Join the Team - Now that mobile identities can be carried on phones for physical security applications, they are merging with smart cards into centralized identity management systems.

Join the Team

Facility and IT security systems converge to manage security

Now that mobile identities can be carried on phones for physical security applications, they are merging with smart cards into centralized identity management systems. Organizations can use either or both to secure access to the door, data and cloud applications. The goal is a unified system that enables strong authentication and card management capabilities for computer and network logon, while also ensuring that physical and logical identities can be managed on a combination of plastic cards, smartphones and other mobile devices.

This trend is having a big impact on physical and IT security departments at hospitals and other large facilities and campuses. CIOs and CSOs have both gotten much more involved with each other in deployment decisions, creating new opportunities to maximize security and efficiency.

Evolving Roles for CIOs and CSOs

It is increasingly important that facility and information security teams work together to gain a better mutual understanding of today’s threats, and how best to combat them, while coordinating system workflow and security enhancements. The two departments should collaborate closely on all aspects of designing, implementing and maintaining robust security capabilities. Both teams must understand and follow best practices that extend across physical and logical access control.

The physical security market has been at the front lines of security convergence since the transition from analog video surveillance cameras to networked solutions. IT staff now heavily influences technology purchasing and daily oversight in this area. There also has been a push to integrate video, access control, intrusion detection and other system components into Physical Security Information Management (PSIM) and other unified systems. This convergence trend is accelerating with the move to ID cards and mobile phones used together for physical and logical access. The same card used to open a door can now also have “tap” authentication capabilities for logical access control—it can be tapped to a laptop, tablet, phone or other NFC-enabled device to access data, cloud apps and web-based services, replacing dedicated one time password (OTP) solutions. And that same device can be turned into a trusted credential that can be used to unlock doors and open gates.

Issues at the Intersection

As physical and logical access requirements intersect, only platforms based on open standards will enable the move to mobile access control, converged solutions, and web-based credential provisioning. Solutions can be deployed all at once, or gradually and selectively as needed. For instance, not everyone in the hospital will need mobile access on smartphones for opening doors. Visual identification enabled by traditional ID badges remains very important in the hospital setting, so cards will need to coexist with mobile IDs. Another decision is whether to provision mobile access only to company-issued devices, or to support a Bring Your Own Device (BYOD) model, and how to do that.

Regardless of the chosen mobility strategy, the access control platform will need to support the broadest possible range of devices without the need for additional sleeves or other accessories. Today’s most versatile solutions support various read ranges and enable phones to open doors not just by tapping them to a reader but also by twisting them from a distance as a user drives or walks up to it. Hospitals will need to determine the types of doors to be mobile-enabled, what kinds of features to incorporate, and which entry points will benefit most from various capabilities.

Using the same access control platform, the hospital also can assess its logical access needs. This includes looking at tap authentication as a more secure and convenient way for users to access network resources, cloud apps and web-based services using the same ID card that opens doors. Tap authentication is particularly attractive for mobile device users. In today’s mobile-first world, employees expect access to corporate cloud applications, data and services anywhere, at any time, from their preferred mobile device. This anywhere, anytime access can potentially make networks more vulnerable to security breaches. Tap authentication solves these security problems while also providing greater user convenience.


Policy development is an important area, including updating old procedures to address new capabilities, and writing procedures to address new technologies. Organizations also need a robust process for managing users and the entire life cycle of mobile identities. This can be handled internally, or outsourced through offerings like HID Global’s Secure Identity Services. This offering is used to manage the entire process of how an employee is on-boarded and issued a mobile identity, how to issue an additional mobile identity when visiting remote offices, and how to remove a digital key from a device if an employee reports it lost or stolen. Mobile identities can also be configured to only engage with readers when the mobile device is unlocked. This means that an unauthorized user would have to get around the device PIN or biometric authentication to be able to use it to open doors and access the building.

For logical access control, a hospital can employ the same access control system to implement and manage a simple process for using ID cards and mobile devices to access data and cloud services. After users tap their card to their device, the OTP is unusable. There are no additional tokens to deploy and manage, and users have only one item to carry—their smart card—and no longer must remember or type a complex password.

