Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAFE Solution by Quantum Secure Streamlining the Physical Identity Lifecycle November 2012.

Published byFelix Hardy Modified over 10 years ago

Similar presentations

Presentation on theme: "SAFE Solution by Quantum Secure Streamlining the Physical Identity Lifecycle November 2012."— Presentation transcript:

1 SAFE Solution by Quantum Secure Streamlining the Physical Identity Lifecycle
November 2012

2 Agenda State of Physical Identity Management
Problems Faced by Physical Security Practitioners What is Physical Identity and Access Management (PIAM)? Quantum Secure – The Leading PIAM Solution Provider Quantum Secure SAFE Solution SAFE Across Different Verticals Competitive Landscape Purchasers/ Decision Makers / Influencers/ Barriers Qualifying Questions Product Mix – Revenue Model SAFE Deployments Why Quantum Secure?

3 State of Physical Identity Management
76% Organizations say that rules governing physical access are being enforced manually today 79% Organizations say that compliance drives a significant portion of their security spend 41% Organizations admitted they had some or no control over their physical identity population Source: IDG Research, Physical Identity and Access Management, June 2012

4 Problems Addressed by Quantum Secure SAFE
RISK Silos of operations and lack of control over various physical IDs How can I implement best practices and standardize my security organization? How do I lower my liability and maximize asset protection? How do I future-proof my entire security investment? COST Manual processes and rip-and-replace of security systems COMPLIANCE Manual enforcement and monitoring of physical security controls Vik How can I leverage my existing security infrastructure on a global scale? How can I reduce manual processes that can be labour intensive, repetitive and may have potential errors? How do I optimize my resources, technologies and security operations? How can I keep up with government, organizational and industry regulations? How can I easily monitor infractions and proactively enforce my security policies and rules? How can I regularly report and audit my security landscape?

5 What is Physical Identity and Access Management (PIAM)?
Physical identity and access management (PIAM) technologies provide authentication, authorization and provisioning services in order to efficiently streamline the lifecycle of a physical identity within a global organization. PIAM ensures the right Physical ID’s – i.e. employees, visitors, contractors, vendors –are properly authenticated and have the right access to the right areas, for the right reasons for a specified duration of time. Right Physical IDs Right Access Right Reasons Right Times “Physical identity and access management (PIAM) deployments are increasing due to technology and product development, compliance mandates, a greater desire to manage alternative user populations such as on-premises visitors and contractors, and a sharp emphasis on timely and secure access”1 1Gartner Research; Physical Identity and Access Management; Feb 2012

6 Quantum Secure – The Leading PIAM Solution Provider
Founded in 2004 Headquarters in Silicon Valley, California 150+ Employees 5 Years of 100% Consecutive Growth Offices: US, Europe and Asia Patented technology Over 3 Million Identities Managed by SAFE Customers: Fortune 500, G2000, Government, Airports, Pharmaceuticals PG&E BT (British Telecom) San Francisco Intl. Airport US Dept. of Energy UnitedHealth Group AT&T Phoenix Intl. Airport US Dept. of Veteran Affairs VISA Oracle US Dept. of HHS

7 Why PIAM? Physical Identity Management is important for all organizations Reduce Costs. Immediate operating cost reduction. Payback period less than 12 months Minimize Risk. Centralized administration, systems interoperability Superior Compliance. Policy automation, physical identity lifecycle management

8 End State w/ Software Based PIAM
Policy automation Business Integration with physical and logical security/IT systems Dashboard & analytics Multiple Subsystems PACS Physical Identity Lifecycle Management and Process Automation HR/IDM Integration Integration PSIM/Event Mgmt. Network Security Compliance automation Correlation Event and Identity correlation Manage Pre-Enroll Executive-level dashboard and analytics Identity Enroll Use Security Operations Associate Issue Provision

9 Quantum Secure SAFE Solution
SAFE is the only patented software suite designed to manage, streamline and automate security identities, compliance, events and operations across disparate physical security and IT/logical systems including Personnel, Card Holder, Visitor and Access Management Compliance and Risk Management Identity, Compliance, Alarm and Risk Analytics Interoperability between Physical Security & IT Systems including PACS, IDS, HR, AD, IAM and other relevant systems Physical Identity & Access Management Compliance & Risk Management Security Intelligence Identity & Event Correlation Benefits Cost Reduction Superior Compliance Better Reputation Investment Protection Reduced Risk

10 SAFE Suite Offerings SAFE Suite of Applications SAFE Policy Server
Identity & Access Management Compliance & Risk Management Identity & Event Correlation Security Intelligence Workflows Orchestration Database Policy/Rules SAFE Policy Server The last slide detailed out the proposed state of physical security infrastructure and operations with a solution like Quantum Secure SAFE. This slide lists out SAFE Suite offerings that can help you realize the proposed optimized state. This slide shows the logical architecture of SAFE suite or very simply the building blocks. From the bottom up a brief description of each layer in the SAFE system architecture is as follows: Integration Layer – SAFE includes out-of-the-box connectors (SAFE Agents) that provide bi-directional exchange of data between SAFE and external systems. The range of external systems integrated using this component includes but is not limited to physical access control systems (PACS), HRMS, IDMS and LDAP training system databases, background check system, etc. The SAFE agents listen for data updates and changes in near real-time from all systems on the integration layer and then, based on defined policies, broadcast the change to the various and appropriate systems. Policy/ Orchestration Layer – This layer processes the data from the integration layer using rules defined within the policy engine. SAFE includes the unique capability of allowing security administrators to define security policies using a Microsoft Visio-based drawing board environment, which utilizes live objects to flow chart a policy that is automatically converted with SAFE and results in automated workflows. Application Module Layer - This layer represents the common applications resulting from the applied workflows and gathered data in the underlying base technology. SAFE applications are organized under the following categories – Identity and Access Management, Compliance and Risk Management, Analytics, and Event Correlation. SAFE Integration Framework SAFE IDM/HR/ LDAP Agent SAFE Watch List Agent SAFE PACS Agent SAFE Third Party SAFE SMTP Agent SAFE OCSP Agent OCSP Server HR/IDM/ Directory Services External Watch List Databases Third-party systems (PSIM etc.) Notifications Multiple PACS

