By Matthew Lewis, Director of Product Marketing with HID
When it comes to cyberattacks, services provided by financial institutions are among the most frequently targeted, and though it might come as no surprise, money is a key motivator. In fact, a massive 92 percent of all attacks are estimated to be financially motivated—with espionage, grudges, fun, and ideology accounting for the remaining 8 percent.
The rush to digitize during the Covid-19 pandemic left businesses globally vulnerable to a whole new range of threats—and the financial services industry is no exception. At the beginning of the pandemic, the industry saw a 238 percent increase in cyberattacks, with ransomware increasing by 9 times. And the hits have only kept on coming.
Combatting such attacks requires a Zero Trust approach centered around one simple concept: trust nothing and no one with access to your accounts, systems, and networks without continuous identity verification. To do this, institutions are turning to Physical Identity and Access Management (PIAM) solutions that manage the identities of each person accessing facilities, operational resources and customer services, both inside and outside any physical perimeter, including all employees and visitors.
Prerequisites for a Zero Trust Approach
A Zero Trust architecture requires continuous user authentication and monitoring using multiple factors, and the ability to only grant users access to the accounts and systems that they need for their roles.
PIAM solutions accomplish this by centralizing physical access management while also streamlining visitor processes. Institutions with a large, multi-location footprint – especially globally – find these solutions to be particularly beneficial, enabling them to manage physical access and the entire identity lifecycle of all employees, contractors, visitors and others that need to enter its facilities, anywhere in the world. These solutions must focus equally on the distinct requirements of both employees and non-employees.
Employee Considerations:
The first layer of defense is employees. Investing in cybersecurity solutions can become an overwhelming task. One of the first and most manageable steps for securing systems is managing employees’ access to facilities, networks, devices, etc. Today’s solutions use the proven multi-factor authentication (MFA) login method. Users must use two or more factors to authenticate their identities, which has been proven to prevent 99.9 percent of attacks. MFA can be quick to deploy, integrates well with existing systems, and requires little to no end-user training. Many enterprise MFA solutions offer adaptive authentication, which means IT security admins can determine the level of security required based on the context of each login attempt.
PIAM solutions are also playing a big role in helping employees return to the office during the pandemic, either full-time or in a hybrid way. This is critical since insider threats are an increasingly prevalent challenge. Strong physical access security must complement digital identity and access management technologies. A common way to prove identity is by implementing a physical card which can be used as visual identification and physical access at barriers. The primary use is across the workforce but these cards can also be used to authenticate third parties and visitors.
To further improve both security and user convenience, it is also recommended that institutions implement the convergence of logical and physical access controls. This enables users to leverage one credential to access a range of digital (networks, devices, software) and physical assets (offices, facilities, buildings). This also means that permissions can be easily granted or revoked across all assets, depending on the level of access required by the employee.
Visitor Considerations:
Managing visitors and guests from the time they are invited to the time they leave is critical to the security of your organization. Organizations need to consider requirements beyond standard check-in and check-out workflows, across the complete visitation process, from pre-registration to post-visit guidance, plus real-time data, policies, compliance and more.
Today’s solutions create an efficient, smooth, and secure visitor experience when managing company visitors. They streamline scheduling, registration, credential issuance and badge printing, and provide detailed tracking and reporting of visitors and contractors. Features include: intuitive web-based portals for inviting and managing visitors; intelligent dashboards for real-time reporting on building capacities, visitor traffic, metrics and more; and pre-defined policies for visitor and access approvals, notifications, reminders and escalations. Additionally, these solutions also automate visitor provisioning into the Physical Access Control System (PACS) infrastructure, and support background checks against internal and external watchlists, among other capabilities.
These solutions have also been extended to accommodate new operational models including digital self-service kiosks that can be placed in the lobby. The kiosks create a digital lobby that, in many cases, might see hundreds of people passing through it each day.
PIAM in Action
One institution that took the PIAM approach is a leading global operation that needed a solution for managing its workforce identities and facilities access, and a way to provide smooth and secure access for visitors.
The solutions were deployed across 40 of the institution’s locations – including offices, data centers, and branches – in multiple languages and countries. Fully aligned with GDPR, the deployment has simplified compliance, reporting and auditing while also improving security by providing the institution with insight into who is present at office and branch locations. Automated access revocation has reduced risk of inappropriate access.
Additionally, the solution has reduced manual processes and improved resource allocations by orchestrating PIAM functions across disparate PACS equipment and other systems. This has eliminated repetitive, manual processes across various groups.
Beyond these benefits for the institution’s workforce, the PIAM solution has enabled a re-Imagined visitor experience that, like the workforce solution, replaced several manual human processes. The solution has created consistent visitor policies and enforcement across the organization, regardless of PACS, and also centralized badging and credentialing. This has allowed for standardization of controls while enabling employees to self-manage access to streamline issuance wherever possible.
The visitor management solution has also been integrated with digital front lobby kiosks in several of the institution’s UK offices. The kiosks include voice activation and a motion sensor for a touchless experience, as well as integration with maps for wayfinding to meeting rooms and destinations. Other capabilities include room and desk booking, and a virtual concierge for face-to-face video support from external staff. The kiosks can also provide post-visit information about weather updates, nearby points of interest and best routes home, and even enable visitors to call for and arrange taxi service, book food delivery, and leave feedback about their visit experience.
The number of locations for kiosk deployment will be expanded as the project matures, and the overall solution will also be integrated with many additional systems and new solutions. For now, the institution has loaded more than 385,000 identities into the system, including 225,000 for employees and 60,000 for non-employees. The deployment spans more than 800 managed-access areas ranging from common and non-restricted locations to restricted and highly restricted ones. Two integrations with other access control systems have been completed and the institution plans to complete two more.
Today’s PIAM solutions are a key tool for implementing the Zero Trust model, including meeting its requirements for using multiple authentication factors and ensuring users can only access the accounts and systems that they need for their roles. These solutions are playing a key role in bringing workers back to both traditional and hybrid workplaces during the pandemic, while also transforming the visitor experience through innovations including the integration of digital kiosks into a new and more effective lobby environment.
Matthew Lewis is the Director of Product Marketing for HID helping drive the go to market for the Workforce business unit within the Identity and Access Management Solutions business area. He has led product marketing organizations for five years with experience in both vertical and horizontal global markets. Prior to joining HID, he spent time at a global software provider in the energy sector, in the collaboration and communication software space, and marketing cybersecurity products at Entrust.
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.