Picture this scenario: It's Monday morning and you're late for work. You enter your building behind three other employees while fishing around to find your access badge. Luckily, the person in front of you has his card, swipes it to get in and you manage to slip in with them to catch the next elevator up to your suite.
Tailgating happens all too often and with scenarios like these occurring during the morning rush, having an intruder slip in is all too easy. For small to mid-sized companies and businesses, unauthorized physical access in this manner is enough to cause a serious security threat.
While some companies may require a simple user name and password log-in procedure for the network, for the expert computer hacker, all it takes is penetrating the initial physical access barrier like in the scenario above and the rest is simple protocol to them-a game of chance that they will win by simply trying all the variables. For the larger enterprise corporations, the process gets more difficult as both physical and logical access control provide security on the outside and within. Yet while this type of solution may seem like the best bet for an end-user, in many cases, they do not have the knowledge of a converged physical and logical access control solution to know that option is available to them. It is up to the integrators to step in and educate the end-user on the integration of physical and logical access control. The opportunity exists and those integrators that see the benefits of offering their customers converged physical and logical access control solutions are the forward-thinkers who will change the meaning of access control.
Defining the roles
Before an integrator can offer their customer a converged access control solution, it is important to understand the application. Consider the example of a situation in which the protected premises initial physical access control point was penetrated. In most cases, physical access control implies allowing or denying an employee or contractor access into a facility or specific area of a facility. Examples of this can include using some sort of credential, or employee badge, to gain access into a building. Logical access control is more related to software tools which grant access to a secured network or database after one has moved past the physical access point.
"From the logical access point of view, it is becoming one of the biggest threats because of hackers that can access a logical network from anywhere in the world," explained Mohamed Benabdallah, director of Global Business Development and IT Alliances for Tyco Security Products, Boca Raton, Fla. "There is constantly an investigation of what is being done to protect the network, who is accessing the network, what, when, how and where they are accessing it from." Yet Benabdallah confirms that there is much more protection to be done both on the physical and logical access control sides. Where the confusion comes from however, is from the lack of understanding as to who plays what role in the entire installation process, both internally and externally.
"If there is confusion out there, which I believe there is, it's from both the physical security integrators and the IT integrators who have not taken the time to educate themselves on how these systems are defined and the features and benefits associated with converging them," explained Tony Varco, vice president, Security Division, Convergint Technologies, Schaumburg, Ill. "There is no slowing of the access control market. What's been slow to grow is the actual convergence of physical and logical access control."