Getting Involved - Physical security administrators and IT departments have both gotten much more involved with each other in system deployment decisions, ever since video surveillance first began transitioning from analog to network cameras.

Getting Involved

CIO and CSO see changes as information and facility security converge

Physical security administrators and IT departments have both gotten much more involved with each other in system deployment decisions, ever since video surveillance first began transitioning from analog to network cameras. This trend is accelerating now that ID cards and mobile phones are being used together for both physical and logical access.

The CSO and CIO must work together to clearly understand today’s threats and how best to combat them, while also coordinating system workflow and security enhancements. They also must collaborate on all aspects of designing, implementing and maintaining robust security capabilities, while also understanding and following best practices that extend across physical and logical access control.

Best Practices for Convergence

Physical security professionals helped spur security convergence with the transition from analog to network security cameras. IT departments now play key roles in purchasing decisions and daily oversight in this area. Meanwhile, there has been a push to integrate video, access control, intrusion detection and other system components into Physical Security Information Management (PSIM) and other unified systems.

A capability called tap authentication provides an additional push toward unified solutions. Tap authentication enables the same card used to open a door to also be used for logical access control. It can be tapped to a laptop, tablet, phone or other Near Field Communications (NFC)-enabled device to access data, cloud apps and web-based services. Tap authentication replaces dedicated one time password (OTP) solutions for permitting access to computers, data, applications and cloud-based services. The same smartphone and other mobile device that the user tapped his card on can also be employed as a trusted credential for unlocking doors and opening gates.

Realizing these capabilities requires an access control platform based on open standards that can support the move to mobile access control, converged solutions, and web-based credential provisioning. In the case of mobile access control, the best deployment route may be a gradual one in which upgraded readers are phased in over time. In other cases, it may make better economic sense to upgrade everything at once, without taking the time and expense to evaluate each reader and panel and making a case-by-case decision.

There are other questions to answer. Does everyone in the organization need mobile access on their smartphones for opening doors? Will the company be provisioning mobile access only to company-issued devices, or will it support a BYOD model? Many organizations have a mobile device management platform (MDM)—corporate apps are published and run in a specific container on the user’s mobile device. Making sure the mobile access solution is interoperable with this MDM platform can be important, especially if the platform is also used to control security settings.

In general, the access control platform should support as broad a range of smartphones, tablets and other mobile devices as possible. There shouldn’t be any requirement for additional sleeves or other accessories to support various devices, and there should be an equally smooth experience regardless of mobile platform. Solutions that support various read ranges and gesture technology offer additional benefits. They enable phones to open doors by tapping them to a reader or twisting them from a distance as a user drives or walks up to it.

Organizations need to determine the types of doors that should be mobile-enabled, at which entry points, and what kinds of features to include. For instance, parking garages, main entrance doors and elevators can all benefit from the convenience of a longer read range. Conversely, a tap experience is better in areas where there are multiple readers in close proximity to one another, because they minimize the risk of a user opening the wrong door.

The same access control platform that offers these innovative mobile ID capabilities for facility security can also fulfill numerous logical access needs. This includes enabling tap authentication for accessing network resources, cloud apps and web-based services. A faster and more seamless and convenient solution than using dedicated OTPs and display cards or other physical devices, tap authentication reduces the need for complex passwords and diminishes password fatigue. In many enterprise environments, it can require 20 or more logins each day to access data and services. Tap authentication eliminates this situation, enabling users to authenticate to multiple apps and services on multiple endpoint devices without having to recall and re-type additional codes and passwords. Users can take advantage of a single smart card to seamlessly access data, login to cloud resources and open doors.

Tap authentication is particularly attractive for mobile device users, giving them secure access to corporate cloud applications, data and services anywhere, at any time, from their preferred mobile device. It also is easy to deploy, through the simple process of installing authentication system software and device apps, synchronizing users with the authentication cloud service, and notifying them when they can begin using the system. Administrators can also give their customers the option of deploying conventional card reader accessories on logical access endpoints that do not have built-in mobile-ready readers.

Deploying Solutions

A key requirement for deployment is a robust mobile identity management system with proven processes for managing users and the entire life cycle of mobile identities. Outsourcing is an option, with offerings like HID Global’s Secure Identity Services for managing the entire process of how an employee is on-boarded and issued a mobile identity.

As soon as a user’s name is added, an invitation email is sent to the employee with instructions on how to install the mobile app. Once the app is installed and configured, the system provisions a mobile identity to the mobile device, and the security administrator is notified when the process is complete. Each mobile identity is unique, and automatically configured to match the specific attributes of the organization and the facilities where it will be used.

For organizations with global offices and multiple access control systems, an employee visiting another location can receive an additional mobile identity before leaving or upon arrival. Additionally, employees can connect with different mobile devices as needed, and when it is necessary to remove a digital key from a device, the mobile identity can be revoked over the air. To reduce security threats when a device is stolen, mobile identities can be configured to only engage with readers when the mobile device is unlocked. An unauthorized user would have to get past the device PIN or biometric authentication to use it for opening doors and accessing the building.

The same system platform can be used for logical access control. There is a simple, 3-step process for using ID cards and mobile devices to access data and cloud services with tap authentication solutions. The user first opens a browser on his or her NFC-enabled device and then types the URL for the desired application. After entering the corporate username and password, the user taps his or her access control card to the back of the NFC-enabled mobile device or tablet to provide the second authentication factor. Once the card has been tapped, the OTP is now unusable. There are no passwords to remember of additional tokens to deploy, manage or carry, just the same card used to open doors.

As physical and on-line access applications merge onto a combination of cards and phones, an organization’s physical and information security teams will also need to jointly manage multiple ID numbers for multiple applications on multiple devices. They will need to determine how best to support a growing number of application identities and associated lifecycles, while also ensuring that various groups can each be responsible for their own application and identity lifecycle needs.

Creating unified access control solutions offers valuable opportunities to improve security and convenience. To fully realize these benefits, facility and information security teams will need tight coordination. This requires that CIOs and CSOs both embrace their changing roles and the benefits that come from a close working relationship.

This article originally appeared in the November 2015 issue of Security Today.


  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Making Safety and Security Intrinsic to School Design

    Public anxieties about school safety are escalating across the country. According to a 2023 Gallup report, 44% of parents fear for their child’s physical safety at school, a 10 percentage-point increase since 2019. Unfortunately, these fears are likely to increase if the incidence of school tragedies continues to mount. As a result, school leaders are now charged with two non-negotiable responsibilities. The first, as always, is to ensure kids have what they need to learn, grow, and thrive. Sadly, their second responsibility is to keep the children in their care safe from threats and physical danger. Read Now

  • The Power of a Layered Approach to Safety

    In a perfect world, every school would have an unlimited budget to help secure their schools. In reality, schools must prioritize what budget they have while navigating the complexities surrounding school security and lockdown. Read Now

  • How a Security System Can Enhance Arena Safety and the Fan Experience

    Ensuring guests have both a memorable experience and a safe one is no small feat for your physical security team. Stadiums, ballparks, arenas, and other large event venues are increasingly leveraging new technologies to transform the fan experience and maintain a high level of security. The goal is to preserve the integrity and excitement of the event while enhancing security and remaining “behind the scenes.” Read Now

Featured Cybersecurity


New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3