OneSign®
Physical/Logical

Closing Security Gaps Between Networks, Applications and Building Security.
Today, enterprise security systems operate in independent technology silos, causing potential gaps between the organization’s networks, applications and building security.

There is the logical security side that protects IT resources, and a physical side that restricts access to buildings and protects employees, but as organizations work to mitigate information theft and comply with data protection regulations, new initiatives are underway to leverage the combined power of all enterprise security systems, across all phases of the business in order to affect a stronger overall security posture.

Historically, connecting and gaining value cost effectively from these disparate systems has been considered impossible from a practical perspective – until now.

Imprivata OneSign^® Physical/Logical provides system level integration between both security environments to enable one comprehensive, converged policy for allowing or denying network access based on an employee’s physical location and badge events, role, and/or employee status.

Instant Network Lockout
Revocation of an employee’s building access badge is often the first security event to occur upon separation from the company. Unfortunately, a critical security procedure too often skipped or delayed is deactivation of their network access, creating a serious security gap of days, weeks, and sometimes never, whereby former employees may still gain access to company confidential information assets through their previous remote VPN credentials—greatly exposing the organization to the possibility of theft or destruction of information assets.

Through OneSign Physical/Logical, when an individual is revoked from the physical access control system, they are instantly locked out of network access – both local and remote VPN, effectively closing security gaps that expose the organization to risk of malicious behavior.

Enforce Anti-Tailgating Policy
For a strong overall security posture, and to effectively enact employee safety measures in the event of an emergency, most organizations have anti-tailgating policies which prohibit individuals from gaining entry to a workplace by following in on the heels of someone who has just “badged” into a door entry reader. Unfortunately, anti-tailgating policies are difficult to enforce without the physical presence of a security guard or installation of expensive and burdensome turnstile systems.

With OneSign Physical/Logical, companies can prevent tailgating by tying an employee’s network access to use of their physical access card and “location,” thus improving workplace security and the ability to conduct employee role calls in the event of an emergency.

Location-based authentication can be applied not just to external building access, but also to determine who can gain access to IT systems in a particular zone or room. For example:

• Only a valid email server administrator can log onto email servers within a secured room after they have first badged into the server room
• A proprietary materials application is only accessible to research scientists after they have badged into the lab
• A patient’s medical records are not accessible to clinical staff unless they have badged into the ICU ward

Consolidated Reporting.
For regulated industries, OneSign Physical/Logical provides centralized user access monitoring and consolidated reporting from both physical and logical systems to help organizations demonstrate compliance to a wide variety of regulations. Through consolidated user access reports, companies can also simplify and enforce policies such as fire and safety emergency procedures, dramatically reducing the risk of liability to your business. Further, integrated reporting improves the investigation process surrounding the sequence of events related to a security breach.

ROI. Right Out-Of-The-Box.
OneSign Physical Logical is purpose-built for flexible and rapid enterprise deployment. Imprivata’s appliance-based approach dramatically minimizes implementation time, infrastructure needs, and installation costs—accelerating your return on investment and lowering your ongoing support costs. You can also leverage existing investments, by utilizing current building access keycard and door readers for network authentication and access.

OneSign Physical/Logical can also be purchased alone or as part of The OneSign Platform^®, the technology solution that is helping more than 500 companies around the globe to achieve their most pressing Identity and Access Management security mandates with one easy, smart and affordable appliance-based solution.

What’s In The Box
Seamless Support for Popular Physical Access Control Systems
OneSign Physical/Logical offers complete non-intrusive solution integration and built-in support for the most powerful and advanced physical access security solutions, including:

• AMAG - Symmetry [details]
• Honeywell – Pro-Watch^® [details]
• Lenel Systems International – OnGuard^® [details]
• Nedap - AEOS^® [details]
• S2 Security - NetBox™ [details]
• Software House^® - C●CURE^® [details]

In addition, Imprivata’s Web services API provides a standard and easy way for Physical Access Control vendors to integrate their solutions with OneSign. Our web services integration method ensures quick time-to-market – and there is no special OneSign release required to support the integration.

Identity Mapping – One “Converged” Policy
OneSign Physical/Logical maps identities between physical access systems and IT directories to enable one converged policy for allowing or denying network access based on a user’s physical location and badge events, organizational role, and/or employee status.

Rapid Return
OneSign Physical/Logical is purpose-built for flexible and rapid enterprise deployment. Imprivata’s appliance-based approach dramatically minimizes implementation time, infrastructure needs, and installation costs – accelerating your return on investment and lowering your ongoing support costs. You can also leverage existing investments, by utilizing current building access keycard and door readers for network authentication and access.