Physical Access Control is in Dire Straits
Physical Access Control is in Dire Straits
It is time for a wake-up call. If you recently attended any of the major security trade shows, you probably noticed that great progress has been made in areas like video management, intrusion detection, drones and surveillance robots. Innovative technologies, smart software integrations and great user experiences are driving these segments of the physical security market.
But one segment seems to be in pure maintenance mode at best – the physical access control market. While arguably the most important building block of any physical security program, physical access control has become the odd man out within the industry. Boring, no innovations, no investments, no interest.
Compare that to the cyber security industry where logical access control has gone through a true transformation. Driven by attacks and ill-intentioned hackings, as well as a rapidly growing adoption of cloud, mature Identity and Access Management solutions are being implemented on a wide scale.
Remember the idea from the last 10 years called ‘convergence’ where physical and cyber were going to work together? While we are not at 100% convergence yet, there is still hope. So why should you care? The answer is very simple: Because your existing physical access control system most likely is not doing what it is supposed to do, i.e. ensuring that only the right people have access to your facilities and being in sync with your other business systems.
Physical Access Control Systems typically exist in isolation on their own on-premises server, owned by a separate group from the team that runs logical access. Very few, if any, of them are integrated with the company’s authoritative people data source. Even fewer of them are integrated with the system that manages contractors and visitors. And almost none of them integrate with other IT systems that contain data required to make dynamic access decisions such as a Learning Management Systems that keeps track of who passed which trainings and holds which certifications.
The net result is what we call the ‘Identity Gap’ – an ever-growing difference between the identity information in your Physical Access Control System (PACS) versus in your record systems. In turn, that means people having physical access they no longer should have, access cards out in the wild that are still active, duplicate cards that have been passed on without you knowing, and more. This gap and the insider threat caused from identities having inappropriate access is also known as Access Chaos.
How to Close the Gap and Tame the Chaos?
It is time for physical access control to grow up in the same way logical access control did over the past two decades. The good news is that solutions to close this identity gap do exist. You can group them into two categories: Physical Identity Governance & Administration solutions and Physical Identity & Access Management solutions.
Physical Identity & Access Governance (PIAG) solutions have two simple goals: map and identify your identity gap and provide you with data and analytics in the context of compliance requirements and audits. Think of a software solution that aggregates and correlates data from relevant people systems (HR and/or Active Directory), your Physical Access Control System(s), and any other relevant business systems.
On a daily basis the software will identify which data in your Physical Access Control System(s) needs to be corrected. People no longer working for the company, duplicate cards, people with inappropriate or too much access, contractors with expired certifications, etc. These solutions also automate recertifications, i.e., the periodic re-approval of access.
Physical Identity & Access Management (PIAM) solutions also have two goals: automate your access control processes and enable attribute-based physical access control. Think of an intelligent software layer that sits on top of your Physical Access Control System and that automates access requests, handles forgotten and lost badges, automatically sets and revokes access based on a person’s role, the trainings they passed or certifications that expired.
The outcome is a Physical Access Control System that contains up to date identities at all times, access levels that are set and revoked in a dynamic and fully automated way and syncs to all other business systems.
It takes only one major incident caused from an access-based insider threat to cause massive reputational damage to your company, let alone the potential harm or injury to people or damage to property and information.
It’s time to get physical access control and your physical identity management program on par with the rest of your physical security controls. Just because access control systems are not innovative, doesn’t mean some of the innovative tools that sit on top of them are not. Give your enterprise access management program the attention it deserves and learn how PIAG and PIAM solutions can make your organization safer and more secure.
Contact us today to learn more about PIAG and PIAM solutions.