Transforming the management of identities
Email traffic between security teams and site managers or business owners becomes overwhelming, as requests for approvals must be granted and access taken away manually, and precious time is wasted generating reports.
While this in itself is problematic, it also leads to a rise in third-party compliance regulations. In the US, these can include everything from the Health Insurance Portability and Accountability Act for the healthcare sector to the North American Electric Reliability Corporation’s Critical Infrastructure Protection standards for utilities.
So, how do you efficiently manage the way that physical identities are requesting approval, and ensure that it is carried out correctly?
A self-contained solution
For many years there hasn’t been a solution to automate this process; one of the biggest problems with identity and access management – aside from technological developments – being the lack of knowledge around the benefits that it brings.
In response to this, AMAG Technology has developed Symmetry CONNECT, a policy-based identity management platform that addresses three fundamental areas – cost, compliance and risk – while streamlining and automating timely manual administration processes.
The platform is a simple-to-use self-service portal, where the user can log in and the system automatically identifies them, their role, location and the training and certifications that they possess – all the data contained within a company’s HR system.
Once the user has requested access to a particular site through the portal – a data centre, for example – it sends a notification to the area owner, who can automatically see whether the user meets the criteria, and approve or deny the request.
There's no intervention by anybody, with the system controlling both the policy and the actions. Because the entire transaction is self-contained, it can be reported on and audited against immediately, without the need for manual verification.
Equally, when onboarding new employees, the same methodology is in place. The system will use HR data to automatically grant access to a new employee, when needed, on one or multiple sites across the globe – and terminate access when the employee comes to leave the company.
Depending on the customer, requirements can be specified even further. As well as interfacing with our access control system, Symmetry, and a company’s own HR database, we can also draw upon other information. For example, CONNECT could acknowledge a company’s policy for international travellers, who may be required to sign a non-disclosure agreement before entering a building. Equally, the system could take background check information into account to manage access to a children’s hospital.
Reaping the rewards
With technology and innovation at its heart, CONNECT provides a completely unique solution to the market, and a lot of research and thought went into developing the system. We looked specifically at compliance requirements, because a lot of these have specific needs that are derived out of the access control system, which controls a site’s restricted areas.
Designed for any business working within a regulated market or that poses a high risk potential by allowing access to the wrong person – be it a bank granting incorrect access to a cash vault, or a utility company to a substation – the system has the potential to significantly improve a company’s bottom line.
Alongside the compliance benefits, with the platform controlling the process and providing automatic vetting and reports, reducing the amount of manual reporting – across enterprises where thousands of people are often involved in approval processes – results in substantial cost savings. From a risk perspective, because it’s a policy-based system, the actions are controlled by the user from beginning to end. They can ensure that the right people have the right approvals every time, lowering the risk.
This three-pronged, automated approach is proving very successful with businesses worldwide. In fact, one customer has recently expanded its use from North America to Europe, the Middle East, Africa and Asia Pacific. We automate over a million audits a year for the business, which used to be performed manually, so the people, time and money savings are monumental.
Improved data consumption
While the platform works exclusively with the Symmetry Access Control system, CONNECT operates as an open application, which means it can integrate into most third-party databases to help consume any and all information that’s pertinent about a particular physical identity.
In the future, technological integration and automation will be paramount in the identity management and access control business. While continuing to enhance compliance, the immense amount of data collected about our people, where they’re going and how they’re going will feed into our vision of a risk-based, data-centric future.
This primary source of information feeds into a larger platform that will allow us to extract and present more intelligent data – not just around identities, but also activity and risk. This plays a pivotal part in forming a bigger picture moving forwards, a picture that will help us to better understand data, people and behaviour, and their significance when it comes to security.
Kurt Takahashi is President of AMAG Technology, a G4S company, overseeing the business strategy to help end users align their security and operational goals to streamline processes, save money and secure their environment.