Automate Your Access Control

Automate Your Access Control

It all comes down to managing efficiently and effectively

The effectiveness of access control really comes down to local decisions made at each door. However, enterprise systems are deployed and managed on a global scale, which presents a challenge of how to manage all those local access control decisions efficiently and effectively.

Access control has mastered automation at the local level when decisions are automated to ensure efficiency at the individual door. It’s quite simple. If a person wishing to enter a building possesses a credential, knows a keypad number or can demonstrate who he or she is based on a biometric such as a fingerprint scan, the door opens automatically without human intervention. Without that automation, a security officer is needed in order to grant access.

Automating access control on a global scale is a different endeavor. Typically, identity data must be entered manually into a system to produce a credential. If there are multiple access control systems, as there often are in large organizations, the data has to be entered several times, necessitating significant staff involvement to manage access control.

Information must be programmed into each system about where each user is authorized to go within a building or location. There are rules about when and where someone has access, and those rules have to be inputted manually as data in each different access control system for each location. Without global automation, the rules may be inconsistent, written down and filed away in a paper document, or simply remembered by a longtime employee. All of these manual functions weaken the effectiveness of the access control utility.

Software drives access control automation. There are solutions for additional automation at all levels of access control and identity management, specifically at the enterprise level. Unifying the elements of identity and access control systems can be achieved using software. Software can store and update the rules of access control and the identities of the users and can interface with each system to provide information to enable every localized access control decision.

Most important, software can build a layer across many disparate systems to create a single identity for each individual in the organization. Integrating physical with logical security systems, software can ensure synchronized and policybased on- and off-boarding of identities and their physical access levels across multiple systems.

This transformation of an enterprise’s identity and access control operation involves two types of automation.

Process automation. By automating more processes, software can minimize human involvement, human error and the costs associated with both. Manual processes are a weak link in any organization’s identity management system. Inaccuracy is one issue; another is neglect. The multiple tasks competing for an employee’s time and attention might lead even a good employee to neglect or delay a manual task related to identity management. In either case, the result is an unacceptable level of risk to the organization.

An identity might not be properly on-boarded, off-boarded or vetted. Manual processes also create a separate data silo of information that doesn’t interface with any other system within the organization and is not part of a unified system of identity management. Automating manual processes ensures efficiency and accuracy while eliminating multiple big—and unacceptable—factors that can undermine an enterprise’s security.

Rules automation. Rules-based software can bridge the gap between technology and operations by integrating adherence to security policies as part of a unified identity management program. A company’s rules of operation—who has access where and when, as well as any regulatory requirements—can be incorporated into the software. Software can automate and enforce global physical security policies and help to ensure both governance and compliance using an organization’s existing physical security and IT infrastructure. Unifying hardware solutions with security policies using rules-based software that is custom-configured to a site’s specific needs is a cost-efficient and effective route to managing risk. Automation adds value both by ensuring compliance with enterprise rules and regulatory requirements and by doing so at a lower cost.

Benefits of more automation. There is a significant need for more automation at the management level of access control systems. Administering multiple systems and keeping up with identities throughout the organization takes time and energy from the security department—time and energy that could be better spent on other security contributions. Existing systems may be inconsistent or poorly enforced, which also compromises security.

Software-based automation can benefit today’s companies in a wide range of ways.

Compliance. Software enables organizations to automate compliance initiatives in real time and to create a transparent, traceable and repeatable global process to manage governance and compliance. Strict governance of security controls across both physical and IT infrastructures and managing risk on a holistic level enable compliance to regulations such as Sarbanes- Oxley, ISO 27000, NERC/FERC and CFATS. Software features include real-time monitoring and remediation, built-in risk analysis and compilation of key data across the physical security infrastructure.

A closed-loop approach automates assessment and auto-remediation based on user-defined controls. Integrated infraction management automatically triggers notifications and/or changes access privileges. Software defines, audits and enforces segregation of duty (SOD) policies across the physical infrastructure.

Cost reduction. Most physical security operational costs are tied into management of identities, events and compliance across multiple physical security systems. Automating these systems lowers costs and contributes to greater efficiencies, while streamlining operation lowers operational costs. Unifying hardware solutions with security policies using rules-based software that is custom-configured to a site’s specific needs is a cost-efficient and effective route to managing risk.

Better security. Manual processes can lead to weakness in security, such as if an identity is not off-boarded in a timely manner. Access control systems that operate efficiently and interoperably contribute to more consistent and stronger security.

Managing information corporate wide. Software that addresses identity and access issues enterprise-wide also represents the point of convergence of physical and logical security systems. Identity management is that point of convergence, control of identity related to physical systems and logical systems, which equates to a new level of security for all systems. Software both automates management of physical access control systems and enables incorporation of these systems into an overarching identity management system that includes all facets of an operation, providing associated cost, operational and regulatory benefits at every level of operation.

This article originally appeared in the March 2013 issue of Security Today.

Featured

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

  • DHS to End ‘Shoes-Off’ Travel Policy

    Homeland Security Secretary Kristi Noem announced a new policy today which will allow passengers traveling through domestic airports to keep their shoes on while passing through security screening at TSA checkpoints. Read Now

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.