Combined systems ease the burden on physical security, IT compliance

November 2007 Access Control & Identity Management

Security policy has typically meant different things to different people within an organisation.

The facilities management department covers all physical access points, teaching staff to lock all doors and windows before leaving for the night. IT managers keep up to date with the latest patches and ensure users only access the applications and data they are allowed to access.

Despite the common purpose, physical and logical access technologies have existed in separate, parallel worlds for years. Physical access technologies, such as building security systems and employee access cards, are controlled by the corporate security department. Application passwords and firewalls are the domain of the IT department. Each group’s respective networks, technology paths and user interfaces are completely separate, and there is no coordination between the two departments.

Today, however, enterprise security is changing dramatically. Technological advances have finally caught up with security theories, and now many organisations are looking to bridge network (logical) and building (physical) security operations together for unified, enterprise security management.

At the heart of this intersection is security policy.

Enterprise security management

Enterprise security is governed by established policies employees are required to follow. Both physical and logical sides of security are tasked with ensuring respective policies are being enforced and actually adhered to by staff on a consistent basis. However, making security policies stick can be tough, especially if it changes the way employees have been working.

For a facilities management department, physical security policies can take many forms. For organisations with door access security, badging into the building is a mandatory requirement for all staff. This creates a problem – the ability to prove everyone who has entered the building has actually badged in. Employees oftentimes walk in at the same time as another employee who has already used their badge. This process, known as tailgating, results in no record of an individual coming into the building. This not only breaks the organisation’s security policy regarding physical access to the enterprise, but it also means it is more difficult to build up a complete list of who is in the building in the event of a fire or other security threat. The result of the behaviour is a gaping hole in the physical security side of the enterprise.

Securing access

By linking the physical access system to the IT infrastructure, employee behaviour can be enforced more strictly. For example, if an employee does not badge into the building, their access to IT assets can be denied. When logging in, the network can automatically query the building access system to check if the person has signed into the premises. If they have not, access will be denied until they present their card.

A building access card also can be used as a factor for gaining access to the IT system. By linking a user’s password to the building access card, an organisation can roll out strong authentication for staff without having to invest in additional tokens, biometric readers or another form of two-factor authentication. As most building access cards are short-range RFID devices, a USB reader connected to the PC also can act as a method for secure network access.

Using a building smartcard as an authentication method to gain access is not new. However, previous approaches to using the cards have not integrated the typically disparate systems. Instead of linking the two systems together and allowing the IT access system to query the building access server, a user within an organisation will sign into two separate, siloed systems that happen to use one smartcard. The combined approach integrates building and IT security at a system level and allows security policies to be managed and enforced across the physical and network layers.

Uniting facilities management

Convergence of physical and IT security brings with it the need for businesses to change approaches to managing these areas. Traditionally, there have been distinct areas of the organisation responsible for managing IT and physical security. The facilities management department would cover the physical side of enterprise security, while IT issues would be handled solely by the IT manager and team. As these two divisions have completely separate budgets and targets to meet, there is no reason to cooperate on projects.

This situation is changing. As more physical security systems rely on services provided by the network, IT will ultimately be called to participate in the design and support of physical security systems. A converged management approach allows both departments to get the information required at a lower cost than what would be possible through separate systems.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

HID addresses identification challenges at ID4Africa
August 2019 , News, Access Control & Identity Management, Government and Parastatal (Industry)
Being able to verify people’s identities is critical for a nation’s growth and prosperity and yet HID says nearly half of all African citizens can’t prove who they are to vote, travel freely and receive government benefits and services.

Read more...
Came acquires Turkish company Özak
August 2019, CAME BPT South Africa , News, Access Control & Identity Management
Came broadens its market horizons and signals growth and consolidation in the Middle East.

Read more...
The benefits of electronic visitor management
August 2019, Powell Tronics , Access Control & Identity Management, Residential Estate (Industry)
Access control is a critical aspect of estate security as it represents the controls put in place to restrict entry (and possibly exit) along the outer boundary of the location.

Read more...
Addressing risks by means of access control layout and design
August 2019 , Access Control & Identity Management, Security Services & Risk Management
In order to develop a suitable, practical and appropriate security system for any organisation, it is essential to first develop a master security and life safety plan strategy.

Read more...
Secure hands-free access
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry)
Suprema’s facial biometric terminals bring no-touch access into secure residential estates, high-rise apartments and luxury homes providing fast, easy and intuitive user authentication with the added benefit of hygiene.

Read more...
MorphoAccess Sigma Extreme
August 2019, IDEMIA , Products, Access Control & Identity Management
MorphoAccess Sigma Extreme from IDEMIA is a touchscreen device with multiple recognition device interfaces (NFC chip reader, PIN and BioPIN codes, contactless card readers).

Read more...
Outdoor access terminals
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry), Products
Rugged, dust- and weather-proof access control solutions that provide exceptional durability in extreme conditions is a strong requirement for many residential estates.

Read more...
MorphoWave Compact
August 2019, IDEMIA , Products, Access Control & Identity Management
The MorphoWave Compact captures and matches four fingerprints on either the right or left hand in any direction. It is robust to environmental factors such as extreme light or dust.

Read more...
MorphoAccess Sigma Lite
August 2019, IDEMIA , Products, Access Control & Identity Management
IDEMIA’s MorphoAccess Sigma Lite and Lite + are fingerprint access control terminals, offering time and attendance in and out function keys.

Read more...
Eliminating forced gate opening scenarios
August 2019, ET Nice , Home Security, Access Control & Identity Management
When activated by the gate forced open alarm feature, the transmitter transmits a wireless alarm signal up to 750 metres in any direction.

Read more...