Centralized Security Ops; Managing Visitors; Federated Identities and more: A News Release Round-up

| 1 Comment | 0 TrackBacks
In weaving together all the strands of technology and business processes that go into converging physical/logical identity management, several threads were especially intriguing--and showed up in several recent news releases.

Centralized Security Operations

First, Proximex, a physical security information management (PSIM) vendor, and systems integrator Convergint Technologies announced they'd jointly created a central command and control center for a "Fortune 50 provider of healthcare benefits."  (Based on Fortune's rankings, the company in question could be UnitedHealth Group at #21 or WellPoint at #32.)

The release is light on implementation details, but notes Proximex's Surveillint system was the security integration platform for a command center that "provides a centralized view of [the company's] environment to monitor alarms, reduce costs associated with monitoring, and improve response times at hundreds of sites across North America."

While I was researching converged identity and access management, several sources, especially identity management consultant Guy Huntington and Jasvir Gill, CEO of Alert Enterprise, emphasized that creating one, merged physical/logical credential does not equal centralized security operations. Their point was all the alarms--from physical and logical systems--need to come to a central location so they can be correlated. That could mean having one console for logical alarms and another for physical system alerts--but they need to be in the same room.

I'll be exploring this topic more in coming weeks--starting with conversations with some key PSIM and situation management vendors, including Proximex, Vidsys and Orsus.

Managing Visitors

Many sources in our "One Person, One Identity, One Credential" feature also told me that accounting for visitors, contractors, regular and occasional maintenance and repair personnel is a big challenge to streamlining physical/logical access control and identity management. Many of these identities may receive credentials from the physical security department with little or no oversight from HR or other identity owners. In one case, consultant Guy Huntington told me a department was issuing credentials good for one year--because no one had given direction otherwise.

Two releases touched on this theme. For starters, Lenel Systems International has put a new visitor management system in its OnGuard 2009 security management system. According to the news release, the module includes several modules that can be purchased individually or as a system. These include host enrollment, which enables employees to schedule meetings and enroll visitors from their network PCs using Internet Explorer 7.0; a front desk application for receptionists that standardizes tasks involved in receiving and processing visitors, including printing temporary badges; and self-service kiosk applications visitors may use in busy or unstaffed lobbies. The kiosk includes a camera and printer for badges.

Federated--and Converged--Identities

Also on the subject of managing non-employee identities, a release about trusted credentials and The Federation for Identity and Cross-Credentialing Systems (FiXs) network raised some interesting notions.

FiXs is a nonprofit organization that verifies and authenticates the identity of personnel who want to enter U.S. military installations and other government-controlled areas, as well as commercial sites tied to the network.
  It doesn't create credentials or hardware. In the site's words, FiXs "delivers a trusted infrastructure that provides participating members with a high-assurance means to authenticate the actual identity of individuals presenting FiXs-certified credentials for access to facilities and systems." (Note the physical/logical convergence there.)

To accomplish this, FiXs relies on a Federated Trust Model, akin to that used by the ubiquitous Automated Teller Machine networks. The model's components are interdependent and require 1) a trusted organization and 2) a trusted individual identity within that organization.

The two are linked through a "chain of trust" process that gives vetted and trusted organizations the ability to create and issue individual identity credentials that can be authenticated and managed over the trusted and secure network by other members and government users.


Identity federation like that described above is typically cited as important for contractors needing to enter government facilities. In the private sector, you could also think of business partners, consultants, customers, janitorial, maintenance, delivery and repair personnel who need access to an enterprise.

Given that so many of these service companies and consultancies are now national if not multinational enterprises rather than mom-and-pop businesses, and (we hope) have sophisticated HR systems, wouldn't it be interesting if a similar third-party authentication network existed for them and their employees? 

Standards would be an issue--FiXs uses the Department of Defense's credentialing infrastructure. Higher employee turnover rates in service positions could complicate matters too--you'd want a fairly low credential cost. Yet using a third party network to authenticate identities of the many different kinds of workers who regularly access many different enterprises seems like it could offer economies of scale. Here's one federal concept that might make some sense in private business if carefully translated.

The Automated Building is Just The Beginning

Finally, Frost & Sullivan gave Johnson Controls its Market Leadership of the Year award, specifically citing the company's Metasys building management system as an exemplar of the company's "core competencies and high standards of technical innovation."

The reason the release stood out was because it cited the number of building systems Johnson has its hooks into, plus a wireless communications backbone. Put those facts next to Johnson's public discussions of integrating physical access control systems with logical identity systems, and what emerges is a formidable player able to drive convergence benefits across many systems. Further, its sales focus won't be just about security or better managing facilities, but will be about better business management and processes. That's what convergence is really all about.

###







In weaving together all the strands of technology and business processes that go into converging physical/logical identity management, several threads were especially intriguing--and showed up in several recent news releases.

