One of the greatest challenges for many modern day security executives is proving the value of security to those in senior management positions. Long gone are the days when organizations could just make large capital investments into security systems. It’s not that security isn’t important to these decision makers, but they want to get a return on their investment – a security system that can not only safeguard their company’s people and assets, but one that can also improve business operations.
The development of physical identity access management or PIAM technology offers organizations one solution to this dilemma. However, PIAM is a relatively new concept and there’s still some confusion in the market as to what exactly constitutes a PIAM solution. According to Ajay Jain, president and CEO of Quantum Secure, an identity essentially has two personas in security – digital and physical.
“The identity management concept of the digital world has been very well established by several companies in the market such as Oracle and IBM. They are the people who are managing the digital identity of a person and its lifecycle – on-boarding of that digital identity, entitlement management, privileges management, and termination of that particular identity across their network,” he explained. “There is also a parallel world where if I get hired by General Motors, I get a digital identity which is managed by the Oracles of the world, but I also get an access card to get into the building where I work.”
Jain said that’s where companies like Quantum Secure come into play with the on-boarding of a physical identity and creating entitlements and the privileges for that particular identity across an organization. However, Jain said that PIAM does not physically control doors, but rather works in conjunction with physical access control systems (PACS). “We manage the entire process,” Jain said. “Who is authorized? Who is authenticated? Who is entitled to what? Who gets privileges and when do they need to be terminated?”
Prior to PIAM, Jain said that this process was managed through a Microsoft Excel spreadsheet or in someone’s head, but now organizations can automate that process. Obviously, the ability to automate the identity management process presents huge potential for organizations that have a large footprint. Jain said that one of his company’s customers, which use seven or eight different access control brands in their facilities, has leveraged their PIAM solution to manage more than 300,000 identities.
“They had a bunch of people doing manual work. Suppose I needed access into a particular location, I would fill out a form which would then travel to someone in their operational center who would look at it and say ‘in order to get approval into this restricted area I need to call this person,’” Jain said. “We automated this complete approval hierarchy and created one, central portal.”
According to Todd Vigneault, senior manager for corporate security and safety at Symantec, PIAM has paid huge dividends for the anti-virus software developer. Vigneault said that his company was presented with a huge identity management challenge following a large acquisition, which doubled the company’s size.
“That put us in a position where we had two enterprise-level access control systems and we needed something to bring them together,” Vigneault explained. “At that point, identity management basically became our governance and compliance tool and helped us ensure that people were put into our system in an accurate manner. PIAM gave us one, homogenous system to manage security identity and automate some of our business processes, as well as security rules and processes that we already had in place.”
According to Vigneault, PIAM is really about lifecycle management of identities within an organization and how it can help streamline that process to make is simpler and more efficient.