If you were to compile a list of the types of organizations that face the greatest security challenges, petrochemical companies would certainly be at or near the top, and with good reason. These companies are tasked with handling high-risk substances at facilities in multiple regions globally, some of which are much more stable than others. As such, they could be targets of terrorism, internal sabotage and a host of other threats. These could come in the form of physical and/or cyber breaches, further complicating the security challenges petrochemical companies face, particularly in managing the many identities who may have access to certain assets and networks.
On top of these challenges, these companies must also regularly demonstrate compliance with the Department of Homeland Security’s Chemical Facility Anti-Terrorism Standards (CFATS) regulations related to access and on-site personnel at petrochemical facilities.
To address these issues, enterprise-wide identity management, Physical Identity and Access Management (PIAM) solutions incorporate credential and compliance automation, and predictive analytics. From a security perspective, PIAM offers petrochemical companies an effective and efficient means of centralizing their cyber and physical access to create a highly secure overall environment.
What is PIAM?
Creating and managing a diverse set of identities and varying risk profiles at a typical petrochemical facility is simply too great a task to be handled manually. PIAM solutions own the lifecycle of identities and support physical access for contractors, employees and site visitors, handling everything from on-boarding, access credentialing and ensuring required training, to monitoring, retracting access and off-boarding. Using workflows based on internal policies and regulatory requirements, PIAM solutions automate these processes, reducing operational risk while also ensuring compliance.
These solutions also gather data from a wide variety of security and non-security systems to perform predictive analysis on an ongoing basis, increasing the likelihood that suspicious activities can be identified and prevented before they can occur.
On a quarterly basis, petrochemical companies need to bring in a large number of contractors – often in the thousands – for refinery shutdowns for inspection, testing and implementation of more efficient process and other critical needs. Simply onboarding all these contractors can be expensive and time-consuming. A full-service PIAM solution, however, pulls data from HR, training, PACS, contractor-supplied background information and cybersecurity systems to significantly streamline the entire contractor management process and drastically reduce per-person onboarding costs and time. At the same time, companies can be confident of knowing exactly how many workers will be starting, that all have been cleared to work and each individual worker’s role.
Predictive = Preventive
Predictive capabilities increase the value proposition of PIAM by using data automatically collected from disparate systems to identify potential risks in real time on an ongoing basis. For example, an employee who has recently deviated from his or her established behavioral pattern, such as coming in earlier, staying later or attempting to access areas or systems he or she has not been cleared for, can be flagged and the appropriate parties alerted. This allows a petrochemical company to monitor that employee’s behavior more carefully to determine whether he or she is a risk for insider theft or sabotage. This can enable the company to take proactive measures to potentially prevent a security breach before it can occur. Carnegie Mellon University researchers have found that 90 percent of insider breaches committed by departing workers occur within two weeks of their last day, so predictive capabilities are significant. Having an up-to-date list of potentially high-risk workers allows security teams to focus their efforts accordingly and be proactive, rather than reacting to an event after the fact.
The ability to streamline processes, improve identity management and identify potential problems before they can occur make PIAM an ideal solution for petrochemical companies to centralize their cyber and physical security and ensure CFATS compliance. Recognizing these benefits, major petrochemical players have embraced PIAM; now it’s time for the rest of the market to follow suit.
Janette Andler is Director of Business Development for Quantum Secure. Request more info about the company at www.securityinfowatch.com/10214753.
