Articles by Julian Lovelock
Organizations are moving to align their physical and digital security initiatives, especially in today’s more connected world Organizations must address growing security threats using fewer resources in an increasingly challenging regulatory environment. They are looking to ensure data security while also protecting their facilities’ physical security. At the same time, their users are demanding more choices of smart cards, smartphones, wearables, and other mobile devices that can do much more than simply open doors in an increasingly connected world. Cobbling together disparate solutions creates vulnerability gaps and can be expensive and difficult to manage. For these and other reasons, many organizations are moving to align their physical and digital security initiatives, especially in today’s more connected world tied to the Internet of Things (IoT). They are adopting new ways of thinking about trust in smart environments and evolving how they use trusted identities across their operations. In the process, they are discovering better ways to establish, create, use and manage secure credentials using hybrid on-premises and cloud solutions both for access control and to tie people, assets and processes to the Internet of Trusted Things (IoTT). Simpler And More Efficient Approaches Cloud-based solutions such as Microsoft Azure are already widely used for IT access management and there is now growing interest in harnessing the cloud to manage trusted identities used for physical access management as well. Today’s solutions span the full identity lifecycle, from badge printing or mobile credential issuance all the way through to the management and application of access rights. These solutions tie everything together and automate other manual workflows to provide an end-to-end physical identity and access management solution These integrated solutions will be joined by new cloud models for delivering network-based, service-focused badge printing and encoding that eliminates the need for stand-alone card printers attached to dedicated PC workstations and delivers the security of end-to-end encryption. Such solutions will transform the operational management of ID badge printing, reduce costs, eliminate capex outlay, simplify system maintenance and improve security as compared to on-premises solutions. Reducing Vulnerabilities And Simplifying Compliance In parallel with the move to the cloud, there is also a growing awareness of the interdependencies of technologies and platforms that are used to optimize business agility, manage costs and improve the user experience in today’s increasingly mobile environment, or to extend the reach, flexibility and security of digital commerce and relationship management. These interdependent technologies require an organization-wide approach to identity management that connects multiple platforms, systems and devices for multi-factor authentication. This approach increases security, reduces vulnerabilities and simplifies compliance. To achieve this vision, unified identity cloud-based physical and IT access management solutions can create a far more seamless experience for users while simplifying procurement, deployment and maintenance. These solutions tie everything together and automate other manual workflows to provide an end-to-end physical identity and access management solution that integrates with access control systems, logical identity and other applications so organizations can manage all types of physical identities and their details. Encompassing Identity Management Lifecycle This approach incorporates trusted credential and other advanced security technologies and encompasses the entire identity management lifecycle. The result: organizations achieve a single, comprehensive security view and more coordinated way to protect privacy, while also lowering total cost of ownership, extending strong authentication from the desktop to the door and supporting a multitude of advanced use cases. This unified approach is especially effective for government agencies and other regulated industries such as banking, healthcare, and transportation. It improves the organization’s overall security posture while consolidating physical and IT security into a single solution. The user experience is improved by having a single credential for opening doors and accessing IT systems, networks and data and the organization can more easily comply with federal security requirements while extending public key infrastructure (PKI) strong authentication throughout their operations. Unified identity cloud-based physical and IT access management solutions can create a far more seamless experience for users This unified approach also enables using strong cryptographic credentials in a range of additional applications, including digitally signing emails or documents, decrypting emails or files, full disk encryption and boot protection to secure laptops, among others. This approach also makes it easier to monitor and manage users’ access rights as their roles change within an organization, ensuring they only have access to what they need in a current role. Incorporation Of Biometrics In banking, unified platforms provide a holistic, mobile-relevant, multi-channel solution for managing customer identities across all channels, improving the user experience without increasing cost or complexity. The incorporation of biometrics further improves the user experience with higher levels of trust and makes it easier to combat fraud while complying with “know your customer” and other regulatory mandates. Unified platforms for healthcare enable administrators to consolidate identity and access management across the continuum from hospital to home, simplifying operations ranging from opening hospital doors and accessing healthcare records to e-prescribing while simplifying compliance and improving how healthcare professionals interact with patients and log their activities. Institutions can leverage e-prescribing architectures for other valuable capabilities such as authenticating to VPNs and enabling remote access using credentials, key fobs, mobile smartphones and other smart devices and one-time password (OTP) tokens. Path To Converged Solutions The move to unified platforms offers new ways to establish, create, manage and use trusted identities and combine on-premises systems and the cloud to simplify identity and access management using common, flexible and adaptable platforms. Organizations that adopt these platforms can more easily secure access to everything from the facility’s doors to its computers, data, applications, and cloud-based services and can also tie their smart buildings to the IoT. As they deploy these unified platforms, they will be embarking on a path to truly converged solutions that will ultimately consist of a single security policy, one credential and one audit log, delivered through a fully interoperable, multi-layered security infrastructure. Between now and then, they will be able to preserve their investments while continuing to grow, evolve and continually improve their security capabilities in the face of ever-changing threats.
