Once again, this year’s Converged Security Centre at IFSEC will be showcasing solutions for managing security in a fast-changing world where the demands of working from home, together with increasing online attacks and global tensions, impact all other sectors and how they operate. Here, Sarb Sembhi and James Willison explore how converged security centres are essential in protecting both physical and IT access management solutions in a modern, connected environment.
Access management has become a much more complex field over the last decade and the acronyms you relate most to depend on which end of security you come from. But getting these access rights effective in a converged setting is critical to protecting which individuals have access, what they have access to, and what they can do to, or with, those assets.
Organisations using threat modelling to better manage any unauthorised access will need to work with many connected and related systems in a converged environment.
There are four main acronyms you are likely to come across:
It is also worth mentioning in a converged setting and especially where there may be many IoT devices, Mobile Device Management and IoT Device Management exist. Both of these are relevant for smart, integrated or connected buildings.
But, let’s take a look at each of the main terms in turn.
Identity and access management (IAM)
Identity and access management (IAM) has been around for many years and deals with the systems an individual’s identity permits them to access. Previously, this may just have been a username and password, which allowed you onto a single computer and the files and directories you were permitted to access. Today, it is far more complex, in than that it also includes applications and cloud-based services.
Privileged access management (PAM)
Privileged access management (PAM) is built upon the fact that not all access is equal. For instance, some types of access, such as administrator access, gives an individual control to manage the identity and access of others. Common examples may include: managing the identity and access of other uses on a database system, CRM system, development system or CCTV management system.
Privileged access is often considered as the keys to the kingdom “of the system” in question, because a user is able to control any aspect of it as the administrator. Since such access is so powerful, it is often protected with additional controls like two factor or multi-factor authentication – making it much harder for attackers to get that access.
Physical Access Control Systems (PACS)
Physical Access Control systems (PACS) are an internationally recognised process to identify and authorise people in an organisation so they can access property, assets and systems. It provides a foundation to ensure a person is allowed to enter and remain in an organisation or building. Typically it is restricted to physical assets and locations and can include biometrics. It is not used for network access.
Physical Identity and Access Management (PIAM)
Lastly, there is Physical identity and access management (PIAM). Once there may only have been one security operative to allow people into a building, and everyone had to sign in and out. Then there were identity cards, and next access cards. Today, it is often far more sophisticated than that.
Today’s PIAMs combine a lot of different systems to control access to restricted areas of a site, everything from the CCTV control room, through to the server rooms, to air conditioning control areas. Many PIAMS also integrate physical and logical access and provide the organisation with the ability to authorise personnel across to the site and the IT network.
This is particularly attractive to the banking sector and critical national infrastructure sites, as it affords effective real time monitoring of authorised access. In a smart building, systems may even identify a person by their car and image and direct them where to park as well as allocating them a hot-desk for the day.
Each of these access management systems serves a different purpose but protecting them in a smart environment is critical as they depend on each other. For example, an attacker using a fake identity access card may be able to get into a particular part of a building, giving them physical access to systems which control other systems.
These access management systems have always been about a person’s identity, however with smart environments different devices send and receive communication to and from other devices and systems. Further, the fact that there are often more devices and systems than the number of employees has meant that there is a requirement to control which devices can communicate with which systems and which protocols they can use.
For example, in a healthcare environment a mobile X-ray machine may be permitted to connect to the patient record system, as well as the payment system and even the hospital’s admin system, but should it also be allowed to connect to individual mobile phones?
In a manufacturing site should the forklift truck be permitted to connect to car in the car park? Or should the thermostat on the third floor be able to be controlled by a different tenant on the seventh floor?
The converged security centre in action at IFSEC 2022
With the rapid growth of IoT devices in organisations managing the physical and digital identity and access of people and devices, it is critical to safeguard physical and virtual assets. In a Converged Security Centre, your security teams can truly understand who has access to your critical tangible and intangible assets in real time and make a decision on how to respond. They can assess the developing situation and either suspend a pass or end a VPN connection, and lock out the criminal.
Why not join us at this IFSEC on the Converged Security Centre, powered by Advancis, and discuss this and many other emerging issues on managing today’s work environments?
Richard McClellan, Director at Advancis, added: “Identity and Access are a fundamental and integral part of all our lives, whether authenticating via biometrics into your mobile banking app, logging on to your company domain or accessing a building with your ID card. Security and maintaining integrity are crucial in preventing identity theft and fraud.
“In the Converged Security Centre at IFSEC this year we will be showcasing how the convergence of different access and identify technologies with physical, logical and cyber solutions can aid maintaining that integrity of identity and increase security.”
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
