"It is
impossible for ideas to compete in the marketplace if no forum for
� their presentation is provided or available." �������� �Thomas Mann, 1896
The
Marriage of Physical and Logical Access:
Unifying the Keys to the Kingdom
Contributed
by:� SSP Litronic , Inc.
�
�
Access Control:
Getting Past the Gatekeeper
There is a
two-tiered approach to security that all businesses must consider in order to
fully protect their assets: physical security, which denotes real property
such as buildings and facilities; and information security, which encompasses
the data and intellectual property that resides on computer networks. It is
vital that any business take both into consideration when implementing an
overall security strategy. Whether you’re a small business or a large
enterprise, the consequences of a security breach can be drastic. Managing
access to resources is one of the most proactive ways to safeguard both
physical and intellectual property.
Access
control is the mechanism by which a system grants or restricts the right to
access facilities (physical access) or computer networks and data (logical
access). Many large enterprises have already deployed technology for physical
security. Employees with the appropriate clearances or permissions are
provided with smart identification (ID) cards that verify their rights and
privileges. Once presented, scanned or inserted into readers, these
credentials permit access to secure areas of the workplace, which often
include parking garages, manufacturing facilities and research and development
laboratories.�
Smart Cards: The
Foundation for Stronger Authentication
Although
businesses have long realized the necessity of smart card-based physical
access control, the adoption of smart card-based logical access control has
taken place at a slower rate. This trend is somewhat surprising, considering
how easy it is for intellectual property to be compromised. There is obvious
value in preventing unauthorized persons from entering restricted areas.
However, physical access control provides a very limited degree of protection
for computer resources, which can include networks, PCs, workstations and
laptops.
In
today’s digital world, the vast majority of business assets are in
electronic form. The data that resides on computer networks is sensitive and
proprietary, including everything from financials to product plans. If this
data were to be compromised, it could easily result in a company losing its
competitive edge, and eventually, customers. Additionally, today’s workforce
is not as stable as it once was. A high turnover rate and increased use of
outsourcing means that more people than ever are accessing corporate data. For
global enterprises with thousands of employees, there is a exponentially
higher potential for information security breaches.�
Unfortunately,
many enterprises still tend to be very reactionary when it comes to network
security. The need for, and value of, network security becomes evident only
when there is an actual attempt to compromise information. But this viewpoint
is changing, considering recent legislation that is affecting business
processes for protecting, retaining and managing data. A worst case scenario
exists in heavily regulated industries such as financial services and
healthcare, which handle highly sensitive information and bear extra
responsibility for maintaining data integrity and privacy. Should information
be leaked, the potential liability is enormous.
Considering
the ramifications of unauthorized access to data, it is concerning that most
enterprises are still only using user names and passwords for logical access
control. A specific user name and password is created for each user, and for
each application that he or she requires access to. This creates two major
problems. First, user names and passwords are the lowest form of
authentication that exists. They are easily compromised - often written down
and easy to share with others - and therefore do not provide the high level of
assurance necessary to protect critical data. Secondly, passwords are a
headache for both users and IT staff. Employees have so many passwords that
they invariably forget them and have to call the help desk to either remember
or reset them. This drains valuable IT time and resources, resulting in lost
productivity and higher support costs for the organization.
Increased
security risks, combined with the weakness and inefficiency of the user name
and password model, are now driving the need for smart card-based logical
access control. Defined
at its highest level, a smart card is a credit-card sized plastic card that
includes an embedded computer chip. The chip can either be a microprocessor
with internal memory or a memory chip alone. There are two general categories
of smart cards: contact and contactless smart cards. A contact smart card
requires insertion into a smart card reader, while a contactless card requires
only close proximity to a reader. Smart cards store large amounts of data,
carry out on-card functions such as encryption and digital signatures, and
interact intelligently with a smart card reader.
