Challenging Corporate Thinking on Implementing IAM Solutions - Page 2
Organizations around the world are facing more security threats to their business than ever before.
IAM can seem like a bit of a minefield for companies that know they need to implement it, but don't know where to start. For many businesses, the obvious place to begin is with smart cards. Let's call out one of the biggest bugbears for corporate IT departments: managing identities is inherently difficult at the best of times, but the existence of multiple, disparate identities for each user within the companies is nothing short of a nightmare for IT managers. If users are utilizing several identities to access information stored in multiple locations, it can be very complicated to bring this information together into a single format when systems are combined.
A recent survey by IT security firm Sophos revealed that a third of respondents use one password across multiple sites. This means that if one account is compromised, all accounts are vulnerable. A username/password combination is still the most popular method of accessing IT systems, but its shortcomings are well documented.
Companies at the cutting edge of secure corporate ID cards have developed a novel two-factor authentication approach to managing and protecting access control within their organisations. The user has to provide a hardware token (corporate identification card) in addition to a secret PIN number to strengthen the overall security of a desktop log-on. Even better, the very same smart card can be used to control physical access to the company's premises, making this kind of solution one of the most effective, cost-saving methods to protect workplace and data security.
Smart cards are also finding effective applications outside the corporate world. Smart card technology is now helping to solve some longstanding thorny issues in the healthcare sector, such as safeguarding patients and staff while protecting confidential patient information. In the UK, for example, many hospitals are now waking up to the benefits of using smart cards to control physical access to their buildings and add logical security to the IT networks that house confidential patient data.
In the past, it was relatively easy for an intruder to walk unchallenged around a hospital, accessing areas meant only for authorized staff. In rare cases, this led to security breaches where babies were removed from pediatric wards. Smart cards are addressing this physical access problem by using encryption to offer differing levels of building access to certain staff.
Medical professionals are also using their smart card to quickly access sensitive patient data on a network. So in addition to safeguarding the security of patients' personal information, using a smart card for logical security can also create efficiencies in terms of time.
Properly implemented, identity and access management solutions can help companies by fortifying the security of their data and their business while making it far easier for users to access the information they need. In simple terms, the challenge for any organisation implementing an IAM system is to bring together physical access control and logical security to establish how they can work better for their customers.
In today's increasingly risk-conscious environment, IAM is fast becoming a basic, non-negotiable part of corporate IT infrastructure - although IAM is designed to deal with some big security challenges, it does so with a straightforward, common sense approach.
Portable and secure, smart cards are becoming an increasingly valuable tool for safeguarding physical security and guaranteeing the privacy of sensitive electronic information across corporations, hospitals, government agencies and any organisation seeking heightened security solutions. When you weigh up the benefits of identity and access management solutions against the costs of reputational damage, security breaches and non-compliance, IAM can offer outstanding value by saving time and money while protecting an organisation's assets.
HID Global is exhibiting at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th – 29th April in its new venue Earl's Court, London. The event provides an unrivalled free education program, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk.