point
The Smart Techie was renamed Siliconindia India Edition starting Feb 2012 to continue the nearly two decade track record of excellence of our US edition.

Managing Compliance Through Physical Identity and Access Management

Ajay Jain
Thursday, January 6, 2011
Ajay Jain
The turn of events at the beginning of this millennium will be etched in the memory of global security practitioners for the next few decades. While 9/11 ushered in a spate of changes in physical security management at government institutions and airports, it has also prompted businesses to assess their own risk exposure as they operate multiple locations spread throughout the world. Internal threats such as employee pilferage and collusion pose even a greater threat for corporate entities, educational institutions and other non-government entities, creating new elements of cost and risk.

For organizations in today’s global economy, compliance has become much more than a simple buzzword; it has become a way of life. Regulations such as Sarbanes-Oxley (SOX), ISO 27000, NERC/FERC, CFATS, GLBA, SAS 70, Basel II, U.S. government-mandated FIPS-201/HSPD-12 and numerous international and EU privacy laws have all driven the need to regularly enforce strict governance in financial reporting and security controls, across both physical and IT infrastructures.

To compound this challenge, many physical security policies and various administrative tasks are executed manually by the security staff, leading to costly, error-prone data entry that can lead to duplication and erroneous identity information within the system.

As most security processes are manual, security practitioners often need to spend additional efforts to ensure that compliance-related controls are operating effectively. They are also expected to prepare reports asserting their compliance. All these efforts spent may go waste if some oversight, compliance exceptions are reported by third-party agencies. These exceptions can not only result in fines and penalties for the organization but they can also dent the organization’s reputation.

Today, there are a few means by which to ensure that compliance-related exceptions are not allowed in the first place. Off-boarding is a manual process which means that an employee can still have physical access despite having the logical access terminated. Delay in removal of physical access for a terminated employee can lead to compliance exceptions. Similarly, access management is a manual process which can be error-prone and lead to compliance violations.


Share on Twitter
Share on LinkedIn
Share on facebook