By Scott Sieracki, CEO, Viscount Systems
Advancements in technology drive advanced capabilities in the government market.
Without a doubt, data breaches dominated conversations and headlines over the past year. With the growing proliferation of networked devices and the rapid emergence of the Internet of Things, network security is more critical than ever. Looking at the big picture, it is more important than ever to view the overall security threat in more holistic terms. Evolving risks such as terrorism, corporate espionage, and cyber threats demonstrate the importance of implementing strong security protocols across an organization’s physical and network infrastructure.
Perhaps no other customer understands this threat paradigm more than the U.S. Federal Government. Beginning with the issuance of Homeland Security Presidential Directive-12 (HSPD-12) in 2004, the government has sought to create a standardized access control and identity management approach for physical and logical security across its agencies for the better part of a decade. As often the case with projects of this scope and complexity, initial deployments resulted in a myriad of policies and disjointed strategies. However, advancements in technology have transformed a seemingly impossible vision into an achievable goal, which a variety of industries can take stock in how this model benchmarks against their security strategies.
The Implementation Of FICAM
The Federal Identity, Credential and Access Management (FICAM) program requires government agencies to implement an interoperable, end-to-end access control system in an effort to achieve a higher level of identity management and data capture between physical and logical security functions. Before FICAM was developed, most of the components of an access control system — identity, credential management and physical access — operated in silos and did not share information with each other in real time. Implementing a software-centric access control solution that has the ability to openly communicate with other application servers is one way government users can realize higher security and the seamless unification of access control and identity management systems. This approach allows IT and physical security managers to authenticate a person’s identity while also checking current access rights in real time. It is not unlikely that a person could have a valid security clearance one day, but have it revoked the next. Dynamic environments like this make it imperative that information is validated in real-time. If an organization can verify identities along with security privileges at the door, the chances of keeping potentially harmful individuals out increases exponentially.
Because of the need for real-time authentication and increased regulations, the traditional access control architecture based on proprietary panels has become a security vulnerability because proprietary panels contain a card holder record database, configuration files and historical data that exists outside of the IT department’s ability to leverage cyber security technology and best practices. In addition to being cumbersome and slow to update, panels are also more vulnerable to cyberattack. In today’s connected world, the access control database should reside within the protective realm of the IT department to ensure it is secured against cyber threats and fully hardened by the business continuity measures that are implemented across the enterprise.
Dynamically Changing Access Control Systems
An access control system that dynamically adapts to various changes within an agency’s access protocols or its threat environment is another trend that is on the rise in the government sector. Administrators want to change identities, policies, and aligned attributes on the fly, which includes not only validating someone’s identity but also any policy that may be currently in effect.
For example, an IT threat may call for changing who has access to a server room. With a unified system, users can adapt access privileges depending upon the threat level and the access control system can user higher authority systems of information pertaining to identities entitlements. This approach is also desirable during a lockdown situation, where security managers would restrict entry to a building and block egress points based on the type of emergency.
Convergence Of Physical And Logical Access
Integrating physical and logical access has long been a goal of many organizations in the public and private sectors. This effort would allow employees to leverage a single credential to access secure facilities and networks. Currently within the federal government market, there is an ongoing effort to integrate physical and logical functions into a single identity management platform.
While FICAM is helping to bring the physical and logical worlds together, the program is largely focused on validating identity credentials for physical access. In the end, government agencies and organizations in the private sector must push for interoperability in physical and logical access to streamline security operations and provide the ease-of-use that today’s leading organizations seek.