www.everett.nlwww.everett.nl

The convergence of

logical and physical access controlThomas van Vooren <thomas.van.vooren at everett.nl>

2

Agenda

▶ Necessity of convergence;

▶ Convergence architecture;

▶ Benefits of convergence;

▶ Approach and takeaways.

Everett

Partnering

Experienced

For…

Consultancy,

Solution Support

Systems Integration,

We are in our 10th year of business as middleware specialists in the fieldof identity management and applicationintegration

80 consultants, projectmanagers,architects and engineers

Pan-European Track record.

Technology Platforms

Delivery Scalability

Architecture

Blended Shoringwith India

Everett

Europe+

We’re proud to work for leadingCorporates & institutes!

Clients

Offices in the Netherlands, United Kingdom, Italy & India

Projects in all neighbouring countries, all the way to Russia, UAE and South Africa

Everett International servicing all markets outsideNL, UK, Italy & India

5

Why is convergence relevant?

▶ The cost of security keeps rising, across society:

Increasing number of services subject to access control (both logical and physical)

Necessity to grant access to an increasing variety of users (internal and external)

▶ Access control is mission critical in various industries, both logical and

physical:

Aerospace, Finance, Public domain, High-Tech Industry, etcetera.

▶ Means to establish access control are expensive:

Smartcards, readers, access gates, IT-access management systems, administration,

etcetera.

▶ And isolated solutions are insufficient to provide the required level of

security and controlled risk:

Gaps in the process of granting and revocation of authorisations.

Incomplete coverage of risks.

6

Traditional seperation of logical and physical domain

IdentityManagement

HR / CRM

CardManagement

AccessManagement

PACS

▶ Seperate administration process to

manage identity and credentials;

▶ Various means of authentication;

▶ Separate security domains (not

cohesive).

7

Convergence within the enterprise

HR / CRM

IdentityManagement

CardManagement

AccessManagement

PACS

Monitoring

IdentityManagement

HR / CRM

CardManagement

AccessManagement

PACS

Correlation of securityevents, consolidated reporting(detective control)

Context based access(preventive control)

Consolidation of identity and token lifecycle(preventive control)

8

Convergence with an external provider

ExternalToken

ProviderHR / CRM

IdentityManagement

CardManagement

AccessManagement

PACS

Monitoring Correlation of securityevents, consolidated reporting(detective control)

Context based access(preventive control)

Consolidation of identity and token lifecycle(preventive control)

9

Cross domain convergence

ExternalToken

Provider

IdentityManagement

CardManagement

AccessManagement

PACSAccess

ManagementPACS

Identity &

TokenBroker

HR / CRM HR / CRM

IdentityManagement

CardManagement

MonitoringMonitoring

3. Externaluser is grantedauthorisations at theservicedesk

1. Useris created andassigned a card.

2. Identity and cardinformation isexchanged

10

Typical benefits of logical and physical convergence

▶ Lower cost of ownership:

Reduced administration cost

Reduced token costs

▶ Improved security:

(often) stronger authentication (2-factor)

Traceability

Context based access (e.g. logical access only on site)

▶ Improved compliance:

Consolidated auditing and reporting across physical and logical domain.

▶ User friendlyness:

Same token for multiple access domains;

Reduced or single sign on.

11

The road to convergence

▶ The key to convergence of logical and

physical access is cohesive identity and

autorisation management.

▶ Determine architecture, solutions fit for

requirements and desired benefits.

▶ Bring together facility management department and IT department.

▶ Attention to both organisation as well as technology;

Touches both policy and work processes across departments;

Interoperability card and infrastructure.

12

Questions