Convergence/Integrated Solutions

From Padlocks to Passwords

Convergence of physical and logical security is quickly becoming a reality

ONE of the biggest buzzwords in the security market in the past few years has been convergence -- the tying together of physical access and logical access technologies which have existed in parallel worlds. Physical access technologies, such as building security systems and employee access cards, have traditionally been controlled by the corporate security department. Application passwords and firewalls have been the domain of the IT department. The networks, technology paths and user interfaces have been separate.

Physical access technologies, such as building security systems and employee access cards, have traditionally been controlled by the corporate security department. Application passwords and firewalls have been the domain of the IT department. The networks, technology paths and user interfaces have been separate.

In the past, the separation made sense. Since the need for physical access security predated the corporate use of information technology, corporate security departments focused exclusively on protecting physical assets through locks, surveillance and alarm systems, staffed mostly by people with backgrounds in crime prevention and law enforcement, not technology. Logical access security has been part of information technology almost since its inception and has always remained under the aegis of the IT organization. For the majority of these two disparate groups, the integration of physical and logical security technologies was neither an option nor a priority.

That situation is changing. As physical and logical security concerns mount, persistent issues, such as inadequate security policy and enforcement, continue. More and more organizations are asking why physical and logical security systems cannot work together to share data and strengthen each other. Now that the technology is catching up with the demand, it is becoming possible for companies to successfully merge the two culturally and technologically disparate worlds of building access and network access without massive investments.

With the convergence of physical and logical security technologies, organizations now have new opportunities to:

  • Strengthen and gain greater control over security of the organization.

  • Add a practical and affordable second authentication factor.
  • Better enforce physical and logical security policies.
  • Better coordinate security resources in critical and emergency situations.
  • Achieve compliance with regulations such as Homeland Security Presidential Directive (HSPD-12), a policy for a common identification standard for federal employees and contractors.

Why Convergence?
All organizations need to protect corporate assets -- whether it's preventing the theft of office equipment, providing a safe environment for employees and their belongings or keeping hackers, industrial saboteurs and terrorists from wreaking havoc on networks, applications and databases. Because physical and logical security traditionally have been handled by separate organizations and technologies, few companies realize the benefit of convergence.

As a practical definition, converged security refers to the integration of physical access technologies, such as magnetic cards and readers, with identity management and user authentication technologies such as tokens and proximity cards. The integration enables an organization to establish and manage a single, consolidated repository for all authentication credentials and to have a centralized means of setting access privileges for both physical and logical resources.

Identity-based convergence makes it possible for organizations to have one system for managing physical and logical access, a unified network policy for network and remote access that leverages location information from physical access systems, mutual exchange of events and alarms between physical and logical access systems, an identity-based reporting system for use in forensic investigations and a streamlined workflow for creating, deleting and modifying user identities.

Why Now?
The notion of converging physical and logical access security is not a new one. It has been around for some time, but historically, implementation has been a problem. Because physical and logical security systems have had little in common technologically, integrating them was a costly and complex proposition. The lack of interaction between the physical security experts and information technology providers also has hindered convergence.

However, an opportunity now exists for the worlds of physical and logical access security to come together at last. Here's why.

Widespread adoption of IP. In the past decade, IP has become the standard for corporate IT networking. Having a common protocol reduces wiring requirements, deployment time and cost, and enables convenient management and administration via Web browsers. These advantages have led more physical security device providers to make products IP-compatible. Today, many physical access devices are IP-capable, including cameras, card readers and access controllers.

Converging friendly solutions. More physical access security vendors are responding to customer demand and seeing the value in supporting convergence. Many are promoting standardized, application programming interfaces for integration with IT-based solutions. Converged solutions built around identity offer more comprehensive security protection and related benefits such as regulatory compliance and improved coordination when responding to emergencies or security threats.

Resources aren't secure by door locks and firewalls alone. As auditing for regulatory compliance becomes more widespread, more auditors are seeing the gaps in corporate security and alerting clients to take action.

Emerging standards. Standards, such as the Physical Security Bridge to IT Security, a vendor-neutral approach for enabling collaboration between physical and IT security to support overall enterprise risk management needs developed by the Open Security Exchange, a cross-industry forum created to address the lack of integration between various components of the security infrastructure, are being defined to enable easier physical/logical access security integration.

