The New Heart of Security

Security Convergence and Identity become the foundation of digital transformation while COVID-19 transforms access governance

The physical security industry has before it an incredible opportunity: to lead business digital transformation (DX) through security convergence. Make no mistake about it, this is our latest inflection point. The emergence of the cloud and as-a-service platform economy have created a sense of urgency all the way up into the corporate boardroom. DX helps enterprises become increasingly customer focused and outward facing.

A Multitude of Industries

Organizations from all walks of life across a multitude of industries —banking, financial services, manufacturing, energy and utilities, transportation, life sciences and many more have realized the importance of bringing information from the operational aspects of the company to front of the house.

Security experts now agree that the most important aspects of security start with the identity of the people accessing applications and information related to the enterprise. Are they authorized? Do their privileges extend to transactional data? How long should access be granted? Who else can see the data? Are their connections secure from attack? And how can their access be turned off when they leave the organization? What about loT devices?

At the center of converged security is people, identity and trust. And in these unprecedented times, we need to know exactly where employees were, at what time and who they were with. The changing threat landscape, now with a contagion a constant, requires a new approach relying on health and safety access intelligence—all of which comes from a common identity platform.

Extending a single digital identity that can be authenticated across logical and physical environments at the enterprise has ramifications far beyond physical security. For users, it means unified cyber-physical security, greater productivity and the ability to focus on and leverage high-value tasks rather than time-consuming manual processing traditionally associated with identity access governance.

Instead of separate siloed departments simply coexisting and not interacting, security convergence brings together technologies from security, HR, IT and Operational Technology (OT), capturing and correlating threats and risk and addressing compliance and policy automatically. It creates a common identity across people and things, which also makes it easier and faster to engage customers and the workforce, create amazing experiences and offerings and level-up operations. It co-mingles with cyber controls, facilities technologies and even behavior analytics and risk profiles to mitigate risk holistically.

Data Says Users Want Convergence

Security convergence and digital transformation aren’t some pie-in-the-sky concepts anymore. C-Suite and facility executives who have been moving in this direction now know it’s imperative to embrace it as we respond and recover from COVID-19.

According to The State of Security Convergence in the United States, Europe and India, an ASIS Foundation Convergence Report published in fall 2019, some 35 percent of respondents said that convergence has smoothed the way to create a shared set of practices and goals across physical security, cybersecurity and business continuity teams. In 39 percent of cases, convergence has “clearly enhanced communication and cooperation.”

Prior to COVID-19 we also saw the following data points from the ASIS study: almost 80 percent of non-converged organizations acknowledge that convergence would strengthen their overall security function and 40 percent cited the desire to better align security strategy with corporate goals as the main catalyst for convergence. It’s likely those numbers are even higher today. Those who were already converging functions and digitally transforming probably find themselves much more prepared to respond to the pandemic and all the new facets now part of identity management and compliance.

Businesses already down the path of digital transformation have been able to pivot, survive, thrive and serve customers and protect their workforce during these disruptive times.

Enterprise security leaders now understand that the effects of a cyber breach, physical attack, manufacturing loss, or contagion on site far outweigh the costs of a holistic and converged system. Those who embrace the digital transformation will enable cohesiveness of systems and data, with the end result delivering proactive threat detection and prevention— a unified threat response to mitigate risk and greater situational awareness.

Identity Management With Muscles

Identity management software platforms integrate with HR programs and processes to bring together the human side of security, working in tandem to create a better and safer enterprise. Identity management with Identity Intelligence technology that incorporates artificial intelligence and machine learning can set risk scores, adding filters and exceptions to fiag, escalate and detect anomalies in access and even production processes. Active policy enforcement rules-based engines automatically identify policy violations and unauthorized access as well as operational and procedural issues. In addition, identification credentials automatically expire and are taken offiine when access is no longer granted, reducing risk from a disgruntled employee in-house.