11 SAFE Suite Offerings SAFE Suite of Applications SAFE Policy Server
Identity & Access Management SAFE Self Service Portal SAFE Visitor Identity Mgr SAFE Web Badging SAFE Visitor Identity and Credential Mgmt for PIV SAFE PIAM for PIV SAFE Asset Manager Compliance & Risk Management Compliance Regulator Attestation & Audit Document Management Infraction Manager Watch List Manager Identity & Event Correlation We partner with the best providers to optimize your “response efficiency” by correlating identity data with events and automating business operation policies SAFE Event Correlation Engine Security Intelligence Identity Analytics Alarm Analytics Risk Analytics Workflows Orchestration Database Policy/Rules SAFE Policy Server The last slide detailed out the proposed state of physical security infrastructure and operations with a solution like Quantum Secure SAFE. This slide lists out SAFE Suite offerings that can help you realize the proposed optimized state. This slide shows the logical architecture of SAFE suite or very simply the building blocks. From the bottom up a brief description of each layer in the SAFE system architecture is as follows: Integration Layer – SAFE includes out-of-the-box connectors (SAFE Agents) that provide bi-directional exchange of data between SAFE and external systems. The range of external systems integrated using this component includes but is not limited to physical access control systems (PACS), HRMS, IDMS and LDAP training system databases, background check system, etc. The SAFE agents listen for data updates and changes in near real-time from all systems on the integration layer and then, based on defined policies, broadcast the change to the various and appropriate systems. Policy/ Orchestration Layer – This layer processes the data from the integration layer using rules defined within the policy engine. SAFE includes the unique capability of allowing security administrators to define security policies using a Microsoft Visio-based drawing board environment, which utilizes live objects to flow chart a policy that is automatically converted with SAFE and results in automated workflows. Application Module Layer - This layer represents the common applications resulting from the applied workflows and gathered data in the underlying base technology. SAFE applications are organized under the following categories – Identity and Access Management, Compliance and Risk Management, Analytics, and Event Correlation. SAFE Integration Framework SAFE IDM/HR/ LDAP Agent SAFE Watch List Agent SAFE PACS Agent SAFE Third Party SAFE SMTP Agent SAFE OCSP Agent OCSP Server HR/IDM/ Directory Services External Watch List Databases Third-party systems (PSIM etc.) Notifications Multiple PACS

12 SAFE Across Different Verticals
Business Drivers Deployments SAFE Solution Managing and processing employee identity credentials for facility access Compliance regulations such as DEA, FDA and HIPAA Integrating with hospital/HR systems to simplify processing for vetting new applicants Texas Children's Hospital Visitor Identity Management, Web badging, integration with patient management system Compliance regulations such as regulations such as BASEL II, GLBA, SAS 70, SOX Different types of access areas (branch ops, cash vaults, network access, printing rooms, etc.) Inside threats and fraud prevention World’s leading insurance provider PIAM, Single point of control over multiple standalone Access Control, Self-Service, standardization of processes, Real-time reporting Credentialing for a complex network of facilities, roles and related access Biometric database integration Centralized document management High cost of operations and manual processes Compliance Regulations - TSA, SIDA AAAE San Francisco International Airport (SFO), Toronto Pearson (GTAA), Aspen PIAM, Tenant Management, Document Management, Web Badging, Self-Service, TSA Security Directives, Infraction Management & Reporting Enrolling and managing PIV cardholder Interoperability between PACS systems and logical authoritative identity systems PIV card lifecycle management in PACS Web-based visitor enrollment and management for PIV and non-PIV cardholders The Port Authority of New York & New Jersey - World Trade Center, Leading federal health agency PIAM, Implement HSPD-12 Directives, administer PIV & PIV-I credentials to comply with the OMB M memo. Adhere to FICAM initiative for PACS modernization, PIV-PACS interoperability. Healthcare Financial Services Ports (Air, Sea) Government

13 SAFE Across Different Verticals (cont.)
Business Drivers Deployments SAFE Solution Enforcement and monitoring of compliance to NERC CIP requirements Processes, tools and procedures to monitor physical access to the perimeter(s) Visitor control program for visitors Pre-defined reports and interactive dashboard views into key process Top utility companies in US PIAM, Badge Manager, Compliance Regulator, Audit Attestation, Document Manager Security breaches due to partners, contractors and former employees Manual process to achieve compliance to regulations, conduct audits Manual attestation process BT (British Telecom) Asset Management, PIAM, VIM, Compliance Regulator, end-user self service Streamlined enrolment and badge issuance processes for visitors Elimination in manual interventions needed across multiple PACS Tying multiple cards and card formats to one identity and physical access privileges globally Symantec, Oracle PIAM, VIM, Security intelligence, reporting, compliance management, asset management Effective execution of badging and metal key management processes Integration with different systems like student information systems, access control systems, event management and dispatch systems Roger William University (RWU) Role-based assignment of access across the entire campus, reporting of compliance rqmt. such as FERPA and HIPAA, connectivity to campus registrar database Energy Telecom High-Tech Universities

14 Competitive Landscape
Features Quantum Secure SAFE Alert Enterprise Intellisoft EasyLobby RightCrowd Nedap PIAM Self Service Visitor Identity Management Asset Management Contractor Management Web-Badging Compliance Regulator Attestation Audit Document Manager Watchlist Manager - Completely Available - Partially Available - Not Available

15 Competitive Landscape (cont.)
Features Quantum Secure SAFE Alert Enterprise Intellisoft EasyLobby RightCrowd Nedap Infraction Manager Security Reporter Identity Analytics Alarm Analytics Risk Analytics Solution for Airports Solution for Higher Education Solution for Government DataMatch and Reconciliation VIM Mobile App - Completely Available - Partially Available - Not Available

