of those rare solutions that delivers on both counts, providing improved speed and ease of access while also delivering stronger security. The flexibility offered by mobile PIAM also delivers efficiencies and convenience for updating identities and access privileges. Rather than having to go to a desk to add or remove an identity from a PC, authorized employees can make changes directly from their phone or tablet.

As an example, at the 2016 Summer Games held in Rio, Brazil, mobile PIAM was deployed to manage the identities and track the movements of approximately 500,000 credentialed individuals, allowing them to come and go from the various venues. During the events, security and event staff used handheld devices to verify identities nearly 3 million times, ensuring that every badge was authentic. By connecting to the PIAM system, all of these mobile devices were assured of having the latest, up-to-theminute information, and discrepancies could be investigated and resolved immediately.

In all, the solution deployed at the Games flagged about a dozen problems with badges, most of which were minor, as well as one more serious incident in which a number of people attempted to falsify others’ credentials to enter a basketball game. Thanks to the software and mobile capabilities, these anomalies were caught instantly.

Actionable Intelligence

As mentioned earlier, PIAM software uses risk profiles to analyze data from physical security and logical/IT systems across an organization. Using this analysis, PIAM systems can detect and identify irregular behaviors based on set policies and parameters that have been predetermined by management. If a behavior anomaly is identified, the PIAM software provides an alert to security management with the information they need to investigate and if appropriate, take action. Mobile PIAM takes this one step further to deliver alerts in real time to the designated security staff, including not only management, but also to security officers in the field and on site.

As an example, consider what might happen if an individual is using credentials to enter restricted areas they are not authorized to access. A PIAM software system could correlate these events and alert security to look for abnormal network activity. If the flagged physical and IT access activities are connected, security can immediately and automatically respond by deactivating the individual’s ID badge and access privileges to company digital information.

A mobile alert can also be sent to the security officers on duty to investigate and take appropriate action, such as removing the person from the premises, or detaining the individual until police arrive. In either case, providing the officers on scene with access to the PIAM system information equips them to better evaluate the situation and take appropriate actions. As advanced PIAM solutions continue to improve their ability to detect anomalies and provide actionable intelligence, it becomes ever more important to get that intelligence quickly into the hands of the security staff that will put it to use. Mobile PIAM offers a powerful, efficient and cost-effective way for organizations to capitalize on the strengths of PIAM from anywhere, at any time.

This article originally appeared in the February 2017 issue of Security Today.