The marriage of physical and logical access: unifying the keys to the kingdom.There is a two-tiered approach to security that all businesses must consider in order to fully protect their assets: physical security (which includes real property such as buildings and facilities) and information security (which encompasses the data and intellectual property that resides on computer networks). It is vital that any business--and the executives whose careers are at stake--take both levels of security into consideration when considering their corporate security posture, especially with today's threat of electronic crime and expanding regulatory compliance legislation. Whether you're a small business or a large enterprise, the consequences of a security breach can be catastrophic, entailing loss and the risk of liability or non-compliance. Successfully managing both physical and logical access to high-value resources or sensitive information is one of the most proactive ways to safeguard today's corporations. Access control is the mechanism by which a system grants or restricts the right to access facilities (physical access) or computer networks and data (logical access). Many large enterprises have already deployed technology for physical security. Employees with the appropriate clearances or permissions are provided with smart identification (ID) cards that verify their rights and privileges. Once presented, scanned or inserted into readers, these credentials CREDENTIALS, international law. The instruments which authorize and establish a public minister in his character with the state or prince to whom they are addressed. If the state or prince receive the minister, he can be received only in the quality attributed to him in his credentials. permit access to secure areas of the workplace, which often include parking garages, manufacturing facilities, and research and development laboratories. Smart Cards Example of widely used contactless smart cards are Hong Kong's Octopus card, Paris' Calypso/Navigo card and Lisbon' LisboaViva card, which predate the ISO/IEC 14443 standard. The following tables list smart cards used for public transportation and other electronic purse applications. : The Foundation for Stronger Authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. Although businesses have long realized the necessity of smart card-based physical access control, the adoption of smart card-based logical access control is occurring at a slower rate. This trend is somewhat surprising, considering it is much easier to compromise intellectual property. There is obvious value in preventing unauthorized persons from entering restricted areas. However, physical access control provides a very limited degree of protection for computer resources, which can include networks, PCs, workstations and laptops. In today's digital world, the majority of business assets are in electronic form. The data that resides on computer networks is sensitive and proprietary, and includes everything from financial information to product plans. If this data were to become compromised, a company could lose its competitive edge, and even its customers. Additionally, today's workforce is not as stable as it once was. A high turnover rate and increased use of outsourcing (1) Contracting with outside consultants, software houses or service bureaus to perform systems analysis, programming and datacenter operations. Contrast with insourcing. See netsourcing, ASP, SSP and facilities management. means that more people have access to corporate data. For global enterprises with thousands of employees, there is an exponentially ex·po·nen·tial adj. 1. Of or relating to an exponent. 2. Mathematics a. Containing, involving, or expressed as an exponent. b. higher potential for information security breaches. Unfortunately, many enterprises still remain reactionary when it comes to network security. The need for, and value of, network security becomes evident only when there is an actual attempt to compromise information. But this viewpoint is changing, and recent legislation is affecting business processes for protecting, retaining and managing data. A worst-case scenario worst-case scenario n → Schlimmstfallszenario nt exists in heavily regulated industries such as financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. and healthcare, which handle highly sensitive Adj. 1. highly sensitive - readily affected by various agents; "a highly sensitive explosive is easily exploded by a shock"; "a sensitive colloid is readily coagulated" information and bear extra responsibility for maintaining data integrity and privacy. Should information be leaked, the potential liability is enormous. Considering the ramifications ramifications npl → Auswirkungen pl of unauthorized access to data, it is unsettling un·set·tle v. un·set·tled, un·set·tling, un·set·tles v.tr. 1. To displace from a settled condition; disrupt. 2. To make uneasy; disturb. v.intr. that many enterprises still use only user names and passwords for logical access control. A specific user name and password is created for each user, and for each application that he or she requires access to. This creates two major problems. First, user names and passwords are the lowest form of authentication that exists. They are easily compromised (often written down and easy to share with others) and therefore do not provide the high level of assurance necessary to protect critical data. Secondly, passwords are a headache for both users and IT staff. Employees often have so many passwords that they invariably in·var·i·a·ble adj. Not changing or subject to change; constant. in·var  i·a·bil forget them and have to call the help desk to either retrieve or reset them. This costs the IT department valuable time and resources, resulting in lower productivity and higher support costs for the organization. Increased security risks, combined with the weakness and inefficiency of the user name and password model, are now driving the need for smart card-based logical access control. Defined at its highest level, a smart card is a credit-card sized plastic card that includes an embedded Inserted into. See embedded system. computer chip. The chip can either be a microprocessor with internal memory or a memory chip alone. There are two general categories of smart cards: contact and contact-less smart cards. A contact smart card requires insertion insertion n. the addition of language at a place within an existing typed or written document, which is always suspect unless initialled by all parties. into a smart card reader, while a contact-less card requires only close proximity to a reader. Smart cards can store large amounts of data, carry out on-card functions such as eneryption and digital signatures, and interact intelligently with a smart card reader. Already widely implemented by both commercial organizations (such as top-tier financial institutions) and government agencies (such as the State Department and the Department of Defense), smart cards provide higher security via two-factor authentication The use of two independent mechanisms for authentication; for example, requiring a smart card and a password. The combination is less likely to allow abuse than either component alone. See authentication. . This requires something the user knows (a password) and something the user has (the smart card). Smart cards also provide stronger authentication since they are based on Public Key Infrastructure (PKI (Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of ) technology. The evolution of enterprise credential credential verb To determine or verify titles, qualifications, documents, completion of required training, and continuing education, in those persons who function in a professional or official capacity–eg, ER physician, neurosurgeon, etc. Cf Credentials. management now dramatically reduces the heavy administrative burden often associated with the initial deployments of PKI, when registration authority models were more complicated. PKI is an architecture of trust that supports a certificate-based public key cryptographic cryp·tog·ra·phy n. 1. The process or skill of communicating in or deciphering secret writings or ciphers. 