Security up front

Access & Identity Management Handbook 2005 Access Control & Identity Management

First impressions count! Both the interview candidate and the salesperson dress smartly, shine their shoes and put on their most confident smiles. So too the architect who uses the front lobby of a building to create an upbeat image of grandeur, solidity, and welcome to those entering. Polished wood and stone, pools and fountains, flowers and trees, and vaulted ceilings all promote an ambiance of success, dignified calm and well-being.

To match this ambiance is an inviting receptionist protected by a desk, a telephone, and a visitors' sign-in book. Through the usually large reception area pass clients, salespersons, stockholders, consultants, VIPs, executives, and full- and part-time employees. Other people such as office equipment technicians, messengers, employees' spouses and children, ex-employees and interview candidates also pass through this space. If the reception area is the only entrance, add janitorial staff and construction workers to this mix.

Yet entrance areas also provide the initial impression of the level of security in an organisation. For small businesses whose employees, operations, information, and products are not at risk, identification and control of those who pass through the entry presents little problem. For larger businesses with valuable products, trade secrets, and confidential or sensitive company information, controlling access from the lobby to the rest of the facility is a real necessity. Methods and processes to accomplish effective security must be carefully planned if the architect's vision of how the lobby should look is to be maintained.

Unfortunately, the security professional is often presented with a fait accompli, a final design that is non-negotiable, or with an existing lobby that is too expensive to restructure. Early involvement of the security manager with the architect is the best cure for such headaches.

To create a secure working environment - secure for employees as well as for other corporate assets - the most fundamental precept of access control must be applied: everyone entering the facility must be identified and have a legitimate purpose for being there. People are processed most easily if employees with readily identifiable credentials can be physically separated from non-employees. A post with an automated credential-reading system or a separate employee entrance with a security officer who can recognise faces or check badges is the most effective solution.

Depending on the size and nature of the facility, a third processing point for service representatives, janitors, and other contract staff may be considered. Alternatively, such semi-permanent visitors could be issued badges to use at the employee entry point or points. Take special care to ensure such badges provide only limited access.

Address three major issues to ensure harmony among security, architecture, and actual use. These are architectural design criteria, systems considerations, and procedural elements.

Architectural design criteria

Ultimately, the entry area layout and design must rest with the architect. The following design criteria or constraints the architect should consider to maximise security are keyed to the accompanying exhibit.

1. Reception desk: Position the desk to provide the receptionist with the best view of doorways and persons who have not been processed. Include a flat surface at a suitable height for visitor sign in.

2. Employee entry: If controlled by an automated credential-reading system, position the entry as far away as possible from visitor traffic, preferably at a separate entrance. If no systems are used, a guard post may be needed for employee identification.

3. Visitor entry: Psychologically, a receptionist is more likely to challenge a visitor passing to the secure side of the premises who does not have prior authorisation if the receptionist does not have to raise his or her voice. Therefore, visitors should be tunnelled to the reception desk and should not be able to access the secure side without passing close to the desk. Ideally, the receptionist should be able to unlock a gate or door to control the passage of processed visitors.

4. Visitor amenities: Telephones, restrooms, and waiting areas should be kept on the unsecured side, especially if visitors must be escorted once they are on the secure side. Pay phones should be within the sight of the receptionist.

5. General traffic: Traffic unrelated to the reception function should be kept away from the entry processing area.

6. Barriers: These may be solid walls, planters or velvet ropes depending on the degree of security needed.

7. Conference room: For short meetings a small conference room in the visitor reception area negates the need to process visitors or to allow them into sensitive or secure departments.

8. Messenger centre: Arrange a separate drop-off counter for packages, lunches, and other small deliveries.

Procedural elements

The degree of visitor processing depends heavily on the level of security. At one extreme, anyone who is not carrying an axe in his or her hand or who does not look like a hobo can walk past the desk. At the other extreme, visitors must have made prior written request, must provide positive identification, and may have to leave a driver's licence or other valuable identification at the desk. These visitors may also be subject to personal and package searches and must be escorted at all times. The requirements of most facilities fall between these extremes.

The following are some suggestions to make visitor processing effective:

* Even if visitors are required to sign in a book, the information is worthless unless supported at least by a business card.

* Issue visitor badges that indicate the date, department or person being visited, and the visitor's name. Visitors should be required to return their badges to the reception point when they leave, preferably signed by the employee being visited.

* Call the person being visited to confirm the appointment, and if policy requires it, ask for someone to meet and escort the visitor. A signature by the escort when the visitor is collected will remind the employee of his or her security duties.

* Receptionists should be trained to observe signs of drug dependence - the visitor may deal in more than just the company's products.

* If badges are the selected means of employee identification by a security officer or by a badge reader, those who arrive without them should be directed to an alternate entrance.

