WHERE?
From where should user be gaining access to information?
- Do security access controls apply only to the network and applications?
- Or is there a requirement to secure access to parts of the premises and parts of establishment?
- Or alternatively, do you need to have a joined up approach for securing access to the building, the network and devices on the network?
Imprivata OneSign Physical / Logical provides system level integration between both building and network / device security services. Delivery a comprehensive, converged policy for allowing or denying access based on an employee’s physical location, role and / or employee status.
Revocation of an employee’s building access badge is often the first security event to occur upon separation from the company. Unfortunately (and without ESR to Active Directory integration), a critical security procedure too often delayed is deactivation of a user network access, creating a serious security gap of days, weeks and sometimes never, whereby former employees may still gain access to confidential information assets through their previous remote VPN credentials – greatly exposing the organisation to the possibility of information misuse.
Enforce Anti-Tailgating Policy
For a strong overall security posture, and to effectively enact employee safety measures in the event of an emergency, most organisations have anti-tailgating policies which prohibit individuals from gaining entry to a workplace by following in on the heels of someone who has just "badged" into a door entry reader. Unfortunately, anti-tailgating policies are difficult to enforce without the physical presence of a security guard or installation of expensive and burdensome turnstile systems.
With OneSign Physical / Logical, organisations can prevent tailgating by tying an employee’s network access to use of their physical access card and "location", thus improving workplace security and the ability to conduct employee role calls in the event of an emergency.
Location-based authentication can be applied not just to external building access, but also to determine who can gain access to IT systems in a particular zone or room. For example:
- Only a valid email server administrator can log onto email server within a secured room after they have first badged into the server room.
- A proprietary materials application is only accessible to research scientists after they have badged into the lab.
- A patient’s medical records are not accessible to clinical staff unless they have badged into the ICU ward.
Consolidated Reporting
For regulated organisations, OneSign Physical / Logical provides centralised user access monitoring and consolidated reporting from both physical and logical systems to help organisations demonstrate compliance to a wide variety of regulations.
Through consolidated user access reports, companies can also simplify and enforce policies such as fire and safety emergency procedures, dramatically reducing the risk of liability to your organisation. Further, integrated reporting improves the investigation process surrounding the sequence of events related to security breaches.