16 Purchasers/ Decision Makers / Influencers/ Barriers
Director of Security, Manager of Security, EVP, SVP of Security, Government/ Military-titled personnel, CISO (Chief Information Security Officer), CSO (Chief Security Officer), Security Consultants, Compliance Related Titles Buyers CXOs (CISO, CSO, CTO), VP – IT Security Compliance and Risk Manager Internal Departments like Facilities, HR External Consultants (i.e. In WTC, SFO consultants played a significant role) System Integrators (JCI, etc.) Influencers Internal IT team (Apps development) who can build a home-grown solution Barriers

17 Purchasers/ Decision Makers / Influencers/ Barriers
MD/ CEO CTO CMO CSO/CISO VP/Director - Physical Security VP/Director – IT Security External Security Consultants CFO VP/Director – Risk & Compliance Buyers Influencers Why s/he will influence? As SMEs, these present new technologies to address existing customer problems Will be pursued as champions of innovative solutions Why s/he will influence? Complete security of information assets requires physical security controls Combined use cases for logical and physical access authentication Why s/he will influence? Need to adhere to external and internal regulations including those for physical security Need to automate periodic audits

18 Qualifying Questions Close Ended Questions Open Ended Questions
Does your organization use multiple physical access control systems to manage different physical identities? Do you have automated synchronized on-/off- boarding of an identity from the authoritative data source (i.e. HR system) into the physical access control systems? Is it done manually or do you use some in-house product? Do you find it challenging to centrally manage physical identities and their access validation? Are you facing the burden of significant capital expenses towards standardizing on one PAC system in immediate future? Does your security staff face the burden of responding to physical security requests coming from employees like access change, badge request etc.? How do you currently manage the physical identities like employees, visitors, contractors, vendors etc.? How do you make sure that your organization meet all the external compliance regulations (like ICAM/HSPD-12, NERC, CFATS, SOX, etc.) for Physical Security? How do you currently integrate physical security system and the logical security system in your organization? How do you make sure that an employee/ contractor who is no longer with your organization, has his/ her identity and access removed in all areas of the organization immediately? What best practices do you follow to standardize your security organization? How do you currently monitor infractions and enforce security policies and rules?

19 Product Mix – Revenue Model
Enterprise Software Sale ASP $250K – $500K starting corporate license Enterprise-wide installation & services Sales model: direct sales + system integrators SaaS & subscription model – build annuity Vertical Offerings Solving industry-specific pain points Compliance & risk management: airports, energy Policy automation and operational improvements FIPS 201 – PIV automation, ICAM roadmap Sales model: channel partners – security dealers & VARs OEM Sale Policy engine: ASP $100K - $300K Convergence of IT & physical security Sales model: OEM through physical & IT security companies

20 Resulting Implications
SAFE Deployments S. No. Customers SAFE Solution Resulting Implications 1 1) Centralized physical access grants, revoke and management across diverse PACS 2) Centralized web badging: consolidate global SOCs 3) Compliance automation: Audit, attestation and real-time reporting 4) Flexible and scalable common policy based platform for physical Identity and Access Management: Saved up to $ 8 million towards capital costs for rip and replacing PACS 2 1) Automated card holder administration & role/location based provision by integrating PeopleSoft HRMS/Oracle IDM & PACS 2) Centralized smartcard badge issuance for logical and physical access 3) Elimination in manual interventions needed for cardholder administration, visitor management and metal key management Cost Savings of £750K/year by eliminating custom development & Maintenance Cost 3 1) Automated card holder administration & reporting across various PACS for SOX compliance 2) Elimination in manual interventions needed across multiple PACS – GE, Lenel, visitor management systems, disaster recovery, case management 3) Streamlined enrolment and badge issuance processes for visitors Reported $10 return for every $1 investment in SAFE, headcount reduction from 15 to 8 dedicated to manual processes 4 1) Reduced long processing times 2) Increased security compliance with compliance regulator 3) Automated manual processes through PIAM Average cost per customer came down from $49 to $35; a 28% savings 5 1) Automated card holder administration & role/location based provision by integrating PeopleSoft HRMS & PACS 2) Elimination in manual interventions needed for cardholder administration, visitor management, hard key management, parking reports 3) Self-service physical security portal Automation of manual processes and real time compliance 6 1) Multi-tenant delegated administration system 2) Alerting mode and one-minute response (via mail, pager, mobile) 3) Real-time reports on tenant-specific portal 4) Physical access event correlation and interpretation, and alerting Reduced time for on-board card provisioning and cost savings for rip and replacing PACS 7 1) Real-Time integration with Enterprise Identity Management to eliminate manual forms, and maintain data integrity 2) Compliance with Federal Badging Initiatives (HSPD12) 3) Satisfy Multiple Stakeholders Lower operational cost and centralized security policies

21 Resulting Implications
SAFE Deployments S. No. Customers SAFE Solution Resulting Implications 8 1) Automation of key manual processes related to access credential issuance and access privilege assignment 2) Streamlining compliance initiatives 3) Integration and automation of various disparate systems 4) Eliminating data entry mistakes and improving auditing capabilities Reduced time to provision access for identities within PACS by 88% 9 1) Automating the process of managing security for personal and property 2) Integration of ERP systems with PACS 3) Automating key physical security processes 4) Effective execution of badging and metal key management processes Automation of 40% of security operations, Elimination of up to 95% of errors in badging 10 1) Simplified provisioning of all personnel into their airport identity management system 2) Seamless integration of disparate biometric devices into one user interface 3) Incorporation of Biometric Airport Security Identification Consortium (BASIC) practices 4) Integration with centralized billing system Huge reductions in operating costs and real-time compliance with the TSA security directives 11 1) Management of entire badging process 2) Automating manual processes related to background checks, access credential issuance and access privilege assignment 3) Electronic, workflow-driven processes for assignment of metal keys and other access devices to identities Streamlined operations, improved customer service and compliance 12 1) Deployed the complete visitor management solution 2) Employees or hosts are able to invite visitors using the web-based self-service interface 3) Automatically conducts background check with external watch list databases and an internal POI list Improved front desk efficiency and minimal security risks 13 1) All visitors are given a bar-code pass and must badge in through base building turnstiles 2) All visitors are checked against the watch list 3) All visitors are auditable in terms of their access to the building and allowed to access only pertinent elevator banks Reduced operational expenses and enhanced security 14 1) Deployed SAFE Visitor Identity Manager and also used the same solution to track packages delivered to employees within the organization 2) Also deployed the self-service kiosk version of SAFE software to allow visitors to do an unmanned check-in at the lobby Reduced operational expenses and high return on investments

