|Comprehensive and robust security programs and policies are required for adequate data security|
Over the last decade, we have entered a new era of physical and logical access control. We are now living in an increasingly mobile world where our phones do more than just make a simple call – employees can now open doors and enter secure areas, as well as access computers, corporate data networks and associated information assets with just a single mobile device. Furthermore, the cloud, and access to cloud-based services is becoming almost a fundamental requirement for businesses. This, combined with advanced personal cell phones such as NFC-enabled ones increasingly being used beyond conventional uses, is naturally driving a change in how organizations view, deliver and manage both data and physical security, explains Alan Davies VP Sales – EMEA, Identity Assurance, HID Global.
A big change pertaining to access control management is that identity no longer needs to be restricted to a single plastic card or security token. We often think about identity solely in terms of the card or token that carries it; however with more and more companies placing accessible data in the cloud and allowing employees to use NFC-enabled smartphones for physical access purposes in the workplace, ‘identity’ is now taking many different shapes. For example, a smartphone being used as a ‘digital key’ to open doors and tag-in to work locations eliminates the need for employees to carry any other credentials. Of course, this raises questions about how to ensure that any assigned identities can be trusted. Fortunately, it is possible to manage virtualized credentials in the business environment.
Take mobile for example. This can be done by implementing a trusted identity framework that creates a secure boundary within communications between the devices, such as when a smartphone interacts with an NFC reader or NFC enabled end-point device. It acts as a secure ‘vault’, that delivers the agreed corporate security policy to the devices in use. If this is accepted, then it is deemed to be trusted and the user is allowed access. Another benefit is that NFC-enabled physical access control makes it easier to track who is entering and exiting monitored access points throughout the workplace. Employers can then be assured that all endpoints and all of the systems in between are valid before allowing entry into the building.
Data Protection and Management
For organizations investing in the cloud, in order for them to unlock its true value, they need to address exactly where
|Security strategies should be customized to fit an organizations unique data protection needs|
sensitive data is stored and consider the user risk factor including the way in which they wish to access the information. Though the rise of the cloud for enterprise data storage and application-hosting has changed the way IT professionals interact with their users, networks and data, the fundamentals of data protection remain the same. What many organizations fail to realize is that a one-size-fits-all approach to data protection is insufficient.
Traditionally, enterprises have focused on securing the network perimeter, and relied on static passwords to authenticate users internally, within the firewall or externally via a virtual private network (VPN). However, taking into account the diverse nature of modern threats – from Advanced Persistent Threats (APTs) to ad hoc hacking and the internal risks that come with the mass adoption of BYOD– organizations are increasingly re-evaluating and re-assessing their IT security strategy to meet changing needs.
Two-factor authentication measures have typically been confined to physical devices like one-time password (OTP) tokens and display cards, but thanks to a variety of technological advancements these are being replaced by ‘soft tokens’ that can be held directly on the user device such as a cell phone or tablet, or alternatively as browser-based tokens. Additionally, these mobile tokens can be combined with cloud app single-sign-on capabilities, to fulfill the same function of more classic two-factor authentication models while also providing convenient streamlined access to multiple cloud apps – all from one device.
Merging Management of Logical and Physical Security Infrastructure
Ultimately, the security landscape is constantly evolving and mobile access control as well remote data access to cloud based applications, is growing in significance, making the right security investment a more important decision than ever before. It is critical for enterprises to have an extremely secure mobile and cloud identity environment so that transactions between the employee-owned phones or corporate-issued devices and the door they intend to unlock, or network they access, are conducted in a secure manner.
Merging the management of both logical and physical security infrastructures, so that their operations are conducted via one platform, is integral to keeping pace with the paradigm shift caused by technological advancements such as NFC. Furthermore, by deploying just one security device for both logical and physical access control , enterprises will not only realize cost savings, but will gain greater security control, as there will be a single point of revocation for all access rights. Building security systems that take into account the many routes to confidential data – whether at the physical door, on the network or in the cloud – is essential.
Only by implementing comprehensive and robust and layered security programmes and policies that cover all three areas, while allowing for new technologies and applications, will organizations be confident that their data is adequately secure.