It’s increasingly common to hear of large and small organisations being hacked – their IT security simply is not up to the job. On the back of this, it’s worth considering whether your organisation could be hacked too. But don’t limit your attention to your IT systems as they’re only part of the story. It’s crucial to check the security of your physical access control system too.
Protect business continuity
Today, an organisation’s value is often determined by intangible assets such as data. So it’s no surprise that the security of IT systems and networks is becoming significantly stronger. What is surprising is that many modern physical access control systems, which are themselves IT systems connected to the company network, aren’t being given the same protection.
This kind of oversight can leave your security system vulnerable to cyber threats, which can have a dramatic impact on day-to-day tasks and, ultimately, business continuity. Especially as accessing an organisation physically is often the route to hacking its network digitally.
Security must collaborate with IT
In many cases, the problem is that companies simply don’t view physical access control as an IT system that’s connected to their network and part of their complete control system. IT departments and security departments often work in separate silos rather than collaborating to integrate and protect IT and physical access control as one. This means the security principles used in IT, such as strong authentication and encryption, aren’t imposed on the physical access control system.
Another issue is that many organisations consider providing access to be more important than controlling access. So security managers may view a simple physical access control system that allows doors to open and close with an access pass as sufficient. Such systems are, however, becoming increasingly more vulnerable to cyber threats.
End-to-end security for physical access control
If we step back and look at the big picture, it does seem counterproductive to invest in an access control system to secure your organisation, but then not secure that system. Your access control system shouldn’t be your weakest link, providing hackers access to all sorts of confidential information. It’s vital to bring logical and physical security together.
Based on this issue, many European countries have published guidelines that demand cardkeys for physical access control systems are stored on the safe side of the door to reduce the risk of cyberattacks. Storing cardkeys in a secure access module (SAM) in the door controller is the safest way of implementing these guidelines. And we, at Nedap, have developed a robust solution based on this approach that meets and exceeds the new standards for digital and physical security.
Defence against physical and cyber attacks
Our end-to-end security protection applies the latest IT principles of encryption and strong authentication to achieve secure communication between all elements of our AEOS access control system. By storing DESFire keys and digital certificates in the same SAM inside AEOS door controllers, we unite the best practices of IT and physical security in one solution. And provide high levels of protection against both physical and digital attacks.
Want to learn more about physical access control and end-to-end security?
Download our End-to-End whitepaper
Frequently asked questions
At a very basic level, access control is a means of controlling who enters a location and when. The person entering may be an employee, a contractor or a visitor and they may be on foot, driving a vehicle or using another mode of transport. The location they’re entering may be, for example, a site, a building, a room or a cabinet. We tend to call it physical access control to differentiate it from access control that prevents people from entering virtual spaces – for example when logging into a computer network.
If you decide to use an access control system, it’s probably because you want to secure the physical access to your buildings or sites to protect your people, places and possessions. That’s just the start for access control systems though. The right system, used well, can add value in a range of ways. You can use it, and the data it generates, to boost not just security but productivity, creativity and performance.
Today, physical security is about so much more than locks and bolts. Many modern physical access control systems are IP-based, powered by smart software and able to process large quantities of data. This provides more functionality, flexibility, scalability and opportunities for integration. It also means they’re part of your IT network, so it’s essential they’re protected and upgraded – just like your other IT systems.
From our perspective, a centralised access control system is always preferable – whether you have just two locations in the same town or hundreds spread around the world. Centralising your access control brings a range of far-reaching benefits.
For the people using your building, biometrics can give a better experience compared to an access badge. These days, biometrics are used for both identification and verification – sometimes even both at the same time. Being allowed to enter your building just by scanning your hand or face makes access control more convenient than ever.
Mechanical keys are the simplest form of physical access control and the method many smaller organisations use. Even for a small company, however, using mechanical keys has several flaws and limitations – especially as an organisation gets bigger. Below are just some of the problems presented by using keys.