22 Cost Reduction/ Avoidance
Conclusion Policy-driven software to manage the lifecycle of identities, their physical access across disparate physical security systems while providing compliance. Improves efficiency of physical security processes and minimizes delay Minimizes errors and compliance exceptions Eliminates the need to rip-and-replace disparate PACS Reduces the volume of calls to physical security staff Assists executives in better decision making Improves quality and time of response to security incidents Unique and superior capabilities that can not be matched by competitors Bi-directional integration with physical and logical security systems and other systems like training, watch lists Graphical environment for easily defining and managing security policies Web-based visitor management with PACS integration and real-time background check Dynamic reports and analytics which tells both – what’s happening and why it’s happening Single self-service interface for making all requests related to physical security Out-of-the-box controls to automate compliance with external regulations Benefits Cost Reduction/ Avoidance Superior Compliance Reduced Risk *: IDG Research, Physical Identity and Access Management, June 2012

23 Thank you! November 2012

24 SAFE Suite of Applications

25 The Quantum Secure Solution: The SAFE Suite

26 SAFE Integration Framework
Provides the foundation for bi-directional data exchange with integrated systems Out-of-the-box agents for more than 50 PACS and other systems like HR, IDM, ERP, LDAP, Background Check, Training, Mass Notification, Biometrics etc. About SAFE Agent Built-in publish/subscribe functionality Real-time and event-based processing Guaranteed message delivery Conflict and acknowledgment processes Message translator and normalizer Schema and Security Configuration Download Manager Pre-built system specific data model, i.e. PACS, IDM Agent Configuration Utility – one place to manage all connectors

27 SAFE Policy Server Provides the ability to centrally define security policy rules and workflows Patented graphical tool allows easy flowcharting of a security policy rule Orchestrates execution of complex rules/workflows across multiple systems Policy Automation in SAFE Microsoft Visio based interface Drag-and-drop and link “live objects” to create schematic representation of a policy System automatically converts the drawing into rule set for the underlying systems Includes out-of-the-box rules based on proven best practices SAFE Policy Editor – Easy visual way to define and manage policies/workflows

28 SAFE Physical Identity & Access Manager (PIAM)
Features: Centrally manage all types of identities in the interest of physical security Includes pre-defined rules and workflows for on-/off-boarding of physical identities, access provisioning and access change management Assign access levels to an identity across disjointed PACS Complete audit trail into all transactions executed within the system and between SAFE and external systems

29 PIAM | SAFE Visitor Identity Manager
Features: Allows web-based visitor pre- registration by hosts Manages list of visitors and provide the flexibility to share them across the organization Pre-defined policies for visitor and physical access approval, signed NDA verification, notifications, reminders and escalations Automates visitor provisioning into your PACS infrastructure Manages event visitors or large groups of visitors Pre-Registration Manage Registration Check-out Check-in Visitor Badge Issuance Usage Provisioning

30 PIAM | SAFE Asset Manager
Features: Easily add new physical assets to the system View and modify the attributes of an existing physical asset Automate the provisioning of physical assets to the identities Track physical asset information and status Automate any fee-payment activities Quickly transfer “ownership” of a physical asset Employee, Contractor Vendor

31 PIAM | SAFE Web Badging Features:
Centrally manage badges for all types of identities across all facilities Ensures policy-based production and issuance of badges Captures all necessary data such as photo, signature, biometrics within one console by integrating with all types of peripherals Automates workflow and notification based on change of certain badge or identity attributes

32 PIAM | SAFE Self Service
Features: Web-based portal with an intuitive UI that enables employees to make multiple physical security requests: new physical access requests and changes, badge Allows end users to request for access on behalf of other personnel, including managers who can request access for their employees Authorize different policies based on asset type, location type and other key attributes

33 PIAM | SAFE Self Service

34 SAFE Compliance and Risk Management
Features: Centrally managing all regulations and associated controls Automating assessment, remediation and reporting as per defined review cycle Automatically triggering compliance-based actions based on physical access events Enabling physical security change management based on regulatory policies Detailed reporting and risk analysis

35 SAFE Compliance and Risk Management | Document Management
Features: Policy-based approach to document collection, update and retrieval The ability to scan, store and verify paper/breeder documents associated with each individual Identity Paper documents can be scanned on a document scanner and sent to specific locations for storage and ongoing document lifecycle management Allows Web-based access to documents Passport Company Insurance Driver’s license Birth certificate Paper forms

36 SAFE Compliance and Risk Management | Compliance Regulator
Features: Allows security practitioners to enforce governance across diverse and disjointed physical access control systems (PACS), creating a transparent, traceable and repeatable real-time global compliance process Pre-built controls for the following: NERC CIP Sarbanes Oxley FDA/DEA CFATS TSA Security Directives Stakeholders Compliance Compliance Identity Systems Events

37 SAFE Security Intelligence
Features: Collects data from multiple external systems to generate cross application reports Provides interactive, point-and- click views of key physical security, facility and compliance related metrics Provides pattern/trend of the metrics over a time period Includes threshold analysis of alarm data to classify sites as high, medium and low risk sites