Enterprises have typically focused on securing the network perimeter and relied on static passwords to authenticate users inside the firewall. This is insufficient, given the nature of today’s Advanced Persistent Threats (APTs) and internal risks associated with Bring Your Own Device (BYOD) adoption. Static passwords can be a potential recipe for a security disaster. In this article Julian Lovelock, Vice President of Product Marketing, Identity Assurance HID Global explains that enterprises would benefit from not only employing strong authentication for remote access, but also extending its use to cover the desktop, key applications, servers, and cloud-based systems as part of a multi-layered security strategy. Unfortunately, choosing an effective strong authentication solution for enterprise data protection has traditionally been difficult. Available solutions have been inadequate either in their security capabilities, the user experience they deliver, or in the cost and complexity to deploy them. Now, we have the opportunity to eliminate these problems using Near Field Communications (NFC)-enabled credentials that can reside on smart cards or smartphones, and can be employed to secure access to everything from doors, to data, to the cloud. Versatile, NFC-based strong authentication solutions can: Support converged secure logical access to the network and cloud-based services and resources, as well as physical access to buildings, offices and other areas; Support mobile security tokens for the most convenient and secure access from smartphones or tablets; and Deliver multifactor authentication capabilities for the most effective threat protection, as part of a multi-layered security strategy. The Challenges of Strong Authentication Multi-factor authentication, also known as strong authentication, combines something the user knows (such as a password) with something the user has (such as mobile and web tokens), and can also be extended to include a third factor in the form of something the user is (which can be ascertained through a biometric or behavior-metric solution). Users have grown weary of the inconvenience of hardware OTPs, display cards and other physical devices for two-factor authentication. Additionally, OTPs are useful only for a limited range of applications. The industry is now replacing hardware OTPs with software tokens that can be held on such user devices as mobile phones, tablets, and browser-based tokens. With software OTPs, organizations are able to replace a dedicated security token with the user’s smartphone, enabling the two-factor authentication to grow in popularity and convenience. A phone app generates an OTP, or OTPs are sent to the phone via SMS. However, there are security vulnerabilities with software OTPs that have driven the need for a far more secure strong authentication alternative, such as smart cards based on the Public Key Infrastructure (PKI). The downside to this approach, however, is its high cost and level of complexity to deploy. Future Mobile Opportunities NFC-based mobile model will deliver particularly robust security, and will be especially attractive in a BYOD environment The benefits of NFC technology are many as it becomes a standard feature of smart phones, tablets and laptops targeted at the enterprise market. Users can have a smart card or smartphone that grants access to resources by simply “tapping in” – without the need to enter a password on touch-screen devices, or the need for additional devices to issue and manage. In addition, there are a number of steadily growing NFC-based tap-in use cases that are poised for strong adoption in the enterprise, including tap-in to facilities, VPNs, wireless networks, corporate Intranets, cloud- and web-based applications, and SSO clients, among many other scenarios. These benefits and the wide range of potential applications – along with the fact that manufacturers are enabling more and more phones, tablets and laptops with NFC -- are driving many companies to seriously consider incorporating secure NFC-based physical and logical access into their facilities and IT access strategies. The mobile model will deliver particularly robust security, and will be especially attractive in a BYOD environment. It will be implemented within a trusted boundary, and use a secure communications channel for transferring identity information between validated phones, their secure elements (SEs), and other secure media and devices. The authentication credential will be stored on the mobile device’s secure element, and a cloud-based identity provisioning model will eliminate the risk of credential copying while making it easier to issue temporary credentials, cancel lost or stolen credentials, and monitor and modify security parameters when required. It will also be possible to combine mobile tokens with cloud app single-sign-on capabilities, blending classic two-factor authentication with streamlined access to multiple cloud apps on a single device that users rarely lose or forget. The NFC tap-in strong authentication model will not only eliminate the problems of earlier solutions, it will also offer the opportunity to achieve true convergence through a single solution that can be used to access IT resources while also enabling many other applications. These include such physical access control applications as time-and-attendance, secure-print-management, cashless vending, building automation, and biometric templates for additional factors of authentication – all delivered on the same smart card or NFC-enabled phone alongside OTPs, eliminating the need to carry additional tokens or devices. Historically, physical and logical access control functions were mutually exclusive within an organization, and each was managed by different groups. Now, however, the lines between these groups