Shifting Focus
Cloud-based mobile access shifts beyond security to trust and identity-aware intelligence
- By Darren Learmonth
- Feb 01, 2018
Organizations are changing how they look at
security as users employ mobile devices for
everything from opening doors to accessing
information and services. The availability of
wireless connections, mobile communication
networks and cloud-based architectures
is transforming what once was a narrowly-focused mission
aimed at barring unauthorized access. Instead, the focus
increasingly is on the broader challenges of adding trust to
systems, services and physical environments while making
them “identity-aware,” so organizations can optimize processes
and efficiency while delivering the best possible user
experience.
This evolution beyond a focus exclusively on security to the
broader concept of trust is manifesting itself in several ways.
First, the use of trusted IDs on mobile devices does, indeed, improve
security as compared to using only physical ID cards. Second,
these mobile IDs are creating new ways to bridge the gap
between and among workers, smarter buildings and an Internet
of Trusted Things (IoTT). Third, mobile IDs that leverage cloudbased
architectures open the door to deep learning and other
technologies that will enable intention detection while improving
predictive analytics.
Relationship Between Trust and Security
Today’s technologies allow physical access control providers to
move from on premise to cloud-based access control. An increasing
number of traditional PACS headend system providers
have started moving their solutions into the cloud with mobile
ID capabilities, as a complement to their traditional access control
offerings. These solutions offer the most secure way to add
trust to identities in today’s increasingly digital world. All transactions
related to issuing, managing and presenting mobile IDs
using smartphones are conducted in a closed-circuit environment
protected by end-to-end encryption. Trust is further reinforced
because mobile IDs can be issued, updated and revoked
anytime and anywhere that there is an internet or telecommunications
networks.
Beyond applications in physical access control, mobile phones
are also being used as handheld validation devices or “authenticators”
for verifying online access — a mobile app is combined
with public key-based cryptography and push technology to create
a new experience for corporate VPN access. These solutions
provide added security that is far more intuitive and user-friendly
compared to traditional methods of authentication. Ultimately,
these authentication solutions can be more broadly used to help
increase cybersecurity for healthcare providers and digital business
and enterprises while improving employee satisfaction.
Meanwhile, cloud hosting allows for continuous threat monitoring
and vulnerability scanning, and provides various other privacy-
preserving features. Cloud-based access control also presents
the very real opportunity to create trusted, identity-aware
and truly seamless access environments and experiences for end
users, where cloud-based platforms for access control become the
backbone to incorporate a range of existing, new and emerging
technologies.
Connecting Workers,
Spaces and Things
Trusted mobile IDs bridge the gap between smart buildings, the
Internet of Things (IoT) and connected workers. They integrate disparate systems at lower cost and with better ROI than other
approaches while enhancing monitoring and delivering a better
experience as people enter, navigate and interact with buildings
and their services.
Among the most popular new applications to take advantage
of mobile ID capabilities is energy management, combining access
control and the IoT to help facility managers more efficiently
control HVAC systems. As people use their smart cards or smartphones
to enter or exit a suite or common area, their trusted identities
are used to automatically adjust environmental settings.
Today, trusted identities are used with proximity and real-time
location services so organizations can confirm when personnel
are near a given area for use cases like automatically logging employee
check-ins and check-outs and for managing room occupancy
to comply with health and safety regulations. In the future,
people will be able to use a smart card or phone to book rooms,
auto-configure audio-visual equipment and share their locations
in real time for emergency mustering and safety alarms.
Cloud maintenance management software (CMMS) applications
leverage the combination of mobile devices, cloud authentication
services and trusted tags that are affixed to company assets
to streamline and improve efficiency.
Technicians tap the tags with their mobile devices to authenticate
to and access the CMMS application, acquire information
and perform all tasks in a trusted authentication environment.
This model is also ideal for “proof of presence” applications
guard tour management, combining trusted IDs with cloudbased
authentication so that users can simply tap a phone to a
trusted tag to prove they were there and completed assigned tasks.
Many organizations start their path to these applications by
deploying mobile-ready Bluetooth Low Energy (BLE) readers
that support a combination of physical ID cards and mobile IDs
on smartphones, as well as older card technology during the transition.
Some organizations are moving directly to a mobile-only
ID model to open doors, connect to networks, and interact with
smart buildings and services, while others are laying the foundation
for adding these capabilities in the future. The initial impetus
for upgrades is typically a desire to replace earlier lower-security
ID cards. However, organizations quickly embrace the robust capabilities
of advanced smart card technology and mobile IDs on
smartphones as they begin equally focusing on adding multiple
applications to a single credential for a more efficient, connected
and enjoyable workplace.
Many other capabilities will emerge as trusted identities are
used in ways that are contextually aware, continuous and truly
seamless, while also delivering actionable intelligence.
Leveraging Identity Intelligence
Mobile devices used for physical access control will be increasingly
connected to the cloud, and a variety of data will be consolidated
to drive deep learning and improve analytics. Data will
come from sources ranging from virtual/digital identities, mobile
access systems, video streaming and biometrics to IoT applications,
BLE sensors and location services. This data will be coupled
with advanced analytics to provide services such as intention
detection for a more seamless, secure and connected user experience.
Within this trusted environment it will be possible to anticipate,
respond to and interact with users based on their unique
identity and behaviors.
Consider today’s end-to-end ecosystems that combine the
power of BLE beacons, BLE-to-WiFi gateways and a cloud service
portal to collect, aggregate and manage real-time data about
the location of the workforce throughout a facility. This same
data can also enable organizations to leverage actionable identity
analytics. With a combination of trusted identities and real-time
location services, organizations can monitor room usage in real
time and benefit from deeper analytics around personnel movements
for better insights about how to optimize usage of facilities,
common areas and individual rooms. These insights help
ensure safety, compliance and security in a much more holistic
manner than was previously possible.
Another example is CMMS, cloud-based equipment monitoring
services and other asset-management applications. The ability
to understand the real-time location and the past and present
condition of critical equipment, assets and other items helps
organizations shift from a reactive or prescriptive approach to
maintenance to a more predictive and streamlined approach to
optimizing operations.
Trusted mobile IDs facilitate this, delivering increased visibility
into equipment performance using multiple data points so
organizations can monitor and react quickly to critical events,
and leverage predictive and actionable analytics in a meaningful
format for optimal asset performance. They also help determine
the health and predict failure of these assets while also leveraging
powerful policy engines to quickly identify potential issues
and provide alerts so that organizations can take action to reduce
downtime.
Predictive analytics has already been proven in access control
applications. Today’s physical identity and access management
(PIAM) software solutions allow organizations to prevent
possible threats based on contextual data analysis. Logged data
from multiple security devices and systems is transformed into
critical knowledge and actionable “indicators of compromise”
that not only help organizations save on their operational expenditures
but also trigger automated, preventive actions for a
possible threat. The same concept will be applied to mobile access
and enhance the user experience as identity data is used to
authenticate people and their credentials, analyze their intent,
and grant access based on risk profiles and other real-time permission
parameters.
Combining mobile IDs with IoT applications and other
technologies using trusted identities promises to simplify systems
and applications. It offers the opportunity to improve all
aspects of operations – from opening doors and accessing data,
networks and cloud applications, to how organizations manage
assets and streamline processes while creating a better user experience.
Moving forward, security will continue to be embedded
more seamlessly and imperceptibly into trusted, hyper-connected
IoT ecosystems that leverage identity data to deliver valuable
new capabilities.
This article originally appeared in the February 2018 issue of Security Today.