Integration Ingenuity

Providing access control across different systems is imperative to meet compliance, regulations

IN a typical IT environment, heterogeneity is the standard -- in server operating systems, in database platforms and in software applications running on those servers. Mixed Windows®, Mac and UNIX/Linux environments, and all of the complications that come from supporting them, are a fact of life for almost all IT organizations. This situation will prevail as both Linux and Windows grow in the data center and more Java- and Web-based enterprise applications are deployed.

Organizations want heterogeneous servers and applications to be plug-and-play, so that IT does not have to spend time acting as a systems integrator or having to manually -- and expensively -- administer an ever-growing number of systems and applications individually.

Not surprisingly, achieving interoperability among the system and application platforms complicates life for IT managers. Organizations want heterogeneous servers and applications to be plug-and-play, so that IT does not have to spend time acting as a systems integrator or having to manually -- and expensively -- administer an ever-growing number of systems and applications individually. In addition, organizations want to leverage existing investments to get economies of scale, as budgets force the companies to do more with less. But most system and application vendors spend very little research and development efforts trying to make solutions play nicely with other, often competing, products.

The companies instead invest in an arms race by adding unique and differentiating features, and IT organization are left trying to manage islands of non-integrated computing infrastructures.

Leaving Systems As Is
Until recently, organizations dealt with the lack of cross-platform interoperability by leaving the islands of infrastructure as is and paying the overhead to administer systems in a separate and decentralized manner. Not only does the approach impact IT productivity, but it often forces end users to have multiple usernames and passwords for different applications, which can significantly impact the productivity and make the IT environment less secure, as passwords are often lost or stolen.

However, when it comes to managing and securing the heterogeneous and unintegrated environments, regulations, such as Sarbanes-Oxley, HIPAA and the payment card industry data security standard, call for standardized and centralized ways of controlling which users can access which systems, applications and data, and for auditing what those users did when they were granted that access.

Continuing to have separate and non-integrated mechanisms to centrally control access to key systems is no longer an option, as regulations clearly dictate that organizations should have a centralized mechanism to grant users appropriate access to corporate resources -- regardless of the platform that is being used. Some think only large, public companies need to meet the requirements. But, in fact, the requirements can be equally applicable to small retailers that accept credit cards comply with the payment card industry's data security requirements and that risk fines for failure to do so.

Different Paths
Faced with these issues -- compliance requirements; heterogeneous platforms; expensive, decentralized management; security vulnerabilities; multiple IDs and passwords per user; and pressure to reduce costs -- IT organizations have just a few paths to travel to reach a viable solution. Some of the paths include:

Do nothing and live with the balkanized environment. This short-term tactic is frequently accompanied by process or paper corrections. One company chose to solve the password change policy problem by having its administrators and developers sign an affidavit, asserting that they change their password on each system every 90 days. This hardly matches the intent of the law.

Many organizations feel forced into this situation while looking for a solution that fits a budget and doesn?t require intrusive changes to existing systems or business practices. The companies are willing to run the risk of being caught by regulators, or believe the money saved by delaying purchasing and implementing a solution will make up for any initial fines that may occur. Eventually, most organizations will have to understand potential fines will outweigh the savings from further delays and can cause negative publicity. Worse still is the security vulnerability the companies are exposing the organization to by not establishing the best practices prescribed by the regulations.

Try to implement an expensive and complex synchronization solution. Several existing identity management solutions leave existing systems in place and install solutions that map and synchronize user information and access rights between the various incompatible systems. There are a number of vendors to choose from in this category. But the approach has numerous problems

Extend an existing identity store to replace as many existing stores as possible. In this model, the goal is to select a central directory system that has a proven track record and a clearly defined future direction, and leverage that single identity system to replace and/or consolidate existing identity systems.

This option clearly makes the most business sense for solving the cross-platform identity management crisis. Consolidating and centralizing identity systems offers clear benefits in productivity, cost savings, security and reporting. The hard question to answer is: Which identity store has the potential to fill this need?

Active Identity
Given that active directory is an inseparable part of the Windows environment, and most organizations already have the system deployed, it is an ideal candidate for assuming the role as an organization's centralized identity system. Microsoft, however, focuses its efforts on the Windows platform and does not provide a comprehensive solution for embracing other platforms. This has led new identity management vendors, such as Centrify, to deliver solutions that extend active directory to platforms and applications that it does not natively support. Leveraging an existing active directory infrastructure also offers a cost-effective way to meet regulatory requirements within today's strained IT budgets.

IT organizations may be wary of leveraging a single directory for their enterprise access control needs, and it may be impractical to integrate a legacy identity system on a mainframe into a centralized environment. Still, a reduction in the islands of identity systems in the corporate network -- such as providing a single, integrated solution for Windows, UNIX, Linux and Mac -- can significantly improve end-user productivity, reduce operating costs, improve security and make it easier to meet regulatory requirements.

Regardless of whether you adopt synchronization or a strategy of embracing and extending an existing directory across the enterprise, it is essential to better integrate access control across heterogeneous systems to meet regulatory and compliance requirements. Regulations dictate organizations have a centralized mechanism to grant users appropriate access to corporate resources -- regardless of the platform that is being used. The security of organizations depend on it.

This article originally appeared in the November 2006 issue of Security Products, pg. 34.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.