8 Dec 2016

An organisation is a complex environment that is ever changing and continuously growing to include more servers, more buildings, more systems and as a result -- includes more risk, costs and threats. As a Chief Operations Officer looks at the many objectives across an organisation, he needs to evaluate how to increase profits, manage risk, and provide a cost-effective route for improving processes, managing incidents and securely operating an enterprise.

The only true way to address security risk is to manage the people and the systems they use. An organisation must manage the system intelligence driven to those people, using a dashboard to create a data-centric approach model to identify behaviours, manage risk and decrease costs. How should an organisation accomplish this? How can security managers and C- Level executives attain a higher-level understanding of how a data-centric approach can be more effective in combating silos of data, convergence of IT/OT and the multitude of risks across an enterprise/global environment?

Collecting relevant data

An organisation must first determine what data to collect to best protect their people, assets and infrastructure. Access control and video management systems provide much more data than originally intended. Beyond managing who has access to certain doors and when that access is allowed, it can identify behaviour patterns. When correlating physical behaviour patterns with logical activities, we can understand someone’s intentions.

After data has been collected an
organisation must then understand
who is coming into their building
and the risks they represent

For example, understanding why a Certified Nursing Assistant tried to access the pharmacy three times in one week could mean many things.  When the data is viewed as a whole, it demonstrates a possible threat that would have been overlooked if reviewed in separate silos. Identifying the behaviour and then tracking it will provide intelligence to determine if there is a problem. Analysis will determine if an investigation is warranted. In this example, identifying an unusual behaviour mitigates risk and could save thousands of dollars in missing drugs, inventory replacement, possible legal fees and employee turnover.

After data has been collected an organisation must then understand who is coming into their building and the risks they represent. Three types of identities enter a company every day: employees, contractors and visitors. Employees are more often considered a threat these days than in the past. And while the nightly news and movies will have us believe this happens more than we think, in truth, employees are the most vetted of all identities. Background checks, thorough interviewing procedures and recommendations occur before someone is hired.

Contractors are somewhat vetted. When an organisation hires a contractor, they trust that the company where the contractor is employed has done its due diligence and vetted its employee.

Organisations can proactively manage visitors using a web-based visitor management system

Web-based visitor management system

Visitors pose the biggest threat. Visitors range from the friendly sales person who is checking on his favourite account to an estranged husband who is searching for his wife. Companies can no longer afford to use the “sign the notebook” system. Now, organisations can proactively manage visitors using a web-based visitor management system.

A web-based visitor management system gets employees involved in the vetting of a visitor, collecting the necessary data and minimising risk. Employees schedule meetings via the system, which sends an automatic email to the visitor. This creates a record of the visit and notifies the security department of who is coming to the building. The company can enforce its security policies by making the visitor acknowledge the policy before the visit. Temporary access is given to the exact areas where the visit will occur and automatically terminate access when the scheduled time has expired.

A web-based visitor management
system gets employees involved
in
the vetting of a visitor,
collecting the
necessary data and
minimizing risk

This process allows unfriendly visitors to be placed on a watch list. The security team is automatically notified when a watch list visitor enters the building and can take extra precautions.

Knowing who is entering a building before they arrive creates a safer environment. Using a web-based visitor management system provides a data-centric approach to visitor management, giving the necessary departments insight into data and metrics that can help them better staff lobbies at busy times or reduce headcount when it makes sense. Visitors are property vetted and the security staff is aware of their arrival and departure times. The data collected helps COOs properly staff lobbies based on time of day, foot traffic and when necessary, even on who is visiting, such as a VIP.

An organisation can use the data it collects from different systems to streamline processes and improve efficiencies

Data-centric approach

By taking a closer look at its operating procedures, an organisation can use the data it collects from different systems to streamline processes and improve efficiencies, dispute data silos, converge IT and operations and reduce overall risks.

For example, a policy-based identity management system can help companies streamline their internal on-boarding processes by reducing paper and/or email trails, bring together the different departments involved such as HR, IT, Security and the department for which the new employee works. When a new employee starts, their information can be entered into the identity management system and automatically shared with the individuals involved in the on-boarding process. This eliminates errors, unifies the process and is more efficient.

Collecting data from building management systems such as HVAC and lighting systems can help put systems in place that meet internal audit requirements, save energy and reduce costs. Using the reporting capabilities offered in policy-based identity management systems, companies can easily meet complex audit and compliance regulations required by the government when the proper data is collected and save money.

Security managers and C-level executives will be able to better analyse information gleaned from the spectrum of systems when consolidated in a dashboard. They will be able to see everything at a glance and run reports to help make better business decisions. Applying a data-centric approach to business will help organisations reduce risk, reduce costs, meet compliance requirements and become more efficient.

Save