More cost-effective card token solutions. Recently, vendors have introduced a new generation of more affordable smart cards. Based on a contactless smart card chip, the widely-adopted cards offer a more secure token than the traditional 125 KHz Prox technology used with most access control systems, making the cards suitable for use in IT security.

The impact of single sign-on. As more organizations deploy SSO, which allows users to login from anywhere to all applications using a single, complex password, it is driving demand for strong user authentication and more comprehensive security policies for network and remote access. For instance, an employee cannot access the VPN if they have already badged into the office building.

New gateway technologies. A new generation of gateway technologies is targeting -- and fixing -- common convergence problems. These gateway products bridge the gap between the physical and logical systems to provide bi-directional exchange of identity information and real-time events.

As a result of these factors, converged physical/logical access security systems will no longer be too costly or complex to deploy.

Benefits of a Physical/Logical Solution
When logical and physical access security components work together, organizations can use the systems to complement and reinforce each other. A policy can be established that allows a user logical access to applications only if that user had first swiped their employee badge that day when entering a facility or restricted area. The synchronization leads not only to stronger, more integrated security, but also stronger overall security, as convergence allows organizations to manage all forms of security under a single umbrella for maximum control.

Convergence also provides companies with affordable, two-factor authentication, which is recommended by experts as the best protection against unauthorized application access. Convergence enables magnetic employee badges to be used as the second factor, sparing organizations the cost of additional smart cards, tokens or biometric scanning systems while at the same time strengthening IT security.

Converging physical and logical security offers organizations the ability to coordinate responses to problems and/or emergency situations. For example, when employees resign or are terminated, there is often a lag time of days or weeks between when their physical access rights and logical access rights are terminated. This situation often results in disgruntled former employees logging in remotely and stealing confidential data. Convergence prevents this problem by allowing organizations to terminate physical and logical access privileges simultaneously.

Another security concern that is solved with convergence is tailgating, a common problem in which a person without an ID badge gains access to a facility by following closely behind another person who has just swiped their badge. With convergence, logical access security can be set up to alert corporate security when employees who have not swiped their badges attempt to log onto PCs or to prevent a user from accessing to their PC until they swipe in, providing a means to better enforce badge-swiping compliance.

Convergence allows organizations to be compliant with emerging legislation and regulations. In 2004, the White House issued HSPD-12, which mandates a common identification standard for federal employees and contractors. Other governments and industry regulatory organizations are requiring similar standards. Converged logical/physical access technologies provide two-factor authentication that ensures compliance with the regulations.

All of these benefits -- plus the better protection, cost savings, risk reduction and increased compliance associated with them -- make converged logical/physical security a worthwhile goal for any security-minded organization.

Implications of a Converged Solution
What will it mean to corporate security when the worlds of padlocks and passwords finally converge? A number of converged physical/logical access security systems are expected to come to market within the next year. The organizations that deploy the solutions will be among the first to benefit from the enhanced capabilities offered.

For starters, organizations will gain a greater ROI from their existing infrastructure. By linking the two access security systems, companies can extract more value from the badges and proximity cards already deployed and fully leverage the existing infrastructure of readers and doors controlled by physical access control systems. Additionally, by incorporating data available on user location, time of badge in and badge status within the organization's network/remote access policy, companies are able to enhance perimeter security. Since the verification of badge status is necessary prior to granting access to the network, whether locally or remotely, the occurrence of security concerns, such as tailgating, is reduced.

Another benefit is improved user management, which enables the procedures for adding and removing users from physical and logical security systems to be streamlined and provides improved consistency of user demographics across all systems.

Also, with the physical and logical systems fully integrated, real-time response to network alarms is now possible, and companies have a more accurate emergency roster list. This, combined with the consolidated logging of entry and access records by true user identity, allows companies to experience overall improved risk management. A converged solution enables organizations to comply with various regulations, including HIPAA, the Gramm-Leach-Bliley Act, Sarbanes-Oxley, HSPD-12 and FIPS 201.

Bridge to a More Secure Future
With the momentum building behind the development of converged physical/logical access security systems, it is not too soon for companies to begin thinking about how the organization can benefit from the enhanced security and compliance the solutions will deliver. In fact, the best approach is for companies to begin formulating convergence solution plans now in order to ensure a sensible, affordable, smooth and incremental implementation.

This article originally appeared in the November 2006 issue of Security Products, pgs. 92-94.

Featured

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

Featured Cybersecurity

Webinars

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3