January 2010 Archives

IT Identity Management Logical Fit for Physical Security

| 0 Comments | 0 TrackBacks
What does an apparently IT-centric topic like "identity management" have to do with physical security? That's the central question Security Squared addresses in this conversation with Sebastian Rohr, an identity management and convergence consultant based in Germany.

Rohr (pictured) knows identity, both its logical and physical aspects, from a range of positions that include stints as network security consultant for Siemens AG; head of the Lab for Mobile Rohr.jpgSecurity & Convergence at the Fraunhofer Institute for Applied Research on Information Security; solution strategist for eTrust Identity & Access Management at CA; chief security advisor for Microsoft, and since 2007, as partner and senior analyst for Kuppinger Cole Ltd., the Dusseldorf, Germany-based identity and access management consultants.

In addition, Rohr is the founder and CTO of accessec, which offers convergence consulting. He's also the brain and architect behind a "convergence framework" called "ONEaccess" that combines physical access control, identity management, smart cards, biometrics and more. Originally conceived as a demonstration of physical-logical identity convergence possibilities, ONEaccess stirred enough interest in European physical and logical security professionals that it has been developed as a commercial offering by  new|frontiers Software .  (Rohr now consults on the ONEaccess architecture but does not sell or develop the product.)

Security Squared's Sharon J. Watson talked with Rohr via telephone last week, discussing why he thinks it's imperative--and natural--for physical security professionals to be conversant with identity management technology; the critical need to verify physical identity for truly secure cloud computing; the role of biometrics in identity convergence; and the vital step of thinking through and managing the intersection of humans and converged identity technologies.

The following is a transcription of our conversation, edited for length and clarity.

Sharon J. Watson: Let's talk about why a physical security professional should care about the realm of identity management, which seems so very IT oriented.

Sebastian Rohr: Yes, it is, definitely. First of all, from my contacts with the physical security realm, over the last decade the rather proprietary technology used in physical security more and more came to a situation where today the security solutions almost 100% are based on some sort of everyday IT technology....And all the guys who before had to hand out punch cards or keep track of people getting in and out of facilities and had to write in a manual keeping track of everything, now have to deal with electronics and IT systems that keep track of that.

Everybody has to work with badges, and those badges are not written by these guys, they are all produced and manufactured with the use of IT technology. So it is a must for the physical security guy to look into IT itself. And then the next big thing is looking into identity management within IT because what the security professionals have done in the physical realm for the last century is actually deal with identities in a way that nobody else besides HR has done.

January 2010 Archives