PIAM: combine physical and logical access protection

Protection against manipulation and data theft can only be achieved through a chain of measures – and this is only as strong as its weakest element. Physical Identity and Access Management is central authorization management for all applications in the enterprise – the combination of access authorization and secure login. Practical implementation is just as important as the security concept.

PIAM – Physical Identity and Access Management is central authorization management for all applications.

Our economy and critical infrastructures are at risk: The damage caused by data theft, industrial espionage or manipulation in companies in Germany will total more than 223 billion euros in 2021^[1] alone. A Bitkom study found that nine out of ten companies have already been the victims of cyberattacks.^[2]   In this context, ransomware attacks are the drivers of an enormous increase: “The damage caused in this way has more than quadrupled (+358 percent) compared to the previous years 2018/2019,” reports the industry association. Oiltanking had to learn that computer crime literally makes the wheels come to a standstill: The service station supplier could no longer deliver fuel from its 13 warehouses.^[3] Recently, the Federal Office for the Protection of the Constitution warned of Chinese hackers targeting company secrets and even being accused of attacks on Western government agencies.^[4] Traces of recent cyber attacks on Ukraine lead to Belarus and Russia.^[5] This list could go on and on. Cyber attacks are part of organized crime and covert warfare.

The Bitcom study also identifies social engineering as the most important initial gateway for hackers and crackers. At 41 percent of the companies surveyed, there have recently been attempts to tap into passwords by manipulating employees – 27 percent of those surveyed said they had been contacted by phone, among other things, and 24 percent by e-mail. In the wave of the Corona pandemic, risky home office concepts implemented under high pressure have opened up new loopholes here.

Dynamic passwords and two-factor authentication can certainly make life difficult for attackers. However, many companies fear the high cost of current security concepts – both in their implementation and in ongoing operation.

After all, a secure login is useless if unauthorized persons can gain access to the company premises all too easily. Data can then be quickly stolen from terminals that are not being used but are still logged in, or at least physical LAN connections can be established with a simple network cable.

Logical access restrictions without physical barriers are therefore worth nothing – and vice versa. In many security concepts, however, two or more separate worlds have become established for the two complementary shielding concepts. This not only leads to unnecessary administrative effort, but also to security gaps: It is quickly forgotten that when an employee leaves, both his smart card for the office and his VPN and PC login must be blocked – at all branches and field offices and at all servers.

Particularly in the modern working world, with its increasingly heterogeneous structures and rapidly rising threat potential, a centralized digital identity for every employee is more important than ever: All security systems, both logical and physical, draw their access parameters from a single database. Each authorization only needs to be created once – and can be revoked with a click of the mouse.

For employees, this system means greater convenience in any case: they can use their security badge to enter all the rooms intended for them, log on to their office or home office computer, unlock their locker, pay in the canteen or enter the underground car park of another branch. For the company, the central digital identity ensures maximum security – but also avoids redundant data maintenance.

At evolutionID, we have already realized the PIAM security and streamlining concept – with our web-based enterprise solution IDfunction. It enables decentralized management of a centralized database that provides all relevant security systems with the required access data in real time. The concept, which is very secure internally but very open in terms of administration, enables a large number of practical and cost-saving features in the process, such as the automatic acquisition of ID card images, which can even be taken with consumer end devices.

Stringent protection of buildings and computers does not have to be associated with high effort and correspondingly high costs. If the security worlds are elegantly combined, both security and controlling can look forward to the future with confidence.

—

[1] Source: Statista
[2] Source: Bitkom
[3] Source: Handelsblatt
[4] Source: Spiegel
[5] Source: Zeit Online