Upload
thomas-van-vooren
View
200
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Convergence of Logical and Physical Access Control for LSEC IAM Conference 20091003 Leuven (English)
Citation preview
www.everett.nlwww.everett.nl
The convergence of
logical and physical access controlThomas van Vooren <thomas.van.vooren at everett.nl>
2
Agenda
▶ Necessity of convergence;
▶ Convergence architecture;
▶ Benefits of convergence;
▶ Approach and takeaways.
Everett
Partnering
Experienced
For…
Consultancy,
Solution Support
Systems Integration,
We are in our 10th year of business as middleware specialists in the fieldof identity management and applicationintegration
80 consultants, projectmanagers,architects and engineers
Pan-European Track record.
Technology Platforms
Delivery Scalability
Architecture
Blended Shoringwith India
Everett
Europe+
We’re proud to work for leadingCorporates & institutes!
Clients
Offices in the Netherlands, United Kingdom, Italy & India
Projects in all neighbouring countries, all the way to Russia, UAE and South Africa
Everett International servicing all markets outsideNL, UK, Italy & India
5
Why is convergence relevant?
▶ The cost of security keeps rising, across society:
Increasing number of services subject to access control (both logical and physical)
Necessity to grant access to an increasing variety of users (internal and external)
▶ Access control is mission critical in various industries, both logical and
physical:
Aerospace, Finance, Public domain, High-Tech Industry, etcetera.
▶ Means to establish access control are expensive:
Smartcards, readers, access gates, IT-access management systems, administration,
etcetera.
▶ And isolated solutions are insufficient to provide the required level of
security and controlled risk:
Gaps in the process of granting and revocation of authorisations.
Incomplete coverage of risks.
6
Traditional seperation of logical and physical domain
IdentityManagement
HR / CRM
CardManagement
AccessManagement
PACS
▶ Seperate administration process to
manage identity and credentials;
▶ Various means of authentication;
▶ Separate security domains (not
cohesive).
7
Convergence within the enterprise
HR / CRM
IdentityManagement
CardManagement
AccessManagement
PACS
Monitoring
IdentityManagement
HR / CRM
CardManagement
AccessManagement
PACS
Correlation of securityevents, consolidated reporting(detective control)
Context based access(preventive control)
Consolidation of identity and token lifecycle(preventive control)
8
Convergence with an external provider
ExternalToken
ProviderHR / CRM
IdentityManagement
CardManagement
AccessManagement
PACS
Monitoring Correlation of securityevents, consolidated reporting(detective control)
Context based access(preventive control)
Consolidation of identity and token lifecycle(preventive control)
9
Cross domain convergence
ExternalToken
Provider
IdentityManagement
CardManagement
AccessManagement
PACSAccess
ManagementPACS
Identity &
TokenBroker
HR / CRM HR / CRM
IdentityManagement
CardManagement
MonitoringMonitoring
3. Externaluser is grantedauthorisations at theservicedesk
1. Useris created andassigned a card.
2. Identity and cardinformation isexchanged
10
Typical benefits of logical and physical convergence
▶ Lower cost of ownership:
Reduced administration cost
Reduced token costs
▶ Improved security:
(often) stronger authentication (2-factor)
Traceability
Context based access (e.g. logical access only on site)
▶ Improved compliance:
Consolidated auditing and reporting across physical and logical domain.
▶ User friendlyness:
Same token for multiple access domains;
Reduced or single sign on.
11
The road to convergence
▶ The key to convergence of logical and
physical access is cohesive identity and
autorisation management.
▶ Determine architecture, solutions fit for
requirements and desired benefits.
▶ Bring together facility management department and IT department.
▶ Attention to both organisation as well as technology;
Touches both policy and work processes across departments;
Interoperability card and infrastructure.
12
Questions