Software can combine information from various systems to create a single identity across the organisation |
In today's enterprise business environment, the best approach to managing risk for a known scenario is to both prepare for it and guard against it. Effective security management necessitates credible real-time information about risk and the ability to respond to that information in a timely manner. However, that information is often not available in real-time or may not be accessible in a format that is immediately understandable. Although network connectivity has now made it possible to access the information from the far reaches of a corporation, interpreting and structuring information and assessing its impact on risk are all functions that require intelligent software. In this article, President and CEO of Quantum Secure, Ajay Jain emphasises the need for intelligent software for effective enterprise risk management.
A software approach can serve the needs of enterprise security professionals who find themselves drowning in data but starving for information. It can transform a multitude of data points into trends, translating the abundance of information from throughout the enterprise into intelligent insight about operations and risk. In the process, software can combine the disparate elements of a physical security system into a unified whole.
Integration has been the industry buzzword for decades, but for all the discussion about integration, security systems still often exist as discrete, independent elements of a security operation.
Beyond consideration of security systems is the question of the “integration” of security with the enterprise as a whole. Information about a company's security stature and risk exists throughout the company. Managing the entire security operation requires combining disparate data with information from the various security-specific technologies into an overarching system that can analyse and present the information in an actionable format in real time. That's the role of new cutting-edge software systems.
Software enables security systems that previously could merely interoperate to now become truly integrated. In addition to managing risk, easy access to a broader selection of understandable information from throughout an enterprise can streamline operations, lower operational costs and contribute to greater efficiencies.
Identity management – the starting point
A key element of minimising risk is identity management, ie. managing the identities related to physical access systems. Software can combine the information from various systems to create a single identity across the organisation. Integrated with logical security systems, software can ensure synchronised and policy-based on-/off-boarding of identities and their physical access levels across multiple security systems.
Software can also provide real-time monitoring and remediation, analyse risk and compile key data |
All types of identities can be managed, including permanent and temporary employees, contractors, service providers and vendors. Users can also manage details of a physical identity, such as biographic and biometric information, results of security checks and historical usage. Software provides a central location to search and assign access levels to an identity across multiple physical access control systems. An urgent termination feature can allow authorised personnel to immediately deny physical access. In addition to aggregating access level information from various systems, the user can manage additional details such as risk level, area owner, multiple approvers and prerequisites for access, such as training. The system can provide audit trails of all transactions.
Integrating identity and events
Integrating physical identity with access and event management is another element of managing risk. Software can monitor various security systems and correlate events, situations and identities for real-time analysis and response. Event correlation software can automate business processes and enable policy-driven and expedient response to physical security incidents and situations.
With advanced software, the user can view and manage a variety of endpoints in an intuitive Web-based console, with automated, checklist-driven processes to improve efficiencies. Handling of security alarms and operations is streamlined, false alarms are reduced and guard/staffing resources are optimised for lower overall cost and risk.
Managing compliance and risk
Companies face compliance requirements to regulations, many of which are specific to industries/ verticals be it financial, industrial or even those related to personal identity and privacy protection. Ensuring compliance of these regulations is an important component of a risk management and security management strategy for a company. Software enables compliance initiatives to be automated in real time to create a transparent, traceable and repeatable global process to manage governance and compliance. To comply with regulations takes strict governance of security controls across both physical and IT infrastructures and management of risk on a holistic level.
Software can also provide real-time monitoring and remediation, analyse risk and compile key data across the physical security infrastructure. A closed-loop approach can automate assessment and auto-remediation based on user-defined controls. Integrated infraction management can automatically trigger notifications and/or change access privileges. Software can define, audit and enforce Segregation of Duty (SOD) policies across the physical infrastructure. It can manage risk levels associated with persons of interest (POI). Customised assessment reports covering global locations can be provided to a single Web console.
Bridging technology and operations
A software approach can serve the needs of enterprise security professionals who find themselves drowning in data but starving for information |
Rules-based software can bridge the gap between technology and operations by integrating adherence to security policies as part of a unified identity management program. Software can automate and enforce global physical security policies and help to ensure both governance and compliance using an organisation's existing physical security and IT infrastructure. Unifying hardware solutions with security policies using rules-based software that is custom-configured to a site's specific needs is a cost-efficient and effective route to managing risk.
Managing an enterprise security operation depends on proactively measuring and managing security events, alarms and space utilisation for more effective protection of assets and infrastructure. Software can analyse data from hundreds – if not thousands – of endpoints such as door readers, access points, alarms and related security personnel. Operational data – retrieved, aggregated and stored daily – can be processed and incorporated into Web-ready reports for high-level analysis.
Physical security information management (PSIM) solutions help aggregate and correlate event data from a host of access points and devices. However, only cutting edge rules-based software can correlate all the event data with identity and access data to enable security operations to effectively respond to security incidents.
Software can provide a flexible, scalable and secure approach to managing employees, contractors and visitors. It can integrate with an existing physical security infrastructure. Software can automate all processes that encompass the “life cycle” of an identity as it relates to physical security.
An integrated physical security identity, access and event management software solution provides complete control and visibility into physical security operations. Combining the various elements enables policy-driven responses to physical security incidents and situations in the most expedient manner – and minimises risk.
Ajay Jain |