Why Convergence

1
Why Convergence?
2
Agenda

• Physical Security
• Current Environment
• Converged Environment
• General Costs
• Useful Information

3
Physical Security

• Access Control/ Intrusion Detection- Who has
  access to facilities, for what time frame and
  under what conditions.
• Fire Detection and Suppression Systems
• CCTV / Video Monitoring
• Life Support Systems such as HVAC, temperature
  control, lighting, and environmentals.

4
Todays Distributed Environment

• Proprietary
• Complex and Heterogeneous
• Very little integration
• Closed network
• Operate and maintain independently
• Managed as separate entity instead of extension
  of existing security infrastructure.
• Does not allow for a full view of the security
  posture.

5
Current Scenario-New Employee Registration

• HR- Enters name into HR System for Administrative
  uses Payroll and Benefits
• Physical Security- Enters name into Security
  System, Issues ID Access Card to access doors.
• IT Department- Sets up username and password for
  access rights.
• When employees are fired or quits, process
  repeats but in reverse (hopefully).

6
Current IT Costs

• Forgotten Password- 200 per user per yr. (IDC)
• 11 of users experience access rights problems
  every month (Meta Group)
• 45 of calls to help desk are for password reset
  assistance (Meta Group survey)

7
What if?

• Someone enters a building or room as themselves,
  then logs in as some one else to cause malice,
  the data describing the event does not flow into
  an alarm system monitored by physical security.
  Thus, making it easier to compromise the IT
  environment.
• Currently, a physical security network could not
  report this event. The IT network does not
  recognize that this person as being different
  than the person who entered the room.

8
Converged Physical and IT Security

• New Hire, HR enters employee data into HR system
  that automatically updates the Access Control
  System and MS-Active Directory.
• When a person quits, HR terminates employee that
  turns off access privileges to the company doors
  and network.
• Making security systems interoperable extends
  physical security capabilities into the IT
  assets.

9
Smart Card

• DES triple encryption
• Unique ID each time the card is presented. (can
  not spoof)
• They maintain authentication for
• The IT network
• Email Directory Functions
• PKI (Public Key Infrastructure)
• Access Control
• Cafeteria and Parking

10
Convergence Costs

• 100 per user-cost for cards, readers and
  software (middleware)
• 15 per 32K memory smart card
• 2500-5000 per door depending on cabling
• 160 per hour, 6000-8000 hours for 5000 users can
  put it
• over half a million dollars
• Technical Costs-Software Customizations, Project
• Management, Deployment, Transition and
  Training
• Deployment time frame estimated at 12-24 months.
• Time, Money, People, Technology and Processes
• Cost savings and enhanced security can
• provide a significant bottom line benefit.

11
Centralized Information Repository

• Security Audit Trail- help during forensic
  investigations.
• Real Time Monitoring Systems- Physical access
  alarms would go off if person logged on to
  computer or server that had not been identified
  as entering the building.
• Combines physical and IT enrollment.

12
Advancements

• Current IP based IT networks will be used in the
  transport of traditional security functions.
• Security events trigger appropriate actions
  within IT domain and vice versa.
• Access control integrates with Networked Video.
• Video Motion Detection (object direction, color,
  density, motion and pattern, left behind)
• Virtual Perimeters
• Smart Cards (read/write capabilities, store
  significant personal data)
• Biometrics (Iris Scan, facial recognition, and
  palm/thumb readers)

13
Environmental Systems IntegrationOPC ( OLE
Process)

• Founded in 1996 with 5 companies currently 300
• One software component instead of multiple
  drivers
• Creates re-usable modules
• Can communicate locally and remotely
• Used for HVAC systems and manufacturing plants
  for process control
• www.opcfoundation.org

14

• Whos Done It?
• Chevron
• Texaco

• Whos Doing it?
• IBM
• Microsoft
• NEC
• Shell
• Nissan
• Sun Micro Systems
• Schlumberger
• US Dept of Defense

15
What are the Benefits?

• Organizational Security Synergy
• Reduced Administrative Costs
• Real-Time Event Reporting between Physical and
  Logical Alarms
• Automatically enforced company policies
• Safer Work Environment
• Mitigate Security Risk
• Over All Stronger Security Posture

16
Open Security Exchange

• Created to address todays most significant
  security challenge the lack of integration
  between various components of the security
  infrastructure
• Cross-industry forum dedicated to delivering
  vendor-neutral interoperability specifications
  and best practices guidelines in the area of
  security management
• It enables organizations to more efficiently
  mitigate risk, optimize their security postures
  and enforce privacy policies.
• www.opensecurityexchange.com

17

• Steve Sawyer
• sssawyer_at_multilinksecurity.com
• 210-494-9112
• www.MultiLinkSecurity.com