AuthenticationWorld.com
The business of authentication
- Authentication Categories
- Password Authentication
- Single Sign On Authentication
- Access Control Authentication
- Access Control Business Case
- Role Based Access Control
- Access Control Cards
- Access Control Software Systems
- Network Access Control
- Authentication - Enterprise Security
- Authentication Strength
- Authentication Transaction
- Authentication Management
- User Authentication
- Authentication Federation
- Authentication-Biometric
- PKI Authentication
- Token Authentication
- Wireless Authentication
- Document Authentication
- Authentication -Outsourcing
Access Control Business Case
There are many business case reasons why access control should be deployed. These include:
- Security administration cost reductions
- Streamlining the provisioning process for new hires, contractors and temps can result in sometimes significant recurring cost savings.
Administrative Cost Reductions
For example, a new hire will accept the new job offer. The information obtained from the new hire, prior to arriving at the enterprise facility, may be automatically sent as part of a workflow to police authorities for a background check. Once the check is returned and approved, the new hire will be automatically assigned a job title and roles. With the information about the new hire's title, location and roles, the provisioning system would automatically create network access, phone access and application access, create a security badge and assign assets for the new hire. When the new hire shows up for their first day on the job, the enterprise would be ready to have them commence work immediately.
The above scenario contains numerous paper or electronic forms to be manually filled in and processed independently. There are numerous clerical and managerial labor costs involved in processing the security clearance, network, applications, email, assets and security badge required.
A good business case maps out the workflows for each of the major business processes involving new hires, job changes and terminations. Then the labor costs are assigned to the work involved. By automating portions of the workflow, automatically forwarding for approvals, tracking approvals and then automatically issuing network, applications, assets and security card access, the overall costs savings may be very large.
Regulatory Compliance
Depending on the industry you're in, you may be facing increasing regulatory compliance. For instance, financial enterprises often have to show financial regulators that users are quickly removed from access to financial software and even building access when there job is changed or terminated.
Other industries may have to comply with Homeland Security Requirements and be able to show who is on a facility site at any time. Still others may have to comply with Safety and Training regulations and demonstrate that works on a facility site have received the proper safety training prior to being allowed onto the site.
The business process for meeting regulatory requirements needs to be mapped out. Then costs need to be assigned to the different parts of the existing process. Often, a strong business case can be made for implementing an integrated access control and provisioning system. By streamlining the business process and enforcing automated or semi-automated workflow approval standards, workers can be quickly granted or removed from physical, network, application and asset access.
Improved Security
Often times many enterprises find that employees who are now dead or have left the company several months or years ago still have enterprise assets, active security badge or clearance, network and application access. Further, it also frequently occurs that when an employee changes jobs, they still inadvertently retain all their access control privileges from their previous job. In all cases, none of these are desirable from the enterprise security perspective.
Improving access control security is a process and not a product. Access control is only as strong as the weakest link in the process. It is therefore important to map out the main access control processes for all workers and then to evaluate the security risks associated with each end to end process. A good business case then takes the highest risk processes and addresses tem by rethinking the underlying business process, the provisioning and the access control technology and human training and involvement.
Improved worker productivity
Gaining all the access controls required for a new hire worker and/or contractor to do their job in most enterprises normally takes 5-10 business days. This results in significant down time which costs the enterprise hard dollars in terms of contractors and soft dollars in terms of lost productivity for the new hire employee.
A strong business case can often be made to improve productivity by streamlining existing access control silos. By integrating existing access control devices and business processes into a centralized identity management access control system, the down time for the worker can be minimal. Same day access to most facilities required, network and applications can be granted.
Business Case Conclusion
Access control is more than a product. It's a process. Rather than get caught trying to justify why you want to buy a specific access control product from a vendor, your time would be better spent preparing an overall business case for access control taking an end to end look at the processes and technologies. An experienced consultant can quickly help you uncover the profitable areas to focus on and prepare an overall access control strategy that is business case driven and tailored to your enterprise.
Role Based Access Control
Password Authentication Single Sign On Authentication Access Control Authentication Authentication-Enterprise Security Authentication Strength Authentication Transaction
Authentication Management User Authentication Authentication Federation Biometric Authentication PKI Authentication Token Authentication Wireless Authentication Document Authentication Authentication - Outsourcing