Different business settings or building structures such as high-rise office buildings provide the biggest challenge to effective entry control. Since high-rises are located mostly in high-density, urban areas, these buildings are at higher than normal risk from crime.

If the building is occupied by a single tenant, street-level, lobby-entry processing coupled with additional controls (either receptionist or automated systems) on sensitive floors is relatively easy to implement. A separate area for visitor processing is preferable as is a messenger centre for packages, lunches and unusual deliveries. Messengers should not be permitted to roam the building freely.

Multitenant buildings are more difficult to secure. Building management may provide security officers with sign in sheets for off-hours. The officers may challenge anyone carrying out a package without a property pass. However, these controls are usually worthless. Anyone, even a person who looks like a derelict, with an envelope or a box of sandwiches along with a company and employee name perhaps taken from the building directory has access to the elevator banks.

A tenant that occupies multiple floors and enjoys a dedicated elevator bank can provide effective security at the elevator bank lobby. Once again, if space is available, lobby-level visitor and messenger centres make entry processing more controllable.

For tenants who occupy a single floor, their own elevator lobby is an obvious control point. If two or three contiguous floors are leased to a single tenant, using internal stairs and programming the elevators to stop on only one floor especially during off-hours allows for economical single point control. Where there are multiple tenants on each floor, tenants must control access at their own company's front door.

Except where the building has a sole occupant, beware of fire stairs and back doors. In a multitenant environment, no occupant has control over who is using the stairways so someone may be allowing free access to that space. Stairwell doors should be secured against re-entry to the greatest extent possible within fire codes. The regular use of fire stairs by multifloor tenants should be carefully examined and appropriate controls implemented.

In a campus-style environment, the pastoral setting of multiple buildings spread across green and wooded acreage in a rural area appears to be a far cry from the urban high-rise. But from a security viewpoint, it may have as many holes as a sieve. The multiple entry points for each building compound the control problem.

Ideally, the campus should be secured at its perimeter. But zoning restrictions, aesthetics, ineffective barriers, and the costs of both implementation and operation often force the controls inward to the buildings themselves. If buildings are linked by pedestrian tunnels or enclosed walkways and are all within reasonable walking distance, one centralised, controlled entry lobby for visitors is most effective. Card readers can be installed on other building entrances for employee use.

If buildings are spread out and distances greater, multiple visitor reception points may be needed. A small lobby with a receptionist or security officer controlling access to the interior of the building is typical. If personnel economies are needed, a telephone in a secured lobby may be all that is required - the person being visited greets and escorts the visitor.

Security is a subjective discipline. The selection and application of protection solutions are often controlled by perception, corporate culture, public image, and the wishes of the company's top management. The guidelines discussed here cannot be implemented in a vacuum but must be customised to suit the security needs and operating style of each facility.

First impressions are important - the entry lobby not only sets the tone for a company's image but also provides the opportunity to project to both visitors and employees the organisation's security posture and expectations.

Access control need not hamper or menace daily operations. Through a close working relationship between the architect and the security consultant, the process should seem natural, businesslike and efficient.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Access Selection Guide 2024
Access Control & Identity Management
The Access Selection Guide 2024 includes a range of devices geared specifically for the access control and identity management market.

Biometrics Selection Guide 2024
Access Control & Identity Management
The Biometrics Selection Guide 2024 incorporates a number of hardware and software biometric identification systems aimed at the access and identity management market of today.

Smart intercoms for Sky House Projects
Nology Access Control & Identity Management Residential Estate (Industry)
DNAKE’s easy and smart intercom solution has everything in place for modern residential buildings. Hence, the developer selected DNAKE video intercoms to round out upmarket apartment complexes, supported by the mobile app.

Authentic identity
HID Global Access Control & Identity Management
As the world has become global and digital, traditional means for confirming authentic identity, and understanding what is real and what is fake have become impractical.

Research labs secured with STid Mobile ID
Access Control & Identity Management
When NTT opened its research centre in Silicon Valley, it was looking for a high-security expert capable of protecting the company’s sensitive data. STid readers and mobile ID solutions formed part of the solution.

Is voice biometrics in banking secure enough?
Access Control & Identity Management AI & Data Analytics
As incidents of banking fraud grow exponentially and become increasingly sophisticated, it is time to question whether voice banking is a safe option for consumers.

Unlocking efficiency and convenience
OPTEX Access Control & Identity Management Transport (Industry)
The OVS-02GT vehicle detection sensor is the newest member of Optex’s vehicle sensor range, also known as ‘virtual loop’, and offers reliable motion detection of cars, trucks, vans, and other motorised vehicles using microwave technology.

Protecting our most vulnerable
NEC XON Access Control & Identity Management Products & Solutions
In a nation grappling with the distressing rise in child kidnappings, the need for innovative solutions to protect our infants has never been more critical. South Africa finds itself in the throes of a child abduction pandemic.

Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.

Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.