As physical and on-line access applications merge onto a combination of cards and phones, a hospitals physical and information security teams will learn how to manage multiple ID numbers for multiple applications on multiple devices. The identity management system will need to support multiple application identities with different lifecycles, while also enabling different groups within an organization to independently take responsibility for their own application and identity lifecycle needs.

Special Healthcare Considerations

Threats to hospitals and other healthcare facilities can be divided into those to the safety of staff, patients and visitors, and those to the security of patient information and other data. Physical security threats can be difficult to combat because of the modern hospital’s typically large campus size and often geographically dispersed nature of many facilities. There is also the need to ensure emergency preparedness for natural disasters.

Another challenge is supporting secure access from affiliated doctors who may work with many different institutions, requiring them to carry multiple badges for all the locations they visit. Visitors are also a challenge—some may pose a threat, all must be protected, and doing so is more difficult during “after hours” periods and in critical areas such as labor and delivery floors and pediatric wards.

On the information security side, threats to patient privacy take many forms, and safeguards must extend to electronically prescribed medications, as well. In the United States, HIPAA and the HITECH act create the need for process and workflow changes, as well as technology investments in a combination of cybersecurity and privacy protection. Healthcare institutions also must comply with mandates established by the Drug Enforcement Agency’s (DEA) Interim Final Rule (IFR) for Electronic Prescriptions for Controlled Substances (EPCS). The EPCS regulation not only creates convenience for practitioners and patients through allowing electronic transmittal of prescriptions for controlled drugs, it also enhances security when implemented in a DEA-compliant fashion. Compliance requires using a software application that conforms to regulatory standards and is identity-proofed and credentialed for two-factor authentication.

To keep up with these and other threats and regulatory requirements, hospitals must take a unified approach to opening doors and gaining secure access to data, patient information and hospital applications. The latest solutions support many access control applications on the same smart card, from access control for the parking lot, main door, emergency room and pharmacy to visual ID verification, time-and-attendance, payroll transactions and cafeteria purchases. They also enable the integration of visitor management systems to optimize badging efficiency as part of a complete solution that supports real-time patient feeds and Health Level Seven International (HL7) integration.

On the information security side, the access control system must employ strong authentication and adequate security so that patient health information is protected in an increasingly digital world. With the right infrastructure in place, healthcare institutions can meet today’s security and compliance needs while continually improving security and convenience, protecting patient privacy, and increasing the value of their investment. Tap authentication is particularly valuable for information security in the healthcare environment, reducing the need for complex passwords and diminishing password fatigue for users who might have to log in 20 or more times each day in order to access the facility’s enterprise data and services. Tap authentication helps hospitals align information security and safety, meet compliance needs, and ensure that patient privacy is protected.

Finally, the threat of fraud in electronically prescribed medications can be combated through systems that employ unique physical information such as a fingerprint or iris scan, or use physical objects, which in the U.S. can be a FIPS 140-2 certified cryptographic key, hard token or card. Security is improved by leveraging public key infrastructure (PKI) using on-site or cloud-based validation services between all relying parties, elevating the trusted transaction which reduces or eliminates the opportunity for breach.

It has become increasingly important that facility and information security teams work together to fully understand today’s threats and how best to combat them. As they follow a similar path to that of most enterprises, healthcare institutions are adopting converged solutions to secure access to everything from the doors to computers, data, applications and cloud-based services.

This article originally appeared in the November 2015 issue of Security Today.


  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Busy South Africa Building Integrates Custom Access Control System

    Nicol Corner, based in Bedfordview, Johannesburg, South Africa, is home to a six-star fitness club, prime office space, and an award-winning rooftop restaurant. This is the first building in South Africa to have its glass façade fully incorporate fritted glazing, saving 35% on energy consumption. Nicol Corner (Pty) LTD has developed a landmark with sophisticated design and unique architecture by collaborating with industry-leading partners and specifying world-class equipment throughout the project. This includes installing a high-spec, bespoke security and access control system. Read Now

  • Only 13 Percent of Research Institutions Are Prepared for AI

    A new survey commissioned by SHI International and Dell Technologies underscores the transformative potential of artificial intelligence (AI) while exposing significant gaps in preparedness at many research institutions. Read Now

  • Survey: 70 Percent of Organizations Have Established Dedicated SaaS Security Teams

    Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

Featured Cybersecurity


New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • ResponderLink


    Shooter Detection Systems (SDS), an company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3