Basic security paradigms have changed. Whereas physical barriers and guards were once the primary mode of security at the perimeter of facilities, now these have been supplemented and improved by advanced access control solutions that rely heavily on technology to verify the identity of the individual attempting to enter. There are a number of reasons for this.
Three Reasons for Shifting Physical Security Paradigms
First, social engineering has made it clear that a skilled hacker can talk their way into almost anywhere. Whether it’s by wearing coveralls and carrying a ladder and a coil of CAT5 cable, or by wearing a suit and carrying a briefcase, there are many ruses that have been demonstrated to be astonishingly effective at getting through even stringently manned security checkpoints.
Next, tightening budgets have led many organizations to look closely at their manpower costs. While security officers continue to have an important place in many security programs, the advent of analytics solutions that can supplement or replace them while also delivering meaningful business intelligence has changed the balance in this equation.
Finally, technology now automates notifications and alerts, making it easier to ensure that information on unfolding incidents reaches first responders quickly and reliably.
Security at the Perimeter = Access to Identity
At the same time, the most important new concept in security at the perimeter is the idea of identity. Ensuring that the credential being presented matches the identity of the individual attempting to enter is fundamental to the highest levels of security. And it is at the perimeter where this matters most. Once a criminal or bad actor has managed to penetrate the perimeter, there are many more opportunities for them to commit their crime. This is the case whether the criminal is intent on violence, theft of valuable property, hacking into the organization’s network or one of the many other types of crime with potentially catastrophic impacts and liabilities.
While an access control system can read and authenticate the credentials presented by a person trying to enter the facility, most cannot verify that the person entering matches those credentials. For this verification to take place, there needs to be a form of biometrics such as facial recognition in addition to the ID card or proximity device. This provides an even higher level of accuracy than a security officer can offer.
The need for greater control at the perimeter also highlights a serious shortfall in even the most sophisticated access solutions – including those that incorporate biometrics. If the controlled door makes it possible for a second person to tailgate or piggyback on a single set of credentials, there is a glaring gap in protection.
Closing the Gap in Perimeter Entrance Protection
Tailgating is easy to do if there is a traditional swinging door in place. Going back to the effectiveness of social engineering, all a person must do is look like they “belong” inside a facility and they can easily find a polite, credentialed person to hold the door open for them to follow through. Should that fall short, there is the technique of quickly grabbing the door just before it latches shut to slip through with a murmured, “thanks, sorry, I’m in such a hurry.” Few employees are likely to report such a breach to security simply because they do not realize that it was a breach (and in fact it may not have been).
Unless a more advanced security entrance is in place – one that can not only verify the identity of the credential holder, but also prevent a second individual from entering on those credentials – there is no way to proactively stop tailgating or piggybacking from occurring at the perimeter (or anywhere else).
There is no doubt that identity has become more essential than ever as a primary form of security. Wherever you can fully verify identity, you can create the most secure perimeter possible – whether it is around an office, a building or an entire campus. With this understanding, access control becomes a far stronger mode of security, helping to create the most effective and proactive barrier to all of today’s risks and threats.