It’s increasingly common to hear of large and small organisations being hacked – their IT security simply is not up to the job. On the back of this, it’s worth considering whether your organisation could be hacked too. But don’t limit your attention to your IT systems as they’re only part of the story. It’s crucial to check the security of your physical access control system too.
Protect business continuity
Today, an organisation’s value is often determined by intangible assets such as data. So it’s no surprise that the security of IT systems and networks is becoming significantly stronger. What is surprising is that many modern physical access control systems, which are themselves IT systems connected to the company network, aren’t being given the same protection.
This kind of oversight can leave your security system vulnerable to cyber threats, which can have a dramatic impact on day-to-day tasks and, ultimately, business continuity. Especially as accessing an organisation physically is often the route to hacking its network digitally.
Security must collaborate with IT
In many cases, the problem is that companies simply don’t view physical access control as an IT system that’s connected to their network and part of their complete control system. IT departments and security departments often work in separate silos rather than collaborating to integrate and protect IT and physical access control as one. This means the security principles used in IT, such as strong authentication and encryption, aren’t imposed on the physical access control system.
Another issue is that many organisations consider providing access to be more important than controlling access. So security managers may view a simple physical access control system that allows doors to open and close with an access pass as sufficient. Such systems are, however, becoming increasingly more vulnerable to cyber threats.
End-to-end security for physical access control
If we step back and look at the big picture, it does seem counterproductive to invest in an access control system to secure your organisation, but then not secure that system. Your access control system shouldn’t be your weakest link, providing hackers access to all sorts of confidential information. It’s vital to bring logical and physical security together.
Based on this issue, many European countries have published guidelines that demand cardkeys for physical access control systems are stored on the safe side of the door to reduce the risk of cyberattacks. Storing cardkeys in a secure access module (SAM) in the door controller is the safest way of implementing these guidelines. And we, at Nedap, have developed a robust solution based on this approach that meets and exceeds the new standards for digital and physical security.
Defence against physical and cyber attacks
Our end-to-end security protection applies the latest IT principles of encryption and strong authentication to achieve secure communication between all elements of our AEOS access control system. By storing DESFire keys and digital certificates in the same SAM inside AEOS door controllers, we unite the best practices of IT and physical security in one solution. And provide high levels of protection against both physical and digital attacks.
Want to learn more about physical access control and end-to-end security?
Download our End-to-End whitepaper