By Julian Lovelock
For many, the workplace is more than just one office, building, or facility. Some employees spend their entire workday on the go, out in the field, or on the road. Regardless, there is one common thing that everyone needs: an identity and an identity-based credential to gain access to the workplace. Identity is the new perimeter, and it defines how people access the workplaces and applications needed to do their jobs. Organizations must learn how to digitally transform the management of identities and the associated cyber and physical access credentials for the workplace, big or small. This requires an understanding of the differences in technologies used for authentication as well as identification, and emerging trends that are here to stay around identity management.
Streamlining Access To An Evolving Workplace
The workplace is now a fluid environment that is no longer limited to a single location or network. Its security perimeter is changing, and organizations face many challenges managing access to it. They must learn how to address new workplace security challenges, including how to trust and manage visitors, employees, contractors, vendors, and more.
Even before the pandemic changed almost everything about people’s day-to-day lives, there was a shift in workplaces. Secure workplace access was already becoming less defined by the physical perimeter of the workplace. Identity became the new – and in many cases, only — perimeter. This perimeter must be protected through a new approach to physical identity and access management that unifies both physical access as well as cyber/IT access. To establish identity management for a secure, safe, and productive workforce, there are three foundational areas where this approach must be applied: 1) credential management; 2) multi-factor authentication; and 3) secure visitor management.
Secure Visitor Management
A more hybrid workforce, which is not permanently office-based, requires a new generation of visitor management solution able to handle multiple different types of visitors to a site, including contractors and employees as well as customers, suppliers, and partners.
Today’s unified physical identity and access management solutions improve the visitor experience through pre-registration and automated check-ins and outs that reduce wait times, and the ability to customize the visitor experience and security measures while benefitting from automated policy compliance.
These systems have been used during the global pandemic to welcome visitors back into the workplace, enabling organizations to go touchless with self-service visitor badging kiosks and to automate wellness and other screening questionnaires. For instance, mandatory pop-up questions can be added to the visitor check-in process that help identify anyone who may need further screenings, and the system can further mitigate risks by automatically maintaining an auditable trail of activity. The same capabilities are important for contractors, vendors, and employees, too. Organizations can monitor and analyze the activity of everyone on the premises in the event there is a COVID-19 (or other) outbreak. This simplifies the retrieval of historical visit reports and makes it easier to generate a timeline of who was in the workplace, where they were and when they were there. They also automate and enforce continuously evolving compliance with visitor access and policy-based registration, ensuring the same safety and security steps are consistently followed by everyone, across all offices.
Key features to look for include a single dashboard providing useful visitor insights, and compliance with General Data Protection Regulation (GDPR) and other privacy regulations. The system should also enable hosts to be notified when guests arrive and request a visit, check in and out, and more, via SMS text message or e-mail. They should feature configurable workflows to support all specific screening requirements, on-site or pre-registration, and trigger additional workflows when needed. Finally, the system should streamline subsequent visits by capturing, storing, and editing an unlimited number of identities in a centralized database, and enable organizations to check visitors against internal and/or external watchlists.
These capabilities apply, of course, to businesses that are occupying the physical workplace. Remote work must also be supported, and flexibility is critical. This requires an enterprise-grade, cloud-based authentication solution that makes it easy to support employees who need to access enterprise resources, whether they are in the office or not.
Improving remote work security by adding multi-factor authentication to a unified physical identity and access management system does not have to be complicated. It should be fast and easy to deploy, and intuitive for end-users. Several authentication form factors and methods should be supported, providing enough choice to select the one that best fits the organization’s unique security needs.
Authentication solutions protect applications and data by requiring a second validation via for example a mobile app to verify user identity before granting access. Push authentication is particularly useful, enabling users to log in securely with a mobile app push. This enables employees, with a simple swipe of their phone, to quickly authenticate to prove their identity before accessing protected applications. The process is just as quick for denying a fraudulent login attempt. Users can easily stop malicious attempts to access company apps and data with a swipe to decline access.
Mobile push notification is only one example of the diverse range of authentication methods available today. Choose from biometrics, or cards and USB keys enabled with standard security technologies such as FIDO, PKI, and OTP, to provide a seamless, passwordless experience. The inclusion of a bundled Certificate Authority (CA) gives organizations a choice of a publicly trusted or private dedicated CA for strengthened security. With this authentication ecosystem in place, the final piece to consider is the solution for centrally managing all these credentials and certificates. This capability can be delivered as a service, in a multi-tenant cloud environment, enabling organizations to begin issuing and managing credentials for both physical and digital access in just a few hours.
Credential management solutions should be easy to deploy so that the workforce and contractors can safely operate inside and outside the physical workplace. Today’s cloud-based physical access credential management services automate and simplify the badge issuance process for everyone while eliminating inefficient, manual processes. Organizations have access to detailed insights about issued credentials including who has them, what they are for, why they have been credentialed, and for how long. Credential revocation is also automated, reducing the risk of insider security threats.
These cloud-management services also give administrators all details of active credentials, in any location. The services should be delivered through ISO27001-certified platforms that simplify employee access to the physical and digital workplace while solving administrative issues regulatory compliance and other business challenges in today’s dynamic hybrid work environments. They also should include unified authentication back-end functionality that allows organizations to choose the optimal security protocol for each use case while maintaining consistent rules and audit management capabilities.]
Simplifying Access, Security, And Compliance
Today’s ever-expanding set of cloud-based workforce, contractor, and visitor identity management applications work together on a common platform to transform how organizations address cyber and physical security, compliance, and business challenges. To unify, automate, and simplify identity issuance and management at a single facility or across any number of distributed office or remote work locations, while removing the complexity of installing, configuring, or supporting on-premise software. The result is a great user experience, scalability, and the elimination of manual processes for adapting to new challenges in today’s dynamic work environment.
Lovelock is currently Vice President Strategic Innovation at HID Global®, which powers the trusted identities of people, places, and things. He is responsible for sparking new innovation leading to the development of new products and services. Lovelock moved to the United States from London in 2006 following the acquisition of ASPACE Solutions where he was CTO and co-founder. He holds a BENG in Electrical and Electronic Engineering from the University of Aston, UK. HID Global® is an ASSA ABLOY Group brand.