will begin to blur. Additional Considerations for the Cloud Enterprises would benefit from employing strong authentication for cloud-based systems as part of a multi-layered security strategy As identity management moves to the cloud and enterprises take advantage of the Software as a Service (SaaS) model, there are other critical elements to consider. For instance, it will be critical to resolve challenges around provisioning and revoking user identities across multiple cloud-based applications, while also enabling secure, hassle-free user login to those applications. The most effective approach for addressing data moving to the cloud will likely be federated identity management, which allows users to access multiple applications by authenticating to a central portal. It also will be critical to ensure the personal privacy of BYOD users, while protecting the integrity of enterprise data and resources. Several other security issues also emerge. IT departments won’t have the same level of control over BYODs or the potentially untrustworthy personal apps they may carry, and aren’t likely to be loading a standard image onto BYODs with anti-virus and other protective software. Nor is it likely that organizations will be able to retrieve devices when employees leave. We will need to find new and innovative ways to address these and other challenges. Notwithstanding the risks, the use of mobile phones equipped with SEs, or equivalent protected containers, opens opportunities for powerful new authentication models that leverage the phone as a secure portable credential store, enabling use cases ranging from tap-in strong authentication for remote data access, to entering a building or apartment. Additionally, as BYOD continues to grow in popularity and many cloud-based applications are accessed from personal devices, enterprises will need to take a layered approach to security, recognizing that no single authentication method is going to address the multiple devices and multiple use cases required by today’s mobile enterprise. A Layered Security Approach In addition to multi-factor user authentication as the first layer of security, both inside the firewall and in the cloud, there are four other layers that should be implemented. The second layer is device authentication. In other words, once it is determined that the user is who he or she says she is, it is important to verify that the person is using a “known” device. For this step, it is important to combine endpoint device identification and profiling with such elements as proxy detection and geo-location. The third layer is ensuring that the user’s browser is part of a secure communication channel. Browser protection can be implemented through simple passive malware detection, but this does not result in the strongest possible endpoint security. It is more effective to use a proactive hardened browser with mutual secure socket layer connection to the application. Migration to NFC-based strongauthentication and true converged solutions requires an extensible and adaptable multi-technology smart card and reader platform The fourth layer is transaction authentication/pattern-based intelligence, which increases security for particularly sensitive transactions. A transaction authentication layer can include Out-Of-Band (OOB) transaction verification, transaction signing for non-repudiation, transaction monitoring, and behavioral analysis. The final layer is application security, which protects applications on mobile devices that are used to deliver sensitive information. The application must be architecturally hardened and capable of executing mutual authentication. Adding this layer makes data theft much more complex and costly for hackers. Effectively implementing these five security layers requires an integrated versatile authentication platform with real-time threat detection capabilities. Used in online banking and ecommerce for some time, threat detection technology is expected to cross over into the corporate sector as a way to provide an additional layer of security for remote access use cases such as VPNs or Virtual Desktops. Migrating to New Capabilities Migration to NFC-based strong authentication and true converged solutions requires an extensible and adaptable multi-technology smart card and reader platform. For optimal flexibility and interoperability, this platform should be based on open architecture, and enable both legacy credential and new credential technology to be combined on the same card while also supporting NFC-enabled mobile platforms. To meet security requirements, the platform should use contactless high frequency smart card technology that features mutual authentication and cryptographic protection mechanisms with secret keys, and employs a secure messaging protocol that is delivered on a trust-based communication platform within a secure ecosystem of interoperable products. With these capabilities, organizations can ensure the highest level of security, convenience, and interoperability on either cards or phones, along with the adaptability to meet tomorrow’s requirements including a combination of both strong authentication for protecting the data and applications in the cloud, and contactless high-frequency smart card capabilities for diverse physical access control applications. With proper planning, organizations can solve the strong authentication challenge while extending their solutions to protect everything from the cloud and desktop to the door. These converged solutions reduce deployment and operational costs by enabling organizations to leverage their existing physical access control credential investment to seamlessly add logical access control for network log-on. The result is a fully interoperable, multi-layered security solution across company networks, systems and facilities.
