The New Heart of Security

Security Convergence and Identity become the foundation of digital transformation while COVID-19 transforms access governance

The physical security industry has before it an incredible opportunity: to lead business digital transformation (DX) through security convergence. Make no mistake about it, this is our latest inflection point. The emergence of the cloud and as-a-service platform economy have created a sense of urgency all the way up into the corporate boardroom. DX helps enterprises become increasingly customer focused and outward facing.

A Multitude of Industries

Organizations from all walks of life across a multitude of industries —banking, financial services, manufacturing, energy and utilities, transportation, life sciences and many more have realized the importance of bringing information from the operational aspects of the company to front of the house.

Security experts now agree that the most important aspects of security start with the identity of the people accessing applications and information related to the enterprise. Are they authorized? Do their privileges extend to transactional data? How long should access be granted? Who else can see the data? Are their connections secure from attack? And how can their access be turned off when they leave the organization? What about loT devices?

At the center of converged security is people, identity and trust. And in these unprecedented times, we need to know exactly where employees were, at what time and who they were with. The changing threat landscape, now with a contagion a constant, requires a new approach relying on health and safety access intelligence—all of which comes from a common identity platform.

Extending a single digital identity that can be authenticated across logical and physical environments at the enterprise has ramifications far beyond physical security. For users, it means unified cyber-physical security, greater productivity and the ability to focus on and leverage high-value tasks rather than time-consuming manual processing traditionally associated with identity access governance.

Instead of separate siloed departments simply coexisting and not interacting, security convergence brings together technologies from security, HR, IT and Operational Technology (OT), capturing and correlating threats and risk and addressing compliance and policy automatically. It creates a common identity across people and things, which also makes it easier and faster to engage customers and the workforce, create amazing experiences and offerings and level-up operations. It co-mingles with cyber controls, facilities technologies and even behavior analytics and risk profiles to mitigate risk holistically.

Data Says Users Want Convergence

Security convergence and digital transformation aren’t some pie-in-the-sky concepts anymore. C-Suite and facility executives who have been moving in this direction now know it’s imperative to embrace it as we respond and recover from COVID-19.

According to The State of Security Convergence in the United States, Europe and India, an ASIS Foundation Convergence Report published in fall 2019, some 35 percent of respondents said that convergence has smoothed the way to create a shared set of practices and goals across physical security, cybersecurity and business continuity teams. In 39 percent of cases, convergence has “clearly enhanced communication and cooperation.”

Prior to COVID-19 we also saw the following data points from the ASIS study: almost 80 percent of non-converged organizations acknowledge that convergence would strengthen their overall security function and 40 percent cited the desire to better align security strategy with corporate goals as the main catalyst for convergence. It’s likely those numbers are even higher today. Those who were already converging functions and digitally transforming probably find themselves much more prepared to respond to the pandemic and all the new facets now part of identity management and compliance.

Businesses already down the path of digital transformation have been able to pivot, survive, thrive and serve customers and protect their workforce during these disruptive times.

Enterprise security leaders now understand that the effects of a cyber breach, physical attack, manufacturing loss, or contagion on site far outweigh the costs of a holistic and converged system. Those who embrace the digital transformation will enable cohesiveness of systems and data, with the end result delivering proactive threat detection and prevention— a unified threat response to mitigate risk and greater situational awareness.

Identity Management With Muscles

Identity management software platforms integrate with HR programs and processes to bring together the human side of security, working in tandem to create a better and safer enterprise. Identity management with Identity Intelligence technology that incorporates artificial intelligence and machine learning can set risk scores, adding filters and exceptions to fiag, escalate and detect anomalies in access and even production processes. Active policy enforcement rules-based engines automatically identify policy violations and unauthorized access as well as operational and procedural issues. In addition, identification credentials automatically expire and are taken offiine when access is no longer granted, reducing risk from a disgruntled employee in-house.

The power of security convergence is most evident when it automates and detects seamlessly across more than one domain, like IT and physical security. Consider this real-world scenario: a utilities company employee enters the company through the main lobby, takes the elevator to his fioor and badges in to gain access through that level’s main door. He proceeds to his desk and signs into the company network to access his email. At the same time someone is using the identical access credentials remotely via the VPN. Obviously he can’t be physically present locally and remotely.

A converged platform detects the external intrusion by automatically identifying the access anomaly and allows security to immediately disable access, preventing a potential threat. Now, let’s put this in a COVID-19 context. With the pandemic and the return to work, modification to identity management is required for safety, company policy and compliance reporting. Workforce

Health and Safety access governance software solutions help organizations open safely in a frictionless, controlled and secure way by automating and enforcing COVID-19 related policies and procedures. Automated batch email/text notifications with self-service links send requests to the remote workforce for self-attestation and self-reporting offsite and enable access by the worker to the facility based on health, travel and other company policies. Physical security can help enforce health and safety policies through technology, including reminders, prompts, automation, self-attestation and more.

Here’s an example: An employee completes the self-reporting health and travel questionnaire, which triggers workflow based on answers. These health questionnaires collect data and document employee activity during lockdown, including infection, symptoms or exposure. The request routes to the manager for action and the workflow can be configured to specific needs.

Once the manager reviews the request, it is determined that based on the answers the employee is high risk and per policy his access will be revoked for 14 days while in quarantine. Enterprises administer the self-service process to view, edit and approve health exposure risks of the workforce and disable access based on policy.

When the quarantine period is over, the employee receives an automated notification to request reinstatement and the self-attestation questionnaire. The employee is cleared and requests to be reinstated, following work flows to provide supporting documentation, such as a medical discharge or physician’s letter. Access is reenabled and the employee is notified with instructions to come to work.

Health and Safety access governance and intelligence provides support for prescreening of the workforce during site entry with automated policy enforcements. Pre-registered and onsite visitors/ contractors check-in/check-out with prescreening, watch list and other checks prior to access. In the production or distribution facility, Health and Safety analytics track confirmed or potentially exposed COVID-19 workers, identify exposed areas for lockdown and/or sanitization, social distancing violation, location heat map and other actionable health and safety analytics.

Identity management also allows you to automate your communications and deliver clear expectations and procedures to your workforce, visitors and contractors pre-visit and onsite— adding to a seamless experience.

Real-time Active Enforcement

Technology like Identity Intelligence and the active policy enforcement rules-based engine automatically identify policy violations and unauthorized access. This allows security managers to proactively monitor and respond to security violations as well as operational and procedural issues. During the COVID-19 outbreak, this could include travel history to restricted countries or regions. Integration with travel and HR applications can detect when and where a person booked travel and has badged in, providing the enterprise the ability to build a solid risk profile of activity. If someone in the workforce recently visited a restricted location, security and HR teams can be automatically notified to disable badge access to help avoid exposure and potential transmission. In the scenario where someone in the workforce becomes sick they would be considered a high risk. Any requests for physical access to a facility would require special approval according to company and local or federal health authority policies.

With an outbreak, modification to the visitor experience is also required. It is the first point of contact and along with lobby and security staff is part of the front lines for safety. Enterprises can configure their Visitor Identity Management (VIM) system to provide clear communication of current policies during the outbreak, reinforcing WHO best practices. VIM can easily be configured to prompt guests to answer specific screening questions related to recent travel and sign off on legal documents.

Security is no longer simply about keeping bad guys out. Security has become the business enabler during the digital transformation. It’s now the fundamental component of protecting people and workspaces and identity stands at the center.

This article originally appeared in the September 2020 issue of Security Today.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3