New specification to synchronize logical and physical access
(CHICAGO – September 23, 2013) – Tackling one of the most expensive and complex security challenges businesses face, the Physical Security Interoperability Alliance (PSIA) today announced it has launched the Physical-Logical Access Interoperability Working Group. This group will develop a specification to unify logical and physical identities so that security industry manufacturers, integrators and end users can develop cost effective, easily administered solutions that span the physical and logical security domains.
“Many security end users want to synchronize the identities used by their logical and physical security access control systems but cannot justify the costs of proprietary solutions that require custom programming and disruptive new work flows,” said Mohammad Soleimani, executive vice president and chief technology officer, Kastle Systems, and interim chair of the new PSIA group.
“The new PSIA specification will provide a standard way for enterprises to ensure the logical and physical access privileges associated with an employee’s role are always in synch. That synchronicity then makes it much easier and cost effective to create solutions such as confirming an employee is physically present before permitting access to an application or database as well as solutions for easily managing physical and logical access privileges when employees travel,” he said.
“We’re excited to once again be extending our specifications throughout the security ecosystem,” said David Bunzel, executive director, the PSIA. “PSIA specifications range from video and video analytics to every aspect of area control, now including physical-logical access interoperability. We make standards-based plug-and-play interoperability a reality for the security industry.”
Kastle Systems initially brought the concept of an access interoperability specification to the PSIA board of directors earlier this year. The company then informally approached industry consultants and large end users to conceptually and technologically validate the concept before recommending the formation of a PSIA working group. The initial members of the new PSIA Physical-Logical Access Interoperability group consist of Honeywell, Ingersoll Rand, Inovonics, Kastle, Mercury Systems, Microsoft Global Security, Stanley Security and UTC. The group’s initial task is to frame the scope of the specification.
“Our members have been discussing solutions for identity and access issues, and jointly agreed the industry would benefit from a formal specification that would simplify mapping of logical and physical identities and their access privileges,” said Larry Lien, chairman, the PSIA, and vice president, product management, Proximex. “Our specifications are always driven by members who can envision how standards will open new opportunities for the security industry.”
Security end users praise the potential utility of the new PSIA physical-logical access interoperability specification. “At Microsoft, our area access administrators invest 20% of their time managing temporary access privileges for the thousands of Microsoft employees and contractors who travel among our facilities on any given day,” said Mike Faddis, Group Manager at Microsoft Global Security. “We envision the PSIA specification enabling us to automate privilege management and significantly minimize these administrative costs, which will have a notable impact on the bottom line and allow us to focus our security resources in other areas that assist the business.”
Logical and physical identities typically reside in separate and different systems. Employee roles in a company determine their access privileges, or policies, which typically are created and stored in the enterprise network directory. Synchronizing these access privileges between logical directory and physical access control systems involves proprietary, error-prone, time-consuming and expensive manual processes.
The new PSIA specification will build on standards already used in the logical identity and access management world, including Role-Based Access Control (RBAC-RPE) and Lightweight Directory Access Protocol (LDAP) to enable vendors and users to more easily map logical identities and their role-based privileges to physical identities, said Soleimani.
Easier mapping of logical-physical identities and their privileges would make it cost effective to ensure persons are physically present before allowing them to log into applications and databases, an effective measure against cyber security breaches. It would also streamline management of group privileges. The Access Interoperability group also hopes to extend physical-logical access synchronization to mobile devices used as credentials.
“Clients are interested in linking physical and logical identities, but don’t want to build and maintain custom interfaces between physical security and logical systems,” said Eric Yunag, president and CEO, Dakota Security Systems, Inc. “The PSIA specification will enable us to unify identities and deliver the functionality our clients want cost effectively and without requiring them to restructure their physical or logical security ecosystems.”
Mohammad Soleimani- Chief Technology Officer and EVP, Kastle Systems
Chairman, PSIA Profiles Working Group
Chairman, PSIA Physical-Logical Access Interoperability Working Group
# # #