38 SAFE Security Intelligence | Alarm Analytics
Features: Interactive dashboard views of metrics related to alarms - alarms by site, by alarm type, by count, by week or by time of day Diagnose sites/devices that are generating most number of alarms Pre-built metrics across sites for: All sites by device and alarm type Top sites by number of alarms Top alarm types by their count Top devices by the number of alarms Daily, weekly and monthly patterns/trends of key metrics

39 SAFE Security Intelligence | Identity Analytics
Features: Interactive dashboard views of metrics related to badge and facility usage by identities Pre-built metrics across sites, buildings and business units for: Facility utilization or occupancy for assigned and non-assigned badges Allocation of badges Badge usage Badge non-usage Daily, weekly and monthly patterns/trends of key metrics

40 SAFE Security Intelligence | Risk Analytics
Features: Includes a library of pre-defined physical and integrated security risks along with associated Key Risk Indicators (KRIs), including: Terminated Users Orphaned Badges Abnormal Badge Usage Watchlisted Identities Incomplete/Failed/Expired Background Checks Access to Critical Areas without Completing Training

41 SAFE Identity & Event Correlation
Features: Unified management of events and associated identities within one integrated console Data exchange interface for sharing identity status and usage related to physical security alarms Policy management to configure responses and actions to identity and alarm events Integrated reporting and analytics across identities and events

42 Vertical Solutions November 2012

43 Key Verticals Government – (FIPS/PIV, CAC, FICAM)
Vertical Profiles Key Verticals Government – (FIPS/PIV, CAC, FICAM) Aviation/Seaports/ Critical Infrastructure (TSA/TWIC) Banking/Financial/Insurance – (FSA, PCI, MAR) Energy (NERC) Petrochem (CFATS) Healthcare (HIPAA) Pharma (21-CFR) Higher Education The SAFE prospect profile & why

44 SAFE for Aviation Market Drivers SAFE Benefits Operations: Safety
Operational efficiency Regulatory compliance Changing technologies Security: Ensure high security Exceed TSA, TSC requirements Manage data privacy and background checks Leverage existing investments Finance: Construction/ renovation projects Increase airlines/vendors on-site Constant need for additional revenue sources Budget pressures Customers: Reputation is key Customer satisfaction SAFE Benefits Real-time policy adherence, correction and compliance reporting Efficiencies in card management via automated workflows Self-service portal for employees and tenants Efficient processes, accurate data, scalable infrastructure that increases productivity for airport staff Works with existing physical security infrastructure – no rip & replace

45 SAFE for Aviation Value Proposition
Quantum Secure’s SAFE suite of products provides a supervisory management system layer to automate manual workflows and processes, enabling airport authorities to manage facility access of users and groups through role-based access control. SAFE provides: Employee/employer and customer profile management Key card/pass permit/parking pass management Airside Vehicle Operators Permit (AVOP) management AVOP tickets/infractions/suspensions management Correspondence/letter management Reporting/auditing/exception handling Role-based physical access control SAFE provides the back-end repository, business rules and Web GUI for the permit/pass office and for gaining access to external TSA systems.

46 SAFE for Life Sciences Market Drivers SAFE Benefits Compliance:
HIPAA, FDA, DEA, HIPAA, DoD Data centers, laboratories, pharmacies Loss of Assets & Theft: Essential medical equipment missing High-value assets stolen or damaged Restricted access to drugs and controlled substances Fraud: Billing Time and attendance Inventory Threat: Workplace stress Potential for violence Bioterrorism target Criminal threat Contamination SAFE Benefits Cost reductions in employee/ contractor on- and off-boarding, change management (lost cards, temporary cards, access changes, disabling cards for vacation, etc.) Departmental productivity regained and wait times eliminated by automated processes and integrated self- service Automated, rules-based monitoring, enforcement and reporting of compliance requirements

47 SAFE for Life Sciences Value Proposition
Quantum Secure’s SAFE suite of products provides a single interface to manage all identities, roles and related area access across a global telecommunications security infrastructure. SAFE offers telecommunications-specific features such as: Automatic access assignments, limiting hours and areas, requirement of special approvals Self-service portal for employees and contractors to manage access The ability to configure access groups/zones to business needs – across facilities and PACS Assignment of secure area stewardship to business owners Use of workflow and s to streamline processes SAFE provides the back-end repository, business rules and Web GUI for the security office, employees and trusted and un-trusted identities, increasing operational efficiencies and providing real-time compliance reporting.

48 SAFE for Telecommunications
Market Drivers Operations: Massive regional and/or global footprint Disparate physical security systems Data center/co-location management issues Regulatory compliance Security: Management of “trusted” and “un-trusted” identities across employees, vendors and third-parties Consolidation and standardization Theft and data breaches Budget pressures Customers: Equipment maintenance Outages and emergency access SAFE Benefits Automate card holder administration and role/location-based provisioning Global efficiencies in card management Real-time policy compliance Flexibility to grow via merger and acquisition Lower total cost of ownership Works with existing physical security infrastructure – no rip & replace

49 SAFE for Telecommunications Value Proposition
Quantum Secure’s SAFE suite of products provides a single interface to manage all identities, roles and related area access across a global telecommunications security infrastructure. SAFE offers telecommunications-specific features such as: Automatic access assignments, limiting hours and areas, requirement of special approvals Self-service portal for employees and contractors to manage access The ability to configure access groups/zones to business needs – across facilities and PACS Assignment of secure area stewardship to business owners Use of workflow and s to streamline processes SAFE provides the back-end repository, business rules and Web GUI for the security office, employees and trusted and un-trusted identities, increasing operational efficiencies and providing real- time compliance reporting.

