Short-term security fixes

Although Hollywood-style converged security — with biometric identification tied in to physical and logical access — is still years away, there’s no shortage of actual applications of converged security that solve real enterprise problems and are possible (and affordable) using today’s technology. Here are a few:

Single sign-on. If your CFO just swiped his badge in the front lobby, why is she trying to VPN in from Eastern Europe? Adding physical presence data to the mix when making network admission decisions is low-hanging fruit on the security convergence tree, and solves a big problem for enterprises that are looking for ways to confirm the identities of those who access their networks remotely, as well as cut down on problems such as “tailgating” (when an intruder sneaks behind an authorized person into a secure area) at the office, says David Ting, CTO of Imprivata. His company’s OneSign single sign-on appliance notes whether or not you’ve badged into the building, and blocks network access for those who have entered the building illegally. Valid workers who tailgate in on an employee’s badge may have to answer challenge-and-response questions before they are allowed on.

Forensics. The IT press has made a big deal about new, IP-based video surveillance cameras, and how technology such as biometric facial recognition can distinguish friend from foe. Linking video surveillance and face scans to access control systems might be more than most enterprises want to bite off, but the new systems can be useful in analyzing what went wrong in security incidents, if not stopping them before they happen. Companies such as Broadware, OnSSI, and 3VR — not to mention IBM — allow companies to centrally monitor, manage, and archive IP-based video feeds enterprisewide. Those feeds can then be analyzed to understand why security breaches occur and to improve the risk posture of the organization in the future. “Large companies like Home Depot don’t want to recover their losses; they want to prevent or at least contain problems and risk before it gets too serious,” says Bill Crowell, a security consultant. IP-based video systems can help.

User provisioning/deprovisioning. Despite the image of IT security as ever vigilant, it often falls short of cutting off access to former employees and other insiders. Indeed, whereas you can expect to have your door access card confiscated and your physical access to a facility blocked on the day you leave a company, you may well be able to log on to the company’s network or voice system for days, weeks, or even months later, security consultants say. At the same time, enterprises that rely on proprietary badging technology often fail to link it to IT provisioning, says Jon Gossels of System Experts. “It’s easy to take the leap and say, ‘Let’s put that on the secure part of the network, so the IT staff can say: Oh, I’ve issued 1,000 badges, but 20 are missing, so let’s disable those.’” Doing so might also reinforce the importance of taking away logical as well as physical access for the IT staff.