Centralized Security Operations

First, Proximex, a physical security information management (PSIM) vendor, and systems integrator Convergint Technologies announced they'd jointly created a central command and control center for a "Fortune 50 provider of healthcare benefits."  (Based on Fortune's rankings, the company in question could be UnitedHealth Group at #21 or WellPoint at #32.)

The release is light on implementation details, but notes Proximex's Surveillint system was the security integration platform for a command center that "provides a centralized view of [the company's] environment to monitor alarms, reduce costs associated with monitoring, and improve response times at hundreds of sites across North America."

While I was researching converged identity and access management, several sources, especially identity management consultant Guy Huntington and Jasvir Gill, CEO of Alert Enterprise, emphasized that creating one, merged physical/logical credential does not equal centralized security operations. Their point was all the alarms--from physical and logical systems--need to come to a central location so they can be correlated. That could mean having one console for logical alarms and another for physical system alerts--but they need to be in the same room.

I'll be exploring this topic more in coming weeks--starting with conversations with some key PSIM and situation management vendors, including Proximex, Vidsys and Orsus.

Managing Visitors

Many sources in our "One Person, One Identity, One Credential" feature also told me that accounting for visitors, contractors, regular and occasional maintenance and repair personnel is a big challenge to streamlining physical/logical access control and identity management. Many of these identities may receive credentials from the physical security department with little or no oversight from HR or other identity owners. In one case, consultant Guy Huntington told me a department was issuing credentials good for one year--because no one had given direction otherwise.

Two releases touched on this theme. For starters, Lenel Systems International has put a new visitor management system in its OnGuard 2009 security management system. According to the news release, the module includes several modules that can be purchased individually or as a system. These include host enrollment, which enables employees to schedule meetings and enroll visitors from their network PCs using Internet Explorer 7.0; a front desk application for receptionists that standardizes tasks involved in receiving and processing visitors, including printing temporary badges; and self-service kiosk applications visitors may use in busy or unstaffed lobbies. The kiosk includes a camera and printer for badges.

Federated--and Converged--Identities

Also on the subject of managing non-employee identities, a release about trusted credentials and The Federation for Identity and Cross-Credentialing Systems (FiXs) network raised some interesting notions.

FiXs is a nonprofit organization that verifies and authenticates the identity of personnel who want to enter U.S. military installations and other government-controlled areas, as well as commercial sites tied to the network.
  It doesn't create credentials or hardware. In the site's words, FiXs "delivers a trusted infrastructure that provides participating members with a high-assurance means to authenticate the actual identity of individuals presenting FiXs-certified credentials for access to facilities and systems." (Note the physical/logical convergence there.)

To accomplish this, FiXs relies on a Federated Trust Model, akin to that used by the ubiquitous Automated Teller Machine networks. The model's components are interdependent and require 1) a trusted organization and 2) a trusted individual identity within that organization.

The two are linked through a "chain of trust" process that gives vetted and trusted organizations the ability to create and issue individual identity credentials that can be authenticated and managed over the trusted and secure network by other members and government users.


Identity federation like that described above is typically cited as important for contractors needing to enter government facilities. In the private sector, you could also think of business partners, consultants, customers, janitorial, maintenance, delivery and repair personnel who need access to an enterprise.

Given that so many of these service companies and consultancies are now national if not multinational enterprises rather than mom-and-pop businesses, and (we hope) have sophisticated HR systems, wouldn't it be interesting if a similar third-party authentication network existed for them and their employees? 

Standards would be an issue--FiXs uses the Department of Defense's credentialing infrastructure. Higher employee turnover rates in service positions could complicate matters too--you'd want a fairly low credential cost. Yet using a third party network to authenticate identities of the many different kinds of workers who regularly access many different enterprises seems like it could offer economies of scale. Here's one federal concept that might make some sense in private business if carefully translated.

The Automated Building is Just The Beginning

Finally, Frost & Sullivan gave Johnson Controls its Market Leadership of the Year award, specifically citing the company's Metasys building management system as an exemplar of the company's "core competencies and high standards of technical innovation."

The reason the release stood out was because it cited the number of building systems Johnson has its hooks into, plus a wireless communications backbone. Put those facts next to Johnson's public discussions of integrating physical access control systems with logical identity systems, and what emerges is a formidable player able to drive convergence benefits across many systems. Further, its sales focus won't be just about security or better managing facilities, but will be about better business management and processes. That's what convergence is really all about.

###







No TrackBacks

TrackBack URL: http://www.securitysquared.com/cgi-bin/mt/mt-tb.cgi/70

1 Comment

Following my monitoring, billions of persons in the world receive the loans at well known creditors. Thus, there is a good possibility to find a collateral loan in all countries.

Leave a comment