50 SAFE for Petro/Chemical
Market Drivers Operations: Political and physically hostile environments Employee safety across massive physical infrastructure Growth in regulatory and environmental restrictions Security: Ensure high security and safety Consolidation and standardization Leverage existing investments Finance: Corporate governance Budget pressures: exploration is very expensive Downsizing within the industry Customers: Reputation SAFE Benefits Automate card holder administration and role/location-based provisioning Global efficiencies in card management Real-time policy compliance Flexibility to grow via merger and acquisition Lower total cost of ownership Works with existing physical security infrastructure – no rip & replace

51 SAFE for Petro/Chemical Value Proposition
Quantum Secure’s SAFE suite of products provides a single interface to manage all identities, roles and related area access across a global telecommunications security infrastructure. SAFE offers telecommunications-specific features such as: Automatic access assignments, limiting hours and areas, requirement of special approvals Self-service portal for employees and contractors to manage access The ability to configure access groups/zones to business needs – across facilities and PACS Assignment of secure area stewardship to business owners Use of workflow and s to streamline processes SAFE provides the back-end repository, business rules and Web GUI for the security office, employees and trusted and un-trusted identities, increasing operational efficiencies and providing real- time compliance reporting.

52 SAFE for High Technology
Market Drivers Operations: Disparate systems Rapid expansion of enterprise ecosystem Operational efficiency Regulatory compliance Security: Protect both physical and information-based assets Overlap between information and physical security functions Consolidation and standardization Leverage existing investments Finance: Corporate governance Budget pressures Customers: Reputation: security as a selling point SAFE Benefits Multiple cards and card formats tied to one identity and physical access privileges globally Seamless smartcard issuance and management System and processes to establish authority, responsibility and related access Flexibility to grow via merger and acquisition Lower total cost of ownership Works with existing physical security infrastructure – no rip & replace

53 SAFE for High Technology Value Proposition
Quantum Secure’s SAFE suite of products provides an enterprise management layer for high-technology organizations, working with existing physical security infrastructures, integrating with corporate and IT systems and solving critical pain points associated with global compliance and card access management. SAFE interfaces with key systems including: Physical Access Control Systems (PACS) Biometric systems such as iris or fingerprint scanners Corporate IT/HR systems Vendor profile management systems Visitor management systems Disaster recovery and emergency notification systems SAFE provides the back-end repository, business rules and Web GUI for the security office, employees and trusted and un-trusted identities, increasing operational efficiencies and providing real- time compliance reporting.

54 SAFE for Education/Universities
Market Drivers Operations: Multiple profiles Operational efficiency Regulatory compliance Newer technologies Security: Ensure high security Consolidation and standardization Leverage existing investments Finance: Corporate governance Budget pressures Mergers and acquisitions Customers: Competition Reputation Customer satisfaction SAFE Benefits Role-based assignment of access Seamless smartcard issuance and management Automated, rules-based monitoring, enforcement and reporting of compliance requirements Assuring compliance with regulatory security requirements such as FERPA and HIPAA Works with existing physical security infrastructure – no rip & replace

55 SAFE for Education/Universities Value Proposition
Quantum Secure’s SAFE suite of products provides automates manual workflows and processes, enabling higher-education security professionals to manage facility access of users and groups through role-based access control. SAFE provides: Accurate verification and automated provisioning/de- provisioning of faculty, staff, students, researcher, vendor, affiliates and alumni Controlled access to facilities, restricted areas, physical assets within banner systems and PACS A reduction in physical security vulnerabilities by synchronizing changes to identities A common repository for physical security audits & reports SAFE allows public and private universities, multi-campus institutions, research and medical colleges to improve student services, enhance operational visibility and manage student life- cycles.

56 SAFE for Government Market Drivers SAFE Benefits Operations:
Regulatory compliance: HSPD-12 Common identification standard for federal employees and contractors Operational efficiency Back-end attribute exchange Security: Regular visitors and variance in quality of IDs used to enter restricted areas Increase government efficiency, reduce identity fraud, and protect personal privacy Consolidation and standardization Leverage existing investments SAFE Benefits Facilitates usage of HSPD-12-compliant cards across entire physical security infrastructure Elimination of manual data entry for PIV attributes = lower operational costs Real-time certificate validation Database integrity ensured Centralized security policies

57 SAFE for Education/Universities Value Proposition
Quantum Secure’s SAFE suite of products automates manual workflows and processes, enabling government authorities to manage users and groups through role-based access control. SAFE provides: The ability to enroll, verify, authorize and provision cardholders into virtually any existing PACS environment The enforcement of business rules for automatically granting and revoking access privileges per HSPD-12 guidelines Real-time synchronization of PIV Identity attributes to manage additions/ changes/terminations/ certificate expiration Support for a wide variety of card types, including CAC, FRAC, MAC and TWIC SAFE provides the back-end repository, business rules and Web GUI for the security office, employees and compliance regulators, increasing operational efficiencies and providing real-time reporting.

58 Quantum Secure Customer Deployments
November 2012

59 SAFE Deployment - Oracle Corporation
Background: Services customers in 140+ countries Over 2100 Facilities 4 PACS brands; 12 PACS servers 130,000+ employees, contractors and vendors, third parties Requirements: Centralize physical access grants, revoke and management across diverse PACS Establish a flexible and scalable common policy based platform for physical Identity and Access Management: Operational agility, compliant provisioning / terminations and rules based approval workflows Centralize web badging: consolidate global SOCs Compliance automation: Audit, attestation and real- time reporting Reduce TCO (total cost of ownership) and overall operational cost SAFE Benefits: Avoided $8M of capital expense for PACS rip-replace due to M&A Integrate and interoperate all disparate PACS into a common platform Fully automated access provisioning / termination process globally – automated rules and workflows for access rights management Real-time policy compliance Operational cost savings year over year

