Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

Integrated Systems: An Identity Management Primer

By John Aisien
March 16, 2006
Security convergence brings together physical and logical security with identity management becoming essential in all facility and computer access controls.


A growing and important subset of security, identity management is gaining momentum. As network security evolves beyond securing traditional physical network domains, and as internal security threats and regulatory compliance become even greater challenges, enterprises and their chief security officers are giving identity management technologies a closer look.

Identity and access management (IdM) technology, best practices and integrated security architectures provide enterprises with a means to control who has access to what. Specifically, identity management software tools provide intelligence and visibility into which employees have access to what applications, systems, doors and data and who approved that access. Organizations can then centralize and automate the provisioning and control of access across the organization.



What to look for

When evaluating identity management providers and technologies, there are a few key considerations. At a high level, it is important to select an enterprise-class solution. Many deployments fail because the technology solution is not comprehensive or flexible enough. The solution should have the built-in adaptability necessary to extend across heterogeneous business processes and managed platforms that make up the largest enterprise.

Beyond these architectural parameters, the selected technology vendor or integrator should have demonstrable experience with implementations for global organizations and deployment case studies. The technology itself should undoubtedly meet the toughest IdM challenges. At the top of this list are insider security threats, external threats and compliance automation.



Internal threats

The insider still poses the greatest security risk. Security must establish policies that proactively identify and eliminate users that have amassed toxic combinations of access entitlements or rogue privileges across applications that contain sensitive data. The identity management system must then facilitate automated policy enforcement.

The solution should also incorporate business role management capabilities to define business relationships that exist within a department or division across the extended enterprise. This integrated approach will ensure the automation and enforcement of employees’ access to information, applications and systems based on pre-defined business roles, duties, interdependencies and relationships. For example, access rights to specific applications can be provisioned as employees work on particular projects and de-provisioned as soon as they complete the project.



In a survey conducted for SurfControl by Public Opinion Strategies, roughly nine out of ten (88%) employees support legislation to strengthen restrictions on explicit or pornographic spam and establish criminal penalties for spam that contains misleading information regarding the identity of the sender of the e-mail. Courtesy: PRNewsFoto

External threats

Would-be hackers are not the only external security threats. Network security is forced to evolve beyond traditional physical network domains. The old perimeter is officially dead, killed by a business necessity to externalize and extend access beyond the enterprise in order to facilitate cross-enterprise collaboration. This extended enterprise enables new business models, but it must be secured through IdM best practices and integrated security architectures.

Off-shoring, for example, is becoming an attractive business reality; but, in itself, it could pose additional external security threats. Organizations that pursue the productivity and cost-efficiencies with this model must also ensure that they do not sacrifice security. To mitigate this risk, security needs to consider off-shore service providers’ security policies and enforcement capabilities. Since off-shoring arrangements typically depend on access to critical information and systems, there must be verifiable practices in place to determine which people have access to these systems. This ability will become a differentiating factor across outsourcing service providers.



Compliance automation

Compliance drives more stringent security requirements. Sarbanes-Oxley, Gramm-Leach-Bliley Acts, the Basel II Accord and other regulations now challenge enterprise security. Due to the significant regulatory and customer privacy ramifications that security breaches can have, organizations need a better way to vigorously enforce and automate the management of user-access rights in a way that also facilitates audits.

For many enterprises, new identity management technologies and best practices ensure that organizations are on the winning side of the critical tradeoff to achieve compliance and security without unacceptable cost increases and application network performance degradation.

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

John Aisien, vice president of product management for Oracle Corporation, is one of the most experienced executives in the identity and access management market, predicted by Datamonitor to grow to $6.2 billion by 2007. More information on security convergence? Go to www.securitymagazine.com and use the unique LINX search service.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing