Physical & Logical Convergence in Access Control Systems (Part1)

The world of access control has changed. The system that used to just open doors now improves information security, increases productivity and produces revenue for the end user.

Today, because much of the information that companies work with is electronic, securing both physical and logical assets is important. "Protecting both physical property and knowledge-based soft assets is vital to a company's success and continued growth," said Eric Joseph, Manager of Architectural, Engineering and Consul t ant Support Services at Lenel Systems International ( a UTC Fire & Security company).

Controlling access to IT applications has traditionally relied solely upon user names and passwords. "However with the increasing proliferation of IT applications in the workplace, many employees now have to remember as many as a dozen sets of user names and passwords, which are inconvenient and cumbersome to use," said Tim Phipps, EMEA Director of Identity and Access Management for HID Global. "People frequently forget their logon credentials causing them to be locked out of their accounts and prevented from doing their work. Even worse, some frustrated employees may decide to write their passwords down, which increases the chances that their passwords will be stolen or misused."

This is why convergence applications that use smart cards for physical and logical access control, such as single sign-on, are being widely adopted by many major access control manufacturers. "Smart cards used in conjunction with passwords provide for an additional layer of security," said Joseph. "Now that you are utilizing a more secure authentication process, you can confidently utilize single sign-on." Single sign-on is a business efficiency tool that enables a user to authenticate only once. The user can then gain access to different network applications, databases and platforms. This includes customized Windows and Web applications, as well as host-based or terminal applications. "Sometimes people do not log off their computers when stepping away from their workstations," said Joseph. If one is required to use a smart card to log onto the computer, and is logged off as soon as the smart card is removed from the workstation, the possibility of an unsecured workstation is greatly reduced if not fully eliminated. Also, by integrating physical and logical security, when a cardholder leaves the building, his or her account can be disabled, restricting further access while the person is off-site.

To facilitate IT security, a powerful contact chip capable of providing Public Key Infrastructure (PKI) cryptography is embedded into the smart card. According to Phipps, PKI is an industry standard method for exchanging information and communicating securely on IT systems. It relies on the use of public and private key pairs stored in digital certificates that are uniquely assigned to individual users to provide secure communication and access.

"By using the PKI support it is possible to encrypt documents and digitally sign messages, such as e-mail, so that the sender and recipient can be confident that the communication has not been corrupted, read or changed in anyway," explained Phipps.

Microsoft applications such as Word, Excel, Powerpoint and Exchange routinely support smart cards. "You can also use the smart card to protect access to confidential documents in Word such as legal agreements or purchase orders, or you might want to use it to control changes to financial or customer data in Excel documents."

Other applications include protecting access to VPNs (Virtual Private Networks), Thin Clients and Pre-Boot Authentication solutions.

"Because your credentials are stored on the smart card, they are portable and you can carry them with you wherever you go. This means that it is possible to authenticate yourself and gain appropriate access to an organization's buildings and IT applications even if you have to work at different sites, are traveling, or are simply working from home," added Phipps.

A business management application of an integrated access control system takes all information gained from the access system and utilizes business rules from other systems. Through software integration, business management systems such as time and attendance and enterprise resource planning (ERP) can share information. "That same information gathered by a security management system has value to other areas of a business. Integrating a business system with a security management system can maximize the value of both systems to the customer," said Joseph. "For example, events passed from the security management system to the business system can instantly provide information about new hires and terminated employees, and can be used by the payroll system to calculate compensation."

One example is business management software that deals with regulations such as Sarbanes- Oxley. "Sarbanes-Oxley's segregation of duties means that responsibility for handling customer orders has to be done by a variety of people to ensure integrity of the process and information. Often, those people actually work in different physical areas of the business, which means that, to a degree, access outside the process can be regulated," said Joseph. Integration of physical access control and business management software helps organizations comply with the rules. Other examples include controlling the number of hours certain workers can remain at potentially hazardous work sites such as coal mines, and restricting access by people who have not had sufficient training. These situations can be managed using integrated access control.

to be continued...


Share to:
Comments ( 0 )