Business & Marketing
Delivering converged physical and logical access control solutions
By Nick Stoner
The ability to combine physical and logical access control on a single credential improves user convenience while increasing security and reducing deployment and operational costs. Convergence solutions enable organizations to leverage their existing credential investment to seamlessly add logical access control for network log-on and create a fully interoperable, multi-layered security solution across company networks, systems and facilities. Converged solutions also help organizations enforce more consistent policies, while facilitating the use of consolidated audit logs throughout the enterprise.
By Nick Stoner
It takes only a few required elements for deploying a combined physical and logical convergence solution.
1. The first element is a credential management system that provides a single platform for issuing and managing devices and credentials over the course of their lifecycle.
2. Second, the credentials themselves are most certainly a necessity. Organizations need a broad range of card technologies in order to seamlessly manage multiple applications and migration projects using a single credential.
3. The third vital element is the card reader. Options are available for desktop/laptop, general-use and multi-technology smart card applications.
4. The last required piece to a converged solution is the ability to create customized photo IDs and encode smart cards for physical and logical access control, typically through a choice of high-definition and direct-to-card printer/encoders.
For a full, converged solution with all the bells and whistles, there are a few more options that can provide a well-rounded solution, including: An authentication server that eliminates the vulnerabilities associated with static passwords while supporting compliance with industry and government regulations covering multi-factor authentication, authorization and auditing. This server should deliver complete, cost-effective, multi-layered and versatile strong authentication capabilities, and provide broad support for authentication devices and methods, using an open standards-based platform that seamlessly integrates with any existing computing environment. Secondly, smart card middleware for handling the secure communications for PKI transactions allows government organizations to easily use smart cards and USB tokens for a variety of desktop, network security and productivity applications.
A final important consideration is for organizations to future-proof their solutions and investments for deploying converged physical and logical access control on mobile platforms. The ability to put a secure credential on NFC-enabled phones for permission-based access control makes smartphones an ideal platform for carrying multiple types of physical and logical access credentials. These credentials can be issued over the air using a convenient, cloud-based provisioning model that eliminates credential copying and makes it easier to issue temporary credentials, cancel lost or stolen credentials, and monitor and modify security parameters when required. New applications also can also be easily pushed to the phone, so that multi-factor authentication becomes a contextual, real-time managed service.
Together, these elements comprise the key ingredients of a forward-thinking and fully comprehensive physical and logical access control solution that is designed to improve user convenience while enhancing security, reducing cost, streamlining management, and simplifying policy compliance and associated auditing requirements.
Nick Stoner is director of professional services – identity assurance, Americas, for HID Global.