As businesses move to hybrid remote and in-person workplaces while complying with evolving public-health mandates, they must manage a dynamic enterprise environment with more complex safety and security challenges. HID SAFE Facility and Risk Analytics HID Global, a globally renowned company in trusted identity solutions, has announced its HID SAFE Facility and Risk Analytics solution that improves efficiency, agility and flexibility in hybrid workplaces through real-time occupancy monitoring, risk analytics and alerting, and reporting. HID Global has seamlessly integrated the Innominds AI-powered iFusion technology into its HID SAFE Facility and Risk Analytics solution so users can create an easy-to-understand risk score based on real-time and historical behavior patterns. Integration with Innominds AI-powered iFusion technology The solution uses artificial intelligence to compare workplace data from physical security systems to archived information about past access control events, including unauthorized activities. This provides a clear picture of emerging threat scenarios so as to enable organizations to diagnose and resolve security risks effectively. “The ability to identify patterns of behavior that highlight risk is critical for businesses that increasingly are adopting a hybrid work model with more complex risks and compliance needs,” said Julian Lovelock, Segment Vice President at HID Global, adding “Innominds' iFusion’s deep predictive analytics capabilities and its integration with HID Global’s physical identity management solutions are designed to ensure a secure enterprise work force environment thus enabling enterprises to embrace the new normal.” iFusion analytics technology iFusion analytics technology uses Innominds’ proprietary accelerators to generate deep insights iFusion analytics technology uses Innominds’ proprietary accelerators to generate deep insights, predictive analytics and real-time reporting from complex data. The technology enables HID SAFE solution users to predict security events so they can improve the effectiveness, efficiency, and cost of their security operations. “We are pleased with this possibility of supporting enterprises’ return to work with solutions built on our AI, analytics and data engineering expertise. We are thrilled to be collaborating with HID Global who are leveraging our proprietary accelerators and AI-driven analytics platforms such as iFusion,” said Krishna Guda, President and Chief Strategy Officer, Innominds. Hybrid work solutions Krishna adds, “Our joint vision to offer a secure back-to-work solution for future enterprises becomes a reality with this collaboration. This strengthens our endeavor to power the Digital Next initiatives of global companies and be at the frontiers of the future of work.” In a recent HID survey, almost 70 percent of customers said the future of work will be hybrid. With the HID and Innominds collaboration, customers now have the deep insights, predictive analytics, and real time reporting to rapidly diagnose and resolve threatening situations while also meeting evolving compliance requirements in the new hybrid work environments.
HID Global, a worldwide provider in trusted identity solutions, announced its new WorkforceID™ platform that enables a seamless, effortless experience when using identity credentials to access physical and digital workplaces at an office, in the field or on the road. The new ISO27001-certified identity cloud service platform simplifies how employees access what they need to do their jobs, while solving workplace and visitor security, regulatory compliance and a variety of new business challenges as employees are returning to work. WorkforceID inherits the best capabilities from the enterprise-grade HID SAFE™ physical identity access and visitor management software, and combines them with deep customer insights from over 250 organizations around the world, to make a generational leap in unified identity management. Buildings, IT resources access control It brings a completely digital and turnkey deployment for administrators, and removes the complexity of installing, configuring and supporting on-premise software. For employees, contractors and visitors, it provides an ultra-convenient user experience with several streamlined digital workflows, such visitor self-check-in and rules-based access to buildings and IT resources according to employees’ modified work schedules. “WorkforceID solves many of today’s identity management challenges and will also offer unique services to address evolving and specialised work environments, from expediting hospital visits and healthcare worker onboarding to accelerating workplace security audits,” said Brad Jarvis, Vice President and Managing Director of the Identity & Access Management Solutions (IAMS) with HID Global. “We will continue to launch exciting new applications with our WorkforceID platform that will support a growing family of trusted identity solutions for workplaces.” Cloud-based onboarding, visitor badging kiosks The award-winning platform enables organisations to unify, automate and simplify identity issuance and management at a single facility or across any number of distributed office or remote work locations. Its first two available services are employee ID badging and visitor management: HID WorkforceID Credential Manager and ID Badge Issuance: Automates badging across the identity lifecycle including cloud-based onboarding, card printing and offboarding. Administrators know the details of all active credentials, at any location. HID WorkforceID Visitor Manager: Improves the visitor experience through reduced wait times and the ability to use self-service badging kiosks. Administrators can customize the visitor experience and security measures while benefitting from automated policy compliance. “Our mission is to enable a safe, secure and productive workforce,” said Julian Lovelock, Segment Vice President at HID Global. “The WorkforceID platform gives organizations a simple but powerful set of cloud-based applications for managing identities, with a great user experience that takes the manual processes out of adapting to new challenges in today’s work environment.” Renew annual subscriptions online To date, hundreds of organisations are piloting the solution to take advantage of enterprise-grade visitor and credential management in their small and medium businesses. Administrators simply register for a free trial plus easily activate and renew their annual subscriptions online. HID plan to add more tools, features and applications to the WorkforceID platform to deliver deep analytics and reporting capabilities and meet the rapidly expanding credential management requirements of increasingly connected workplaces.
