Page 44 - Security Today, September 2020
P. 44
selves much more prepared to respond to the pandemic and all the new facets now part of identity management and compliance.
Businesses already down the path of digital transformation have been able to pivot, survive, thrive and serve customers and protect their workforce during these disruptive times.
Enterprise security leaders now understand that the effects of a cyber breach, physical attack, manufacturing loss, or contagion on site far outweigh the costs of a holistic and converged system. Those who embrace the digital transformation will enable cohe- siveness of systems and data, with the end result delivering proac- tive threat detection and prevention— a unified threat response to mitigate risk and greater situational awareness.
Identity Management With Muscles
Identity management software platforms integrate with HR programs and processes to bring together the human side of se- curity, working in tandem to create a better and safer enterprise. Identity management with Identity Intelligence technology that incorporates artificial intelligence and machine learning can set risk scores, adding filters and exceptions to flag, escalate and de- tect anomalies in access and even production processes. Active policy enforcement rules-based engines automatically identify policy violations and unauthorized access as well as operational and procedural issues. In addition, identification credentials au- tomatically expire and are taken offline when access is no longer granted, reducing risk from a disgruntled employee in-house.
The power of security convergence is most evident when it automates and detects seamlessly across more than one domain, like IT and physical security. Consider this real-world scenario: a utilities company employee enters the company through the main lobby, takes the elevator to his floor and badges in to gain access through that level’s main door. He proceeds to his desk and signs into the company network to access his email. At the same time someone is using the identical access credentials remotely via the VPN. Obviously he can’t be physically present locally and remotely.
A converged platform detects the external intrusion by auto- matically identifying the access anomaly and allows security to immediately disable access, preventing a potential threat.
Now, let’s put this in a COVID-19 context. With the pandemic and the return to work, modification to identity management is required for safety, company policy and compliance reporting. Workforce
Health and Safety access governance software solutions help organizations open safely in a frictionless, controlled and secure way by automating and enforcing COVID-19 related policies and procedures. Automated batch email/text notifications with self-ser- vice links send requests to the remote workforce for self-attestation and self-reporting offsite and enable access by the worker to the fa- cility based on health, travel and other company policies. Physical security can help enforce health and safety policies through tech- nology, including reminders, prompts, automation, self-attestation and more.
Here’s an example: An employee completes the self-reporting health and travel questionnaire, which triggers workflow based on answers. These health questionnaires collect data and docu- ment employee activity during lockdown, including infection, symptoms or exposure. The request routes to the manager for ac- tion and the workflow can be configured to specific needs.
Once the manager reviews the request, it is determined that based on the answers the employee is high risk and per policy his access will be revoked for 14 days while in quarantine. Enterprises administer the self-service process to view, edit and approve health exposure risks of the workforce and disable access based on policy.
When the quarantine period is over, the employee receives an au- tomated notification to request reinstatement and the self-attesta- tion questionnaire. The employee is cleared and requests to be rein- stated, following work flows to provide supporting documentation, such as a medical discharge or physician’s letter. Access is reenabled and the employee is notified with instructions to come to work.
Health and Safety access governance and intelligence provides support for prescreening of the workforce during site entry with automated policy enforcements. Pre-registered and onsite visi- tors/contractors check-in/check-out with prescreening, watch list and other checks prior to access. In the production or distribu- tion facility, Health and Safety analytics track confirmed or po- tentially exposed COVID-19 workers, identify exposed areas for lockdown and/or sanitization, social distancing violation, loca- tion heat map and other actionable health and safety analytics.
Identity management also allows you to automate your com- munications and deliver clear expectations and procedures to your workforce, visitors and contractors pre-visit and onsite— adding to a seamless experience.
Real-time Active Enforcement
Technology like Identity Intelligence and the active policy en- forcement rules-based engine automatically identify policy viola- tions and unauthorized access. This allows security managers to proactively monitor and respond to security violations as well as operational and procedural issues. During the COVID-19 out- break, this could include travel history to restricted countries or regions. Integration with travel and HR applications can detect when and where a person booked travel and has badged in, pro- viding the enterprise the ability to build a solid risk profile of activity. If someone in the workforce recently visited a restricted location, security and HR teams can be automatically notified to disable badge access to help avoid exposure and potential transmission. In the scenario where someone in the workforce becomes sick they would be considered a high risk. Any requests for physical access to a facility would require special approval ac- cording to company and local or federal health authority policies.
With an outbreak, modification to the visitor experience is also required. It is the first point of contact and along with lobby and security staff is part of the front lines for safety. Enterprises can configure their Visitor Identity Management (VIM) system to provide clear communication of current policies during the outbreak, reinforcing WHO best practices. VIM can easily be configured to prompt guests to answer specific screening ques- tions related to recent travel and sign off on legal documents.
Security is no longer simply about keeping bad guys out. Secu- rity has become the business enabler during the digital transfor- mation. It’s now the fundamental component
of protecting people and workspaces and iden-
tity stands at the center.
Willem Ryan is the vice president of marketing and communications at AlertEnterprise Inc.
44
0920 | SECURITY TODAY
SECURITY CONVERGENCE