Checklist for converged access control solutions

Access & Identity Management Handbook 2009 Access Control & Identity Management

Jeremy Kimber, Honeywell’s EMEA marketing leader, lays out the key points to consider when choosing a converged access control solution.

In the past few years, perhaps no security industry buzzword has been defined in articles and promotional materials as many times as ‘convergence’. These definitions have most commonly referred to the integration of physical security and IT systems, with occasional elements of building control. These definitions, while helpful to end users, beg the ultimate question: 'How do I make it work?'

Convergence uses data generated by both physical security and IT systems to drive both business process efficiency and security, and its framework defines a migration path for organisational growth. Here are some basic elements required to ensure a solution is truly converged.

Common security policy management and control

The IT infrastructure is the backbone of a converged solution, sharing knowledge of key business data across systems. The physical security system does not inherently know critical business data such as employee status, staffer security clearances and training certifications. A computerised HR system, though, often has this knowledge. IP-enabled security systems therefore allow users to take advantage of fixed investments and improve return on investment (ROI).

Developing common protocols for managing access to company assets and data enables more efficient provisioning and management. An organisation develops role-based policies that can manage badge issuance, enrolment and revocation processes by leveraging XML/SOAP interfaces for integration with identity management solutions. The key benefit is that building security personnel continue to use tools best suited to their jobs and HR personnel continue using HR tools.

Organisations should identify:

* Authoritative sources (the system that has the ultimate say) for each person who has a building badge or an IT account.

* Sources (IT systems or people) of key data used to determine whether a person has permissions to use a resource or access an area.

* Compliance or audit needs where the data exists on multiple systems.

* Any business or security concerns that are unique or are especially important to an organisation.

* Key business processes (onboarding, offboarding, change of position) and determine the responsibilities of different systems.

* A policy platform that supports customisable workflow creation tools to easily model processes and approvals.

Common user provisioning

Convergence drives the business to contemplate the inter-relationship of physical security on IT security and vice versa. How many organisations can definitely claim that terminated employees or contractors are immediately removed from their building access control systems? How many are confident that a former employee who tailgates into the building does not have active IT accounts? How many are confident current employees would recognise former employees and know the person has been terminated? Provision dynamics are evolving and driving user permissions in non-IT and external IT systems.

Organisations must:

* Determine how many terminated employees or contractors still have active building badges and IT accounts.

* Determine how many contractors who have not been on site for the last three months still have active building badges.

* Perform studies to see if anyone questions tailgaters.

* Benchmark how long it takes for someone to be provisioned or de-provisioned.

* Educate employees on security risks.

Single access credential

Building security starts with a badge, often a proximity card. IT security, meanwhile, starts with a user name and password. When organisations want to add more security to a card, they can add a PIN or a biometric. As IT systems look to increase security, however, the choices are not equivalent.

Organisations can add:

* An RSA token or biometric that authenticates the correct person.

* A contract smart chip – embedded either in a card or in a USB dongle – that authenticates the correct person, and is also used for non-reputable digital signatures. Digital signatures are important in regulated environments to verify a person did approve or take action. A single-card solution that includes a contact smart chip for IT and proximity technologies (contactless smart or 125 kHz proximity) enables the organisation to manage one resource for each employee, thereby minimising both material and administrative costs. An optimised card issuance process allows building security to continue issuing badges and the badge issuance process will be connected to IT systems for provisioning as a single process.

Steps to take:

* Building security teams should discuss access credentials with their IT counterparts to identify opportunities to leverage cards across the organisation.

* IT departments should review authentication and PKI requirements/needs.

Correlation of events

By connecting systems, organisations can correlate seemingly disparate physical and IT security events. For example, it may not seem suspicious for an employee to download large amounts of data. However, system correlation might show the employee only downloads the data when he is in the room by himself.

Organisations must identify:

* Thresholds of normal employee behaviour by job classification. It may be necessary to audit current behaviours.

* Business events that may cause security breaches (receipt of a resignation notice, termination for cause, unexpected change in work hours).

* IT resources and/or locations with sensitive information (intellectual property, identity data) and develop a plan to lock down for normal security levels and for a heightened security level. Organisations must determine the return on risk for each sensitive item and develop security response plans accordingly.

* Normal usage for each sensitive resource and what would be considered abnormal (downloading all customer data or customer credit cards).

Convergence provides substantial benefits

Convergence is the first step for any organisation to connect its critical systems to provide a comprehensive and coherent security policy. By integrating systems to share information, an organisation can see vulnerabilities in realtime and link IT security events with physical security responses. These abilities all drive realtime security policy management. The next step will be proactive threat management, which enables correlation of realtime information with historical information. The system will learn how to manage the current environment and react in a realtime manner, increasing system value and improving ROI.

The system, for instance, can classify behaviour such as a certain employee trying to access random doors every few days or unusual behaviour by a subset of employees who all had security clearances processed by a specific adjudicator. Using a converged system can reap substantial benefits and will provide additional benefits in the future as convergence continues to evolve. How organisations choose to implement these new toolkits is up to them and their individual security and compliance requirements.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Choosing the right biometric technology in the new normal
Issue 9 2020, IDEMIA , Access Control & Identity Management
Selecting the right biometric data that delivers according to your requirements is crucial to ongoing success. So, how do we select the appropriate biometrics to meet our needs?

Read more...
Keeping COVID in check
Issue 8 2020, Suprema , Access Control & Identity Management, Healthcare (Industry)
Suprema thermal camera solution helps prevent the spread of COVID-19 in South Korea in a focused healthcare approach from government.

Read more...
Scorpion Spike Barriers for St Helena Bay
Issue 8 2020, BoomGate Systems , Access Control & Identity Management
The Port of St Helena Bay, along the west coast of South Africa, gets a security upgrade in the form of the Scorpion High Security Spike Barrier.

Read more...
Gallagher unveils new T30 access reader
Issue 8 2020, Gallagher , Access Control & Identity Management
Gallagher has launched the new T30 card and PIN reader with two-factor authentication, designed to offer an extra layer of security without the display screen.

Read more...
Speeding into the office
Issue 8 2020, Turnstar Systems , Access Control & Identity Management
The Firs commercial property is situated in the heart of Rosebank – Johannesburg’s second largest business centre – surrounded by new commercial, residential and retail property developments. Rosebank ...

Read more...
Paxton introduces Checkpoint Control
Issue 8 2020, Paxton , Access Control & Identity Management
Paxton’s new Checkpoint Control feature supports COVID-secure sites and helps Net2 users protect employees and visitors by monitoring and approving people as they enter buildings.

Read more...
Turnstar secures MTN
Issue 8 2020, Turnstar Systems , Access Control & Identity Management
Turnstar Velocity barriers and Velocity Raptor spike vehicle barriers form part of the physical access solutions that secure the MTN head office in Johannesburg.

Read more...
Net2 integrates with additional thermal scanners
Issue 8 2020, Paxton , News, Access Control & Identity Management
Paxton has updated Net2 to include six new thermal temperature scanning integrations to assist in managing the pandemic.

Read more...
Touchless access control conference
Issue 8 2020, Hikvision South Africa, IDEMIA , Suprema, Technews Publishing , Access Control & Identity Management, Conferences & Events, Training & Education
Hi-Tech Security Solutions hosted an online conference in mid-August to highlight the new trend towards touchless access control. The conference hosted speakers with experience in the access control, ...

Read more...
VisionPass wins SIA award
Issue 8 2020, IDEMIA , News, Access Control & Identity Management
IDEMIA announced that VisionPass, its newly launched advanced facial recognition device, won the SIA New Product Showcase Award.

Read more...