Already
widely implemented by government agencies, including the Department of
Defense, smart cards provide higher assurance via two-factor authentication
- it requires something the user knows (a password) and something the user
has (the smart card). Smart cards also provide stronger authentication by
virtue of being based on Public Key Infrastructure (PKI). PKI is an
architecture of trust that supports a certificate-based public key
cryptographic system. PKI uses a combination of
public and private keys to authenticate identity, and typically includes
digital certificates, a certificate issuance authority and a registration
authority.
Unifying the Keys to
the Kingdom
With smart
card-based physical access already in place at many enterprises, the next
logical step is to afford the same level of protection for information assets.
Physical access control provides a first line of defense, but a multi-layered
approach is required for truly proactive security. As such, there is a
compelling argument to implement smart cards for logical access. In fact,
businesses stand to realize the most benefits in cost savings, ease of use and
increased security by “marrying” physical and logical access control onto
one platform. Instead of adding technological and management complexities by
having separate access control systems for physical facilities and electronic
data, it makes the most sense to combine the two for higher assurance, cost
savings, efficiency and ease of use.
Since more
than one access application can be carried on a single smart card, employees
can use one card to access physical and logical resources without carrying
multiple credentials. From the doorways to the desktops, one convenient
solution provides the secure identity management, strong authentication and
access control necessary to safeguard both physical and intellectual assets.
The Department of Defense has already realized the importance of this with its
Common Access Card (CAC) program. A smart-card based CAC is issued to all
military and civilian employees and contractors. These cards are used to
digitally sign and encrypt documents, in addition to providing secure access
to buildings and computer networks.
The marriage
of physical and logical access builds an infrastructure of increased trust.
Deploying smart cards to employees, partners and other key individuals is a
proactive enterprise approach to higher assurance. User names and passwords
should be considered an unacceptable access control mechanism, as they are
easily forgotten or compromised. The multi-factor authentication and PKI
architecture offered by smart cards vastly decreases the likelihood that
unauthorized users will gain access to sensitive data.
When
deploying new technology, companies must consider the long-term return on
investment. Smart cards provide significant ROI in terms of both cost savings
and increased security, especially for global enterprises that have thousands
of employees dispersed all over the world. Supporting system components can be
networked, allowing separate functional areas in an organization to exchange
and coordinate information automatically and in real time around the world.
For organizations that already have smart card-based physical access in place,
they can simply expand card use to protect network resources and benefit from
an easily scalable solution. Legacy systems, including physical access system
components, can be leveraged for investment protection while providing
increased security for logical access. Enterprises can also reduce their IT
support costs with the implementation of smart cards. Although the perceived
low cost of user names and passwords my have contributed to their popularity,
the real expense occurs on the back end with support and password management
costs.
Ease of use
is another compelling argument for marrying physical and logical access on a
single platform. Users will not have to carry multiple credentials and they
will not have to remember multiple passwords or PINs to access applications
and data. Instead, they will have one smart card that they can use for
everything.
Smart
card-based physical and logical access control provides a superior foundation
for secure identity management. By unifying the keys to the kingdom,
enterprises can protect their assets and employees’ personal information,
while addressing regulatory requirements and reducing potential liability. As
it stands today, smart cards are the most viable way to bring security out to
the edge of the enterprise.
Visit the Authors Web Site
Inquiry Only - No Cost Or Obligation
�
�
Search Our Site
Search the ENTIRE Business
Forum site.�Search includes the Business
Forum Library, The Business Forum Journal and the Calendar Pages.
Disclaimer
The Business Forum, its Officers, partners, and all other
parties with which it deals, or is associated with, accept
absolutely no responsibility whatsoever, nor any liability,
for what is published on this web site.��� Please refer to:
Home���
Calendar��� The�Business�Forum�Journal����
Features���
Concept���
History
Library� ��
Formats���
Guest�Testimonials���
Client�Testimonials���
Experts��� Search
News�Wire���� Join���
Why�Sponsor����
Tell-A-Friend����
Contact The Business Forum