HID Global, a provider of trusted identity solutions, introduces Quantum Secure SAFE Enterprise, an off-the-shelf addition to its SAFE Physical Identity and Access Management (PIAM) offering that brings together everything organizations need to streamline and centralize management of the entire lifecycle for employee, contractor and visitor identities. “SAFE Enterprise transforms the security function, enabling collaboration across different departments and teams to address identity management and compliance challenges through a single, centralized platform,” said Julian Lovelock, Vice President of Quantum Secure - Identity & Access Management Solutions (IAMS) with HID Global. “It bundles our core products into the industry’s most comprehensive PIAM solution, while also giving organizations the flexibility to meet identity management needs today and in the future.” Consistent Identity Management SAFE Enterprise enables organizations to manage all of their identity types at a lower cost and without having to purchase separate, stand-alone products. As a centralized platform, it facilitates identity management across the entire lifecycle through on-boarding, badging, access rights management and off-boarding, while also providing compliance and actionable intelligence. The policy-driven software ensures that consistent identity management processes are applied throughout the enterprise regardless of existing infrastructure and new acquisitions. All identities can be properly vetted and authorized based on role, location and other organizational policies so people have the right access to the right areas and for the right length of time to reduce risks. Special Configuration Packages The new solution consists of four modules and add-ins. Each delivers compliance reporting and auditing functionality and is available in special configuration packages for applications in healthcare, aviation, finance, government, and sports and events. The modules include: Badge Manager: Provides a platform to use external identity sources to pre-load identity information, capture badging prerequisites and print badges for employees and contractors. Advanced Access Manager: Streamlines central management of the physical access lifecycle for an organization’s employees and contractors. Visitor Manager: Securely and quickly manages the entire visitor lifecycle from easy pre-registration to welcoming visitor invitations through rapid check-in and check-out. Security Reporter and Operations Analytics: Enables organizations to understand and coordinate all on-boarding, badging, and access and visitor management activities. The first of many planned add-ins to be offered for SAFE Enterprise is predictive analytics, which transforms security data into critical knowledge and actionable insights called Indicators of Compromise (IOCs) that help organizations take preventive actions against possible threats.
Amid rising concerns about security threats at stadiums and arenas where sports and entertainment events take place, HID Global, a global provider of trusted identity solutions, announced that its Quantum Secure SAFE Sports and Events Access Manager has earned the National Center for Spectator Sports Safety and Security (NCS4) ‘Lab Tested’ designation, awarded to products that undergo the rigors of operational testing in a sports environment. Reducing Risks By Tracking Visitors And Contractors The NCS4 designation gives event security managers greater confidence that the product has been validated as effective, helping to increase safety and security at events with large crowds. The SAFE Sports and Events Access Manager solution from HID Global tracks visitors and contractors to reduce risk, accelerate investigations and give better transparency of who is coming and going from a venue. The SAFE Sports and Events Access Manager solution tracks visitors and contractors to reduce risk, accelerate investigations and give better transparency of who is coming and going from a venue “The National Center for Spectator Sports Safety and Security assembled a team of subject matter experts from the sports security domain to evaluate the SAFE Sports and Events Access Manager,” said Daniel Ward, Director of Training and Integrated Systems, National Center for Spectator Sports Safety and Security (NCS4) at the University of Southern Mississippi. “The team evaluated the technology based on stated capabilities, as well as the its ability to integrate and operate in sporting venues. The SAFE Sports and Events Access Manager solution performed at or above the levels considered by the evaluators to fully meet each requirement.” Addressing Threats And Safety Risks Established in 2006, the National Center for Spectator Sports Safety and Security has become a recognized academic leader in addressing potential threats and risks to the safety and security at sporting events. NCS4 works with recognized and respected safety and security experts from professional sports leagues, marathons, high schools and universities. “Event venues are increasingly looking for solutions to their physical access management challenges,” said Julian Lovelock, Vice President of the Quantum Secure segment within HID Global’s IAM Solutions business. “By meeting industry standards for securing stadiums and arenas with trusted identity solutions such as SAFE Software, we are expanding the options for protecting people at events.”
How To Ramp Up Perimeter Security With License Plate Reader TechnologyDownload
Solve Access Control Challenges in the Healthcare SectorDownload
Getting the Most Value From Software Subscription AgreementsDownload
Shifting Trends in Operation Centers and Control Rooms for 2021Download