Woman scanning doorway to enter building

What Is PIAM and Why Do I Need It If I Have PACS?

Modern workplaces are swiftly expanding, both physically and digitally. As such, some organizations now resemble a spider’s web of countless networks, software, processes and systems. Organizations are adding new solutions to their spider’s web of existing ones in order to accommodate evolving access challenges and business needs but are rarely achieving unity and integration between them.

This leaves physical and IT security professionals — who are trying to manage employee, visitor, contractor and vendor access — with a headache as they face: the need to consider multiplying systems and processes, siloed departments with no collaboration, various locations and diverse teams with differing access requirements. This often results in an organization hindered by disconnected and manual processes.

But what if there were a common solution that could sit above all these existing departments, systems and sources, and act as a single point to manage physical and logical access across an entire organization? That’s where physical identity and access management (PIAM) comes in.

How Things Might Currently Look

The basis for securing physical locations, buildings and assets is fundamentally through physical access control systems (PACS). These systems protect organizations by ensuring that access to secured locations is only granted with an authorized credential — including smart cards, keys, mobile apps and more against a reader.

The infrastructure ensures that essential security is met throughout a physical organization. Now consider the evolving access activities that go on inside an organization — various types of identities such as employees, visitors, contractors, customers and vendors. While PACS ensures that access is either authorized or unauthorized, what about the complete lifecycle of the identity attempting this access? What are the reasons behind it? On what basis was this person granted access and what do they need it for? Traditionally, organizations must conduct multiple manual processes across various systems to retrieve this information and take actions.

Advancing Access With PIAM

A PIAM solution captures all information relating to an identity, and gives organizations visibility into the who, what, why, when and where of every access activity across their business. PIAM is about granting, controlling and understanding access control on a more granular level to increase overall security and compliance. There’s more to it than that though — it's also about simplifying operations and reducing cost in terms of time and money.

So, What Exactly Is It?

A PIAM solution acts as an intelligent layer that sits above multiple systems and locations in your organization, it serves as the one single place where the organization can control access at a role, policy or attribute level.

It gathers information from:• Physical access control systems (PACS)• Tenant Access Control• Biometrics• Training systems (LMS)• Human Resource Databases• IT/Active Directory• Watchlists and databases• Other third-party systems• Provision, manage and validate all identities, not just permanent employees — contractors, visitors, customers and more• Authorize and manage access• Manage badges and credentials that can be used to authenticate digitally, open doors and more• Manage access requests and changes• Conduct audits and reports• View automated reporting analytics To give organizations a simple, single, location where they can:• Reduce workplace risk caused by internal and external security threats• Break down silos between different operational departments and processes, such as facilities, IT and security• Gain better control over thousands of convoluted physical IDs, including extended identities (contractors, partners, visitors etc.)• Reduce security and administration operational costs• Stay compliant with regulations and internal controls by creating a singular, global access and credentialing policy• Optimize resources• Reduce manual on-boarding and off-boarding processesWhich enables them to:

But How Is It Different From PACS?

Here are a few examples of how PIAM is different from PACS.

PACS opens doors based on a valid credential. This means that if it sees a valid card or credential, it will grant access.PACS grants access to a valid credential with no knowledge of the surrounding activities for that credential.PACS plugs into an HR system to populate the database.PACS accounts for people who are in your HR system.PACS is focussed on physical security systems.But what about the information behind the authorization of the credential?But what if there is risk or threat attached to the person that has been granted access?But how are access rights then determined? What about the manual processes (email chains, paperwork) involved in creating policies and setting access?But what about people who are not?But what about the lack of integration this leaves between physical and IT access and other sources of information?PIAM provides the who, what, where, when and why of access to give organizations better insight and more efficient control of their security processes.PIAM can analyze usage patterns and other context around an access request to determine risk and then trigger additional workflows to ensure security is maintained. It can also ensure access is only granted once pre-requisites have been fulfilled, such as training or watchlist screening.PIAM can automate policy based on location, job role, hierarchy and more in order to determine access rights. It can pull information, such as training and screenings, to determine access rights and reduce back and forth between departments.PIAM is the missing ingredient that takes advantage of more sources to manage extended identities – employees, visitors, contractors, vendors, customers and tenants.PIAM addresses this and enables convergence between physical and logical security systems and can issue and manage converged credentials to reduce duplicate identities and tighten security.

PIAM aims to modernize traditional physical security systems and processes that can make compliance to internal and external regimes difficult. HID provides solutions that integrate with current PACS to avoid rip-and-replace, and instead maximize the potential of your current systems. Discover our solutions here, which are available for small, medium and large complex enterprises, all the way to specific verticals.

Stay tuned for the rest of our PIAM educational series where we’ll explore the use cases an effective solution can solve, and the time and money you can save. In the meantime, you can learn more about how PIAM can help you simplify workplace access in our eBook, Identity as the Only Perimeter.

Andrew Bull is the EMEA Sales Director of the Workforce Identity Management in IAM Solutions. He brings over 25 years of experience in physical access security. Prior to his current role at HID, he supported HID SAFE within global banking organizations and other solutions within PACS. Andrew previously worked for JCI (Cardkey) and Honeywell. As an active member of UK ASIS Chapter, he enjoys speaking on a variety of identity and access management topics.