The power of security convergence is most evident when it automates and detects seamlessly across more than one domain, like IT and physical security. Consider this real-world scenario: a utilities company employee enters the company through the main lobby, takes the elevator to his fioor and badges in to gain access through that level’s main door. He proceeds to his desk and signs into the company network to access his email. At the same time someone is using the identical access credentials remotely via the VPN. Obviously he can’t be physically present locally and remotely.

A converged platform detects the external intrusion by automatically identifying the access anomaly and allows security to immediately disable access, preventing a potential threat. Now, let’s put this in a COVID-19 context. With the pandemic and the return to work, modification to identity management is required for safety, company policy and compliance reporting. Workforce

Health and Safety access governance software solutions help organizations open safely in a frictionless, controlled and secure way by automating and enforcing COVID-19 related policies and procedures. Automated batch email/text notifications with self-service links send requests to the remote workforce for self-attestation and self-reporting offsite and enable access by the worker to the facility based on health, travel and other company policies. Physical security can help enforce health and safety policies through technology, including reminders, prompts, automation, self-attestation and more.

Here’s an example: An employee completes the self-reporting health and travel questionnaire, which triggers workflow based on answers. These health questionnaires collect data and document employee activity during lockdown, including infection, symptoms or exposure. The request routes to the manager for action and the workflow can be configured to specific needs.

Once the manager reviews the request, it is determined that based on the answers the employee is high risk and per policy his access will be revoked for 14 days while in quarantine. Enterprises administer the self-service process to view, edit and approve health exposure risks of the workforce and disable access based on policy.

When the quarantine period is over, the employee receives an automated notification to request reinstatement and the self-attestation questionnaire. The employee is cleared and requests to be reinstated, following work flows to provide supporting documentation, such as a medical discharge or physician’s letter. Access is reenabled and the employee is notified with instructions to come to work.

Health and Safety access governance and intelligence provides support for prescreening of the workforce during site entry with automated policy enforcements. Pre-registered and onsite visitors/ contractors check-in/check-out with prescreening, watch list and other checks prior to access. In the production or distribution facility, Health and Safety analytics track confirmed or potentially exposed COVID-19 workers, identify exposed areas for lockdown and/or sanitization, social distancing violation, location heat map and other actionable health and safety analytics.

Identity management also allows you to automate your communications and deliver clear expectations and procedures to your workforce, visitors and contractors pre-visit and onsite— adding to a seamless experience.

Real-time Active Enforcement

Technology like Identity Intelligence and the active policy enforcement rules-based engine automatically identify policy violations and unauthorized access. This allows security managers to proactively monitor and respond to security violations as well as operational and procedural issues. During the COVID-19 outbreak, this could include travel history to restricted countries or regions. Integration with travel and HR applications can detect when and where a person booked travel and has badged in, providing the enterprise the ability to build a solid risk profile of activity. If someone in the workforce recently visited a restricted location, security and HR teams can be automatically notified to disable badge access to help avoid exposure and potential transmission. In the scenario where someone in the workforce becomes sick they would be considered a high risk. Any requests for physical access to a facility would require special approval according to company and local or federal health authority policies.

With an outbreak, modification to the visitor experience is also required. It is the first point of contact and along with lobby and security staff is part of the front lines for safety. Enterprises can configure their Visitor Identity Management (VIM) system to provide clear communication of current policies during the outbreak, reinforcing WHO best practices. VIM can easily be configured to prompt guests to answer specific screening questions related to recent travel and sign off on legal documents.

Security is no longer simply about keeping bad guys out. Security has become the business enabler during the digital transformation. It’s now the fundamental component of protecting people and workspaces and identity stands at the center.

This article originally appeared in the September 2020 issue of Security Today.

Featured

  • CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

    CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

    The Cybersecurity and Infrastructure Security Agency (CISA) recently announced the kickoff of the 20th Cybersecurity Awareness Month. Throughout October, CISA and the National Cybersecurity Alliance (NCA) will focus on ways to “Secure Our World” by educating the public on how to stay safe online. Read Now

  • Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

    October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum. Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3