Man sneaks into secure area in a major international airport via the luggage carousel! Teenagers gain access through fire stairs to the roof of CBD tower block! Ex employee accesses and downloads 400 million dollars’ worth of trade secrets and legal trademarks in the week before he leaves!
These are all headline examples of break downs in security access protocols that govern access to controlled areas. Access control is only as good as its weakest link. Access control is a wide and diverse part of the security function. How easy is your premise or building to be penetrated by unauthorised persons?
A regular and professional security risk assessment needs to be performed to allow the business to see how robust and strongly they are protected from both a physical and IT perspective. All facets of the business that the public have access to needs to be reviewed regularly from a simple man sized hole to the tarmac at the airport to an employee being able to gain access to a lawyers files on an open network drive. Risk and resilience can be quantified and investigated by how well the business locks down in any given scenario from a boring night shift to peak hour at the stock exchange. Most break ins and thefts occur when no one is around or watching.
The process of access control has many best practices to secure sensitive data and/or restrict physical access to the company’s assets and most valuable secrets. Creating a secure and professional working environment is an on going process which needs the most up to date technology and procedures to provide the most cost efficient way of securing a building or intellectual property. If done correctly the first time it likely that only small changes will need to be implemented over the lifetime of business risk assessment.
There are 4 main concepts for Access Control Best Practices :-
• Layered Access Control
• Integration
• Training
• Secure the Data
Layered Access Control is defined as having multiple layers of protection of entry. This is implemented by using a combination of any number of user authenticated access technologies from biometrics, pin pads or key card. These controls can be broken down into 3 main areas:-
1. Knowledge: A PIN code or information transfer from the end user
2. Possession: A physical method of authentication through a card or swipe access
3. Identity: Previously proven through identification biometrics
This ensures that unauthorized individuals cannot gain access to secure areas by simply stealing or borrowing an authorized user’s key card or PIN, for example. The combination of different access control methodologies provides a greater level of security covering premises and asset protection.
Integration is the next major area of Access Control Best Practices as a fully comprehensive access control system needs to be functional and reliable. Access control needs to be seamlessly implemented so the end user has no detrimental effect to the ease of them coming to work. Access Control systems can be integrated through CCTV and swipe access. Integration is the key to a providing a robust and secure entry point. Security personnel with a fully integrated system can provide a comprehensive report from when people enter a building and follow them through the building with linked integration between multiple access systems like CCTV and User Access databases. Shopping centres or sporting stadiums with facial recognition at all entry points are a classic example of well integrated system.
Training is the next step in best practices. All security personnel need to be aware of how to use the software and technologies implemented at the venues they protect. Security are the front line of the business dealing with the public should any problems which arise. They should be well trained in what to look out for and identify issues before problems arise. A well trained and experienced team can be the difference between a shopping centre in the suburbs and a world leader like Westfields or Harrods.
Finally how secure is the access system and data it contains? If a hacker cannot connect to your system from the outside world they are eliminated as a threat. Today’s networked security technologies are particularly at risk, as hackers develop new techniques to access and even take control of physical devices. Technologies using Bluetooth or WIFI to connect between devices allow hackers a way into the system. It’s vital to properly secure any stored data on access control systems, including biometric information, PINs, user data, and usage logs, from both a logical and a physical standpoint.
In the current global security environment a holistic approach needs to be taken when considering how to securely protect our valuable assets. Agilient have experience in all forms of access control from developing plans for bollards to restrict traffic, turnstiles and electronic timed locks to allow easy and professional general entry without the public knowing how restricted they really are. Agilient can offer a wide and diverse set of ideas and concepts for keeping a business safe across all forms of security ranging from the vehicle and loading dock to a sport stadiums access and swipe reader access scheme.
Large and small businesses have different needs to create their own private security environment. A thorough and competent security risk assessment can highlight new technologies and state of the art methodologies for both a new or existing business to adopt and ensure they have a best practice implementation in access control.
For assistance in developing and implementing best practice access control please do not hestitate to contact Agilient.
The Agilient Team