2. Secret writing. cryp system. PKI uses a combination of public and private keys to authenticate (1) To verify (guarantee) the identity of a person or company. To ensure that the individual or organization is really who it says it is. See authentication and digital certificate. (2) To verify (guarantee) that data has not been altered. identity, and typically includes digital certificates, a certificate issuance authority and a registration capability. Unifying the Keys to the Kingdom With smart card-based physical access already in place at many enterprises, the next logical step is to provide the same level of protection for digital assets. Physical access control provides a first line of defense, but a multi-layered approach is required for truly proactive security. As such, there is a compelling argument to implement smart cards for logical access. In fact, businesses are beginning to realize the benefits in cost savings, ease of use and increased security by "marrying" physical and logical access control onto a single platform. Instead of adding technological and management complexities by having separate access control systems for physical facilities and electronic data, it makes more sense to combine the two solutions and gain higher assurance, cost savings, efficiency and ease of use. Since multiple access applications can be performed on a single smart card, employees can use one card to access both physical and logical resources without carrying multiple credentials. From the doorways to the desktops, one convenient solution provides the secure identity management, strong authentication and access control necessary to safeguard both physical and intellectual assets. The Department of Defense has already realized the importance of this with its Common Access Card (CAC See Consumer Advisory Council. ) program. A smart card-based CAC is issued to all military and civilian employees and contractors. These cards are used to digitally sign and encrypt See encryption. documents, in addition to providing secure access to buildings and computer networks. The marriage of physical and logical access into a single solution builds an infrastructure of increased trust. Deploying smart cards to employees, partners and other key individuals is a proactive enterprise approach to higher assurance. Except for information that requires little or no protection, user names and passwords will one day be considered an unacceptable access control mechanism, as they are easily forgotten or compromised. The multi-factor authentication and PKI architecture offered by smart cards vastly decreases the likelihood that unauthorized users will gain access to sensitive data. Today's credential management solutions help manage heterogeneous environments Using hardware and system software from different vendors. Organizations often use computers, operating systems and databases from a variety of vendors. Contrast with homogeneous environment. that combine all of the normal access management models such as passwords, software certificates and hard physical tokens, allowing migration by department or groups from one model to another and even to still another. Contrary to common assumptions, smart cards provide significant ROI (Return On Investment) The monetary benefits derived from having spent money on developing or revising a system. In the IT world, there are more ways to compute ROI than Carter has liver pills (and for those of you who never heard of that expression, it means a lot). in terms of both cost savings and increased security, especially for global enterprises with thousands of employees dispersed dis·perse v. dis·persed, dis·pers·ing, dis·pers·es v.tr. 1. a. To drive off or scatter in different directions: The police dispersed the crowd. b. worldwide. Supporting system components can be networked, allowing separate functional areas in an organization to exchange and coordinate information automatically and in real time around the world. For organizations that already have smart card-based physical access in place, they can simply expand card use to protect network resources and benefit from an easily scalable solution. Legacy systems, including physical access system components, can be leveraged for investment protection while providing increased security for logical access. Enterprises can also reduce their IT support costs with the implementation of smart cards. Although the perceived low cost of user names and passwords my have contributed to their popularity, the real expense occurs on the back end with support and password management costs. Ease of use is another compelling argument for marrying physical and logical access onto a single platform. Users will not have to carry multiple credentials, nor will they need to remember multiple passwords or PINs to access applications and data. Instead, they will have one smart card that can used for everything. Many companies consider integrating physical and logical security to be a technical effort. They overlook the old computer saw about how automating a broken process will result in problems being produced more quickly. This same logic applies to the integration of physical and logical security, as it exists in the organizational and reporting structures of nearly all companies. This structure is typically described as two silos, each reporting up through different management structures. While this is not ideal, the organizational chasm can be bridged by having physical security participate in the integration of security along three important lines of activity: * Conducting formal vulnerability and risk assessments * Developing enforceable polices and helping to enforce them * Providing oversight
Oversight may refer to:
The combination of integrating security organizationally and the use of smart cards will keep most every company out of harm's way beyond the danger limit; in a safe place. - Latimer. See also: Out . The smart card will reduce the likelihood of your company experiencing a loss. It will also increase the likelihood that if you do experience a loss, you will have the ability to track down and recreate the incident. Addressing physical and logical security integration and smart card implementation is also the foundation for avoiding legal liability. In conclusion, smart card-based physical and logical access control provides a superior foundation for secure identity management. By unifying the keys to the kingdom, enterprises can protect their assets and employees' personal information, while addressing regulatory requirements Regulatory requirements are part of the process of drug discovery and drug development. Regulatory requirements describe what is necessary for a new drug to be approved for marketing in any particular country. and reducing potential liability. Today, smart cards are the most viable way to expand security to the edge of the enterprise. www.sspsolutions.com Moses De Los Santos De Los Santos is a common surname in the Spanish language meaning of the saints.
|
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion