The need for regulatory compliance is impacting the practice of security more than ever before. The development of new laws and regulations requires security directors to maintain a constantly growing level of education and knowledge simply to remain ahead of the curve and in full compliance.
Fortunately, technology exists to help meet these regulatory requirements. For dealers and integrators, this represents an excellent opportunity. The first and simplest step in leveraging regulatory requirements to enhance sales is understanding what off-the-shelf solutions exist to address these pain points.
One area with great potential is identity management and access control. Existing off-the-shelf software can enable customers to perform important identity and access control functions in the context of meeting regulatory requirements, with adherence to specific regulatory guidelines built into the rules of the software.
Translating Regulations Into System Functions
Many governmental regulations (see sidebar) include tight requirements for identity management — requirements fulfilled by certain off-the-shelf software solutions. For customers searching for an effective identity management solution, the added benefit of meeting regulatory needs presents a strong incentive to purchase an automated enterprise-wide identity management system, and a business opportunity for security integrators.
In the energy market, for example, such a system can identify and control who enters and exits a facility, track the movements of building occupants and assets, and integrate control and security systems for greater speed and efficiency.
For airports, an identity system can manage and control access to the air operations area (AOA), identify aircraft operators and airport tenants and track completion of required training programs. For government operations, software can identify federal employees and contractors seeking physical access to federally controlled facilities, manage the complete lifecycle of identities granted access, and ensure interoperability within and between agencies.
Identity management software used in the petrochemical industry can analyze worst-case scenarios, manage safety information and training, perform compliance audits and incident investigations, manage contractors and become part of an emergency response program.
A Policy-Based Automated Solution
In addition to ensuring regulatory compliance, an automated identity solution incorporates policy-based risk management and implements the necessary security controls to prevent and detect unauthorized access to areas, systems and data.
A holistic approach to physical and logical identity and access management includes identity lifecycle management across both physical and logical arenas. In effect, an extra software layer added to existing systems can communicate with and tie together disparate physical access control systems and centralize their management. By helping to address enterprise needs to control logical access, software also achieves the goal of physical and logical security convergence.
Establishing internal controls with software automates key compliance policies to make physical security compliance a real-time, repeatable, sustainable and cost-effective process. Integrated monitoring and reporting provide auto-remediation of compliance anomalies and one-button reporting to instantly enforce and maintain compliance.
Meeting regulatory mandates is an important element of risk management for a company. Software enables compliance initiatives to be automated in real time to create a transparent, traceable and repeatable global process to manage governance and compliance. To comply with regulations takes strict governance of security controls across both physical and IT infrastructures and management of risk on an enterprise level.
Software can also analyze risk and compile key data across the physical security infrastructure. Integrated infraction management can automatically trigger notifications and/or change access privileges. Software can define, audit and enforce Segregation of Duty policies across the physical infrastructure. It can manage risk levels associated with persons of interest, based on lists of physical identities that are potential threats to an organization along with their risk profile and historical details.
Customized assessment reports covering global locations can be provided to a single Web console; and daily, weekly and monthly operational reports can be generated automatically to provide security practitioners with information to optimize staffing, budgeting and other resources.
These capabilities greatly expand the scope of system function and offer a new opportunity for integrators to serve higher-level enterprise needs.
Page 1 of 2 pages 1
Business Management ·
Identity Solutions ·
Commenting is not available in this channel entry.