60 SAFE Deployment - British Telecom
Background: British Telecom is a global provider of telecommunications infrastructure and services 7000+ facilities/sites throughout the world 200,000+ employees, contractors and vendors Requirements: Needed automate card holder administration & role/location based provision by integrating PeopleSoft HRMS/Oracle IdM & PACS (both legacy and updated) Elimination in manual interventions needed for cardholder administration, visitor management and metal key management Centralized smartcard badge issuance for logical and physical access Temporary and ‘un-trusted’ (pool) card management Self-service physical security portal - both trusted vendors and identities Flexibility to grow - mergers & acquisitions Reduce TCO (Total Cost of Ownership) SAFE Benefits: Cost Savings of £200K/year by automating manual security operations Cost Savings of £750K/year by eliminating custom development & Maintenance Cost Seamless smartcard issuance and management Real-time policy compliance Efficiencies in card management No manual processing – all automated No rip & replace

61 SAFE Deployment – Symantec Corporation
Background: Global security management company Facilities in 40+ countries 19 data centers, multiple PACS 40,000+ employees, contractors and vendors Requirements: Needed automated card holder administration & reporting across various PACS for Sarbanes Oxley (SOX) compliance Ensure multiple cards and card formats can be tied to one identity and physical access privileges globally Elimination in manual interventions needed across multiple PACS – GE, Lenel, visitor management systems, disaster recovery, case management Eight-week deployment timeframe Reduce TCO (Total Cost of Ownership) Streamlined enrolment and badge issuance processes for visitors SAFE Benefits: $2.5M cost savings over 3 years Real-time policy compliance Reduced manual interventions Fewer SME required to operate security infrastructure Reduced from 15 to 8 people No rip & replace of existing hardware/ software

62 SAFE Deployment – Cincinnati Children’s Hospital
Background: Cincinnati Children's Hospital Medical Center is a leader in pediatric healthcare, research and medical education 15 patient care sites throughout the region 15,000+ medical staff, employees, contractors and vendors Requirements: Needed automate card holder administration & role/location based provision by integrating PeopleSoft HRMS & PACS Elimination in manual interventions needed for cardholder administration, visitor management, hard key management, parking reports Self-service physical security portal Reduce TCO (Total Cost of Ownership) SAFE Benefits: One-click audit & reporting Real-time policy compliance Efficiencies in card management No manual processing – all automated No rip & replace

63 SAFE Deployment - Adobe
Background: American computer software company founded in 1982 Creates multimedia and creativity software products, and into Internet application software development In-house designed system for managing identities related to physical access Requirements: Automation of key manual processes related to access credential issuance and access privilege assignment Streamlining compliance initiatives Integration and automation of various disparate systems Eliminating data entry mistakes and improving auditing capabilities User-friendly security operations and policies Reduce TCO (Total Cost of Ownership) Improving customer satisfaction and overall levels of security SAFE Benefits: Automation of manual, labor-intensive tasks Average processing time for employee badging reduced by 62% Average time-access changes to be granted in PACS from 4 minutes to half a minute A saving of 36 hours per month of labor in processing new employee badges

64 SAFE Deployment – the Irvine Company
Background: 140-year-old real estate company 400 office buildings, 40 retail centers, 90 apartment communities, two hotels, five marinas, three golf clubs Multiple PACS Requirements: Multi-tenant delegated administration system Different access levels/profiles per tenant Change requests managed within five minutes Notification to stakeholders within one minute Alerting mode and one-minute response (via mail, pager, mobile) Real-time reports on tenant-specific portal Physical access usage history Ability to view reports related to their employees Physical access event correlation and interpretation, and alerting SAFE Benefits: Cost avoidance – SaaS On-boarding card provisioning from days to minutes Delegated administration – fully automated, labor savings No rip & replace

65 SAFE Deployment – US Department of HHS
Background: Large federal agency managing FDA, NIH, CDC, IHS, HRSA, …. 100,000+ employees, contractors and vendors Requirements: Real-Time integration with Enterprise Identity Management to eliminate manual forms, and maintain data integrity Compliance with Federal Badging Initiatives (HSPD12) Consistency of photographs across all PACS Enforcement of business rules for automatically granting and revoking access privileges per HSPD-12 guidelines Satisfy Multiple Stakeholders, Multiple Agencies within HHS SAFE Benefits: Facilitates HSPD-12 compliance Elimination of manual data entry for PIV attributes = lower operational cost Real-time certificate validation Database integrity ensured Centralized security policies

66 SAFE Deployment – Roger Williams University
Background: Established in 1956 and located on 140 acres of land Private liberal arts college, currently ranked in the Top 10 of comprehensive colleges in the North 3,800 undergraduate and 850 graduate students enrolled in 36 liberal arts majors and five professional schools Multiple disparate systems Requirements: Automating the process of managing security for personal and property Integration of ERP systems with PACS Delegation of authority regarding access related to identities to particular departments in the organization Automating key physical security processes Reduction in the Physical Access Management Team’s day-to-day efforts Effective execution of badging and metal key management processes SAFE Benefits: Integration of ERP systems with PACS Automation of 40% of security operations Elimination of up to 95% of errors in badging and access management Significant reduction in cost Effective management of identity access to university buildings and facilities

67 SAFE Deployment - GTAA Background: Requirements: SAFE Benefits:
Canada’s biggest & busiest airport Handling 30 million+ passengers/year 80,000 identities under management Pass/Permit Control Office (PPCO) administers 33,000 active personnel Serves 175 clients/day (over 43,000 per year) Requirements: Reduce long processing times Poor customer service Workers (tenant employees) leaving the airport before getting on the job Increase security compliance Difficult/costly to enforce consistent security controls Automate manual processes Average delay for a PPCO appointment was four weeks SAFE Benefits: Time for on-boarding IDs went from 577 min down to 72 min Price per ID processing went from $49/card to $35/card Average wait times reduced from 560 minutes to 20 minutes, a 96% reduction Faster processing = better client service Single-source data = high physical security controls Reliable reporting = effective business operations

