Why Identity Is the New Firewall
The recognition of the need for homeland security, and the rapid growth of the security industry around that need, is based in part on recognition of the critical need to ensure that no individuals in a facility or campus ever have access to an area where they are not authorized to enter. This is mission critical with no margin for error for government agencies and facilities – and of the highest importance for the private sector as well. Beyond the essential physical safety of the other individuals on the property, this concern relates to the security of classified data, the need to protect both physical and logical technology located on the premises, intellectual property theft, concerns of vandalism or workplace violence and liability.
Countermeasures to reduce, mitigate and eliminate external and internal terrorist threats have been and remain of paramount importance to the Federal Government. In 2004, the White House issued the Homeland Security Presidential Directive 12 (HSPD-12), which set the entire government on a path towards this goal with the vital step of establishing trust for federal workers and contractors who require access.
The first step was creation of the Personal Identity Verification smart card (PIV card), which resulted from the NIST FIPS-201 specification, published in 2005. The second step is to actually use the PIV card for everyday access to secure cyber and physical assets and resources.These measures are entirely dependent on the ability of government agencies to manage identities, so that no PIV card is ever valid for an individual who should not be authorized on that day, at that time, to enter those premises.
Physical Identity and Access Management (PIAM) Definitions and Challenges:
- Database of every identity that who may be present in a facility or on a campus
- Ongoing updates of current access privileges of every identity
- Valid for all locations of the enterprise
Instant, automatic updates for:
- New personnel
- New or lost certifications
- Vendors added or subtracted
- Authorization for each individual door or building
- Management of all relevant compliance issues
There is technology in existence today that will solve these problems, sustain valid identities 24/7 and create a virtual firewall around the organization. By utilizing an enterprise-based PIAM solution, it is now possible for government and private sector entities to prevent prohibited internal access by employees, contractors and other individuals enrolled in the system. The softwarecan be implemented across multiple facilities and buildings across a campus, or across the globe, in alignment with FICAM guidelines. There is no need to rip and replace existing PACS infrastructure, as the use of this software enables existing physical access control systems to fully recognize and validate PIV and other ID cards. This is something that visitor management systems cannot do, and the benefits are clear.
Implementing this type of software solution will help organizations preserve their existing investments in technology, reduce future costs and simplify many complex procedures. Not only will this have the effect of improving overall security, it will also make it easier and more cost-efficient to purchase, install, deploy and maintain fully compliant physical access control systems. A robust and technologically advanced software solution to address the challenges will provide a policy-based approach to managing and enrolling PIV cardholders in diverse PACS. This will enable the flexible enrollment, validation and processing of individuals gaining temporary or long-term access to a given facility, along with a policy-based approach to guard against fraud and foster real-time audit and compliance – without changing the user’s existing physical security infrastructure.
Automating PIAM systems makes it possible for the agencies to set rules, controls and policies that are maintained and updated instantly, and to onboard every identity and maintain correct authorization and provisioning for every identity in real time. The software that can accomplish this monumental task utilizes PACS virtualization – whereby the software finds and connects networks, virtualizes functions like switching and routing and identifies access control devices as PACS. Every device and or system, no matter the vendor, brand or protocol used, becomes another set of data points for the overall PIAM solution to incorporate. What is important is that all these formerly disparate products and systems can now be polled, programmed and controlled via a single platform.
By taking complete control of physical identity management, the user can create a virtual firewall around and within each individual facility – helping to keep unauthorized individuals off the premises, and contributing significantly to the cause of homeland security.