More and more companies are marrying their physical and logical security environments to improve efficiencies, reports Alan Earls.
Nick Nikols, CTO at Quest Software, a data protection vendor based in Aliso Viejo, Calif., says many organizations have kept their physical and logical access management separated, often leaving the logical security to the IT staff and entrusting the physical aspect to the facilities department or to guards. But, that's a formula for disaster, he says. Such practices can lead to a number of potential problems, such as physical access cards still remaining active long after an employee has been fired, simply because a mechanism was not employed to update the physical access system when the employee was processed for termination in the HR system. “Also,” says Nikols, “with this separation, it is nearly impossible to manage physical access at a finer granularity, such as by the individual's role.”
Since much of the decision-making for both logical and physical access management really stems from understanding the actual identity of individuals, he says it also makes sense to integrate these environments to leverage a common identity infrastructure. “There can be tremendous cost savings – by eliminating duplicate processes and infrastructure,” Nikols says. Furthermore, integration can greatly improve defenses by enabling better, more real-time access enforcement.
While experts, vendors and organizations have a variety of experiences and views on the topic, physical and logical integration is at the forefront of thinking in many organizations. For instance, in the Los Angeles Police Department, the Counter Terrorism and Special Operations Bureau recently migrated from a microwave-based analog system of mobile surveillance cameras to an IP-based digital system. The change not only provided improvements in “on the spot” capabilities – in terms of running more cameras in a given location with less complexity for law enforcement personnel – it also provided a new level of connectivity, data storage and analysis.Now, the cameras stream encrypted data to a server at the command post where it can be handled securely, like any other media, and be made available to multiple users in real time.