68 SAFE Deployment – Aspen Airport
Background: County-owned public-use airport 44,000 square foot single-floor terminal facility, including six rental car operations, a year-round guest services operation, a restaurant and gift shop concessions. Largely seasonal employee base and a small airport badging staff Requirements: Simplified provisioning of all personnel into their airport identity management system Seamless integration of disparate biometric devices into one user interface Incorporation of Biometric Airport Security Identification Consortium (BASIC) practices Manage the issuance of pre-encoded proximity cards for different types of badge layouts Integration with centralized billing system Provide central repository for capturing, storing and managing documents SAFE Benefits: Streamlined security operations Huge reductions in operating costs Future-proofing of the physical security infrastructure Simplification of badging operations through automation Reliable and accurate reporting on pass office operations Real-time compliance with the TSA security directives

69 SAFE Deployment – San Francisco International Airport
Background: Category X airport that handles over 40-million passengers each year Tenth largest in the United States and one of the world’s 30- busiest airports Multiple departments within the airport – Aviation Security, Airfield Operations, Security Operations Center etc. Requirements: Management of entire badging process A system that could work across multiple departments and systems within the airport Automating manual processes related to background checks, access credential issuance and access privilege assignment Issuance of multi-technology, highly secure badges for use with multiple PACS and biometric access devices Provisioning of biographic and biometric information onto the badge contact-less chip Dynamically driven enrollment processes appropriate to each applicant Electronic, workflow-driven processes for assignment of metal keys and other access devices to identities Integration with computer-based training systems for real-time validation of training credentials SAFE Benefits: Streamlined security operations Improved level of customer services Simplification of compliance needs Real-time compliance with current TSA security directives Reduction in data entry errors Optimization of the management of TSA- regulated badging processes

70 SAFE Deployment – Empire State Building
Background: Inability to securely manage thousands of visitors for their 300 tenants High visitor processing time causing long wait times and delay Requirements: Deployed SAFE and connected to the base building GE Diamond II system for validation of tenants’ status when pre-registering a visitor All visitors are given a bar-code pass and must badge in through base building turnstiles All visitors are checked against the watch list All visitors are auditable in terms of their access to the building and allowed to access only pertinent elevator banks Tenants use self-service portal to manage their employee’s status for base building access and visitor invitation authorization SAFE Benefits: Securely manage both tenants’ physical access and visitors’ access to the premises using one solution Reduce operating expenses by allowing tenants’ administrators to manage their employee access and pre-register visitors

71 SAFE Deployment – Juniper Networks
Background: Uses SAFE Physical Identity and Access Mgmt to securely on-board identities from HRMS to PACS Wanted to securely manage all types of identities including visitors using the same solution Requirements: Self-service process for managing access requests for employees Centralized web-based badging and managing access for individual regions Allow visitors to do an unmanned check-in at the lobby Automate synching of PeopleSoft records with CCure Common repository for security audits & reports Track packages delivered to employees within the organization Linking SAFE with ElectroStatic Discharge (ESD) Training system/database Integration with Emergency Notification System - SendWordNow SAFE Benefits: High ROI by leveraging one solution to manage all types of identities and using the same visitor management solution to track packages Reduced operational expenses by allowing visitors to do self check-in

Download ppt "SAFE Solution by Quantum Secure Streamlining the Physical Identity Lifecycle November 2012."

Similar presentations

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.

© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.
© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP TRIM HP Information Management.

© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP TRIM HP Information Management.
Vice President of Facilities

Vice President of Facilities
SysLogix Inc. eProducerPortal.com by. Introduction 'Onboarding” - the process of contracting and appointing new agents. It is used to refer to the administrative.

SysLogix Inc. eProducerPortal.com by. Introduction "'Onboarding” - the process of contracting and appointing new agents. It is used to refer to the administrative.
Misys Treasury & Capital Markets

Misys Treasury & Capital Markets
Distributed Capture within a Microsoft Environment.

Distributed Capture within a Microsoft Environment.
1 Vladimir Knežević Microsoft Software d.o.o.. 80% Održavanje 80% Održavanje 20% New Cost Reduction Keep Business Up & Running End User Productivity End.

1 Vladimir Knežević Microsoft Software d.o.o.. 80% Održavanje 80% Održavanje 20% New Cost Reduction Keep Business Up & Running End User Productivity End.
August 2004 Providing Industry-wide Security and Identity Management Solutions.

August 2004 Providing Industry-wide Security and Identity Management Solutions.
All content in this presentation is protected – © 2008 American Power Conversion Corporation Rael Haiboullin System Engineer Change Manager.

All content in this presentation is protected – © 2008 American Power Conversion Corporation Rael Haiboullin System Engineer Change Manager.
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
We make it easier for businesses of all sizes to safely accept checks transmodus offers clients automation utilizing our online processing platform for.

We make it easier for businesses of all sizes to safely accept checks transmodus offers clients automation utilizing our online processing platform for.
Security Controls – What Works

Security Controls – What Works
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Regents Update New Business Architecture Project 2010 Jan00 meeting notes.doc March 17, 2004 Accelerating the New Business Architecture An Update for the.

Regents Update New Business Architecture Project 2010 Jan00 meeting notes.doc March 17, 2004 Accelerating the New Business Architecture An Update for the.
UC San Diego EH&S Staff Meeting Project 2010 Jan00 meeting notes.doc May 5, 2004 Update on the New Business Architecture EH&S Staff Meeting.

UC San Diego EH&S Staff Meeting Project 2010 Jan00 meeting notes.doc May 5, 2004 Update on the New Business Architecture EH&S Staff Meeting.
University of California New Business Architecture Project 2010 Jan00 meeting notes.doc April 15, 2004 Accelerating the New Business Architecture UC Employment.

University of California New Business Architecture Project 2010 Jan00 meeting notes.doc April 15, 2004 Accelerating the New Business Architecture UC Employment.
Enterprise Physical Access Control System (ePACS) Overview Briefing

Enterprise Physical Access Control System (ePACS) Overview Briefing
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Similar presentations

Ads by Google