Combine and standardise physical and IT security measures to minimise risk

Access & Identity Management Handbook 2007 Access Control & Identity Management

Organisations incur significant overheads, as well as generate increased security risks, when employees misuse or abuse network resources.

Serious losses – of financial and competitive edge in particular – are incurred when intellectual property or sensitive information leaves the confines of the organisation or when computer fraud occurs.

“Users on the inside have access to business critical system resources, making the network susceptible to attacks and exploitation through the use of their privileged status,” says Karel Rode, solutions strategist at CA.

Up to and including the early nineties, an insider was defined as someone who had physical access to a computing facility – typically an employee or the system administrator. Physical security was deemed to be sufficient, as a security guard was able to identify individuals – a precaution that was enhanced by the ‘second factor’ authentication of a swipe card.

“This principle is no longer applicable and an insider is no longer referred to as an employee of the company, as this would give a contractor or temp similar privileges. Additionally, the user may connect via a remote access connection, removing physical access considerations,” Rode says.

“Someone who has achieved insider privileges, by gaining access to a computer, could pose a potential threat. This means that significant technical controls to protect against privilege abuse are needed. Without the proper security policies and governance, it is hard to accurately identify the level of threat and even harder to appropriately implement preventative controls,” he adds.

Reducing the risk

So what can companies do to reduce the risk of information loss, whilst providing staff with the required access to network facilities?

One possible solution would be to merge physical and IT security, says Rode.

Rode suggests that the most practical point of departure would be for companies to look closely at their user populations and determine where the most accurate store of active users exists within the company. This might be the current HR system for permanent staff and some other data store for contractors and temps.

He adds that companies must reconsider their current process for issuing corporate badges to employees. As companies expand in large campus environments, employees might need access to multiple buildings where each location has a different physical access control system. This is a situation that may not be under a company’s control if the company is a tenant and does not have input into the building access systems.

Rode suggests standardising staff security measures. This would make it possible for the company to limit staff access to areas and resources that pertain to their role. Companies could even limit access to certain times of the day. This approach would benefit companies that want to limit shift workers who only need to access selected zones at specified times. Taking things a step further, companies that run IP video surveillance, would be able to track, monitor and record any instances where a violation or failed repeated access has taken place.

“This leaves us with the logical access to systems, resources, applications, files and folders. The logical access scenario will succeed if companies have a data classification standard in place, which they can use within the rule definition process. This will ensure that only designated users with specific group membership or directory attributes can gain access to read, modify or delete files, or access application resources within their designated realm,” Rode concludes.

For more information contact Karel Rode, Computer Associates, +27 (0)11 236 9152,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Touchless biometric options
Issue 6 2020, Entry Pro , Access Control & Identity Management
When it comes to estate access control management, the foremost topic of conversation at the moment seems to be the importance of touchless biometrics.

Fast access to Kevro production facilities
Issue 6 2020, Turnstar Systems , Access Control & Identity Management
Employee and visitor access at Kevro’s Linbro Park premises in Gauteng is controlled through eight Dynamic Drop Arm Barriers from Turnstar.

UFace facial recognition now in SA
Issue 6 2020, Trac-Tech , Access Control & Identity Management
Trac-Tech has secured the distribution rights to the UFace range of contactless biometric facial recognition and identity management IoT devices.

Non-contact entry alarm control
Issue 6 2020, Trac-Tech , Access Control & Identity Management
Trac-Tech will distribute the UVH-F3 non-contact entry alarm, available as either a fixed wall installation or a portable unit on tripod.

Paxton10 for smart buildings
Issue 5 2020, Paxton Access , Access Control & Identity Management
Paxton10, offering access control and video management on one simple platform, is available in the South African market.

Suprema enhances cybersecurity
Issue 5 2020, Suprema , Access Control & Identity Management
Suprema BioStar 2 is a web-based, open and integrated security platform that provides comprehensive functionality for access control and time and attendance.

A wizz at visitor management
Issue 5 2020 , Access Control & Identity Management
WizzPass is a locally developed software platform for managing visitors to businesses, buildings or business parks.

Contactless at the game
Issue 5 2020, IDEMIA , Access Control & Identity Management
IDEMIA partners with JAC to successfully test frictionless biometric access technology at Level5 Stadium in Japan.

Focus on touchless biometrics
Residential Estate Security Handbook 2020, Hikvision South Africa, Saflec, IDEMIA , Suprema, Technews Publishing , Access Control & Identity Management
The coronavirus has made touchless biometrics an important consideration for access control installations in estates and for industries globally.

Providing peace of mind
Residential Estate Security Handbook 2020, ZKTeco , Access Control & Identity Management
Touchless technology embedded with face and palm recognition sensors provide 100% touchless user authentication for a variety of applications.