Trend from RSA Europe to ASIS Anaheim: Mining Security Data for Business Intelligence

| 0 Comments | 0 TrackBacks

Page:   1   2  Next  »

Looking for enterprise gold in identity and access management, video surveillance data

Will identity and access management platforms, PSIM and SIEM and video management systems soon be seen as rich stores of business intelligence data, just as many enterprises view their business, sales and customer relationship management systems?

Given that business intelligence tools are a big business pulling big names (IBM,Microsoft, Oracle), and we are picking up hints that enterprises want to apply these tools to their security data, we'll be watching this space. In the meantime, here's a quick look at some movement we see from security vendors about how to help security executives unlock a veritable treasure trove of data for the enterprise.
Identity and Access Management

Reporting tools tied to identity management systems are likely to reveal increasing amounts of business-relevant data as well as security information.

In his RSA Europe keynote speech delivered October 21, 2009, Dave Hansen, corporate senior vice president and general manager of CA's Security Management Business Unit, called for roles-based user provisioning to specify not just the applications and functions a user may access, but specific data. That way, enterprises can use reporting tools to track what groups of identities are doing with their privileges.

While that ability is great for compliance, there's a business intelligence aspect too. As Joe Anthony, program director of identity and applications security management, IBM Tivoli, pointed out to us in a conversation this past spring, not every exception is necessarily a security breach. Understanding how users interact with data can give vital information about how well designed an application is, reveal customer resistance to a new campaign or product, uncover user training issues and more.

Similarly, how users interact with physical systems and facilities can be revealing. That's the point of Quantum Secure's SAFE Analytics module, officially launched at ASIS in September. The web-based tool monitors, identifies and analyzes alarm and badge usage data originating in physical security systems across an enterprise's global infrastructure.

That's data that can be used to plan security strategies--as well as business operational approaches, as Vik Ghai, CTO and vice president of products for Quantum Secure, explained to Security Squared late this summer. Data about personnel going in and out of buildings, when and how often, can tell the enterprise how efficiently its facilities are being used. In turn, that data is valuable for corporate real estate planning.

The data's value is increased because Quantum Secure can converge its physical identity management with logical identity data sources. That is, knowing which type of employees are using a facility provides more usable data than a generic head count. But achieving that granularity of data requires a physical/logical identity convergence, assuming the logical identity encompasses a departmental or roles-defined identity. That takes us back to Hansen's speech, and the value of very granular roles-based IAM provisioning.

Page:   1   2  Next  »

Looking for enterprise gold in identity and access management, video surveillance data

Will identity and access management platforms, PSIM and SIEM and video management systems soon be seen as rich stores of business intelligence data, just as many enterprises view their business, sales and customer relationship management systems?

Given that business intelligence tools are a big business pulling big names (IBM,Microsoft, Oracle), and we are picking up hints that enterprises want to apply these tools to their security data, we'll be watching this space. In the meantime, here's a quick look at some movement we see from security vendors about how to help security executives unlock a veritable treasure trove of data for the enterprise.
Identity and Access Management

Reporting tools tied to identity management systems are likely to reveal increasing amounts of business-relevant data as well as security information.

In his RSA Europe keynote speech delivered October 21, 2009, Dave Hansen, corporate senior vice president and general manager of CA's Security Management Business Unit, called for roles-based user provisioning to specify not just the applications and functions a user may access, but specific data. That way, enterprises can use reporting tools to track what groups of identities are doing with their privileges.

While that ability is great for compliance, there's a business intelligence aspect too. As Joe Anthony, program director of identity and applications security management, IBM Tivoli, pointed out to us in a conversation this past spring, not every exception is necessarily a security breach. Understanding how users interact with data can give vital information about how well designed an application is, reveal customer resistance to a new campaign or product, uncover user training issues and more.

Similarly, how users interact with physical systems and facilities can be revealing. That's the point of Quantum Secure's SAFE Analytics module, officially launched at ASIS in September. The web-based tool monitors, identifies and analyzes alarm and badge usage data originating in physical security systems across an enterprise's global infrastructure.

That's data that can be used to plan security strategies--as well as business operational approaches, as Vik Ghai, CTO and vice president of products for Quantum Secure, explained to Security Squared late this summer. Data about personnel going in and out of buildings, when and how often, can tell the enterprise how efficiently its facilities are being used. In turn, that data is valuable for corporate real estate planning.

The data's value is increased because Quantum Secure can converge its physical identity management with logical identity data sources. That is, knowing which type of employees are using a facility provides more usable data than a generic head count. But achieving that granularity of data requires a physical/logical identity convergence, assuming the logical identity encompasses a departmental or roles-defined identity. That takes us back to Hansen's speech, and the value of very granular roles-based IAM provisioning.

<!--nextpage-->

PSIM and SIEM

Watch also for increased emphasis on the reporting capabilities of physical security information management (PSIM) and security information and event management (SIEM) tools. These tools already create reports that physical security and information security professionals use to monitor their performance. Given the scope of systems from which PSIM and SIEM tools monitor and collect log data, they similarly are sitting on vast storehouses of data that could reveal useful business information.

A hypothetical case: regular alarms from a warehouse management system and surveillance cameras correlated by a PSIM platform might turn out to mean a new vendor isn't following proper security and inventory management procedures. Making such correlations available, in plain English, to business users would provide a valuable service. 
 
Video Surveillance and Management

Another major source of enterprise data via security is video. Sometimes video has been an accidental source of business information, such as when an enterprise installs surveillance cameras to solve a security issue, then realizes the system has also collected visual data about, say, personnel levels at peak business hours or materials flow on an assembly line.

Using video for enterprise intelligence is definitely becoming more intentional, as our Steve Titch's reporting from ASIS this year indicates. IP-based, open video management system vendors are promoting the business information uses of their systems. Many also are working to make video data more structured so it can be integrated and correlated with other types of digital data.

Being able to link visual data with other types of log data could provide interesting intelligence: video analytics might count significant foot traffic on the main floor of a city department store on weekdays between the hours of 11:30 am. and 2:00 p.m.; correlation with the same time period on a point of sale system might show only a percentage of the traffic translates to sales, and most of those occur in women's hosiery and a greeting card kiosk.  

Using surveillance video for business ends logically could influence camera purchases as well, assuming the vendors' solutions for streamlining storage and management of terabytes of video data streams are successful. For example, thermal imaging vendor FLIR has a strategy to make thermal technology affordable and ubiquitous: business intelligence might be a justifier for its technology. Security won't be the only users who want clear, crisp, high definition images; business users may also put those at a premium for monitoring customer or employee behavior.

Bottom line, that's what more reporting capabilities aimed at business end-users are likely to do: increase the value of the data gathered by security systems about physical and logical events. In turn, that should speed executive recognition that security is a critical business function that can offer the enterprise much more than mere compliance.

###



No TrackBacks

TrackBack URL: http://www.securitysquared.com/cgi-bin/mt/mt-tb.cgi/131

Leave a comment