Physical and logical security has traditionally been viewed as two different domains with disparate technologies governing their practices and implementations. However, as the needs for network security and online identity authentication grow, these systems are becoming more sophisticated and driving an ever-increasing convergence of physical and logical access control.
Enterprises working toward convergence are looking to create a single identity credential and are increasingly turning to smart card technology. In many cases, plans also include an additional biometric element, says Greg Thornbury, vice president of SecureNet, a Dallas-based security systems integrator specializing in converged physical and logical access control implementations.
“We’re seeing more demand for converged solutions based on smart card technology, and about 20 percent of them want to add biometrics to the access control system,” Thornbury says.
SecureNet — a Gemalto VAR and a Microsoft Certified Partner — has been a part of the evolution of physical access control systems. From the early days of using magnetic stripe identity cards that carried little to no personal information, to the use of more sophisticated identity solutions, the pull for more advanced technologies has opened the door for SecureNet.
This technology has not developed in a vacuum; the demand for these systems comes from the market, with an increasing push towards sophisticated access control implementation, including the use of biometrics. Now, physical and logical worlds are converging, with a single identity credential used to gain access into a building and log onto a corporate network.
While there is growing market pull for biometrics in physical access control, it still remains a small subset in most facilities — limited to high security areas. “If you have 100 doors in a facility you might see biometric access on two, if at all,” Thornbury says.
Thornbury believes that biometric access control works well, though it is still too slow for a main entry point, and the costs have come down. Another deterrent in some environments is employee resistance. Hospital pharmacies are a prime example of a door with a high physical access security need; but, it is also a place where people feel an extreme sensitivity to germ transfer on fingerprint access control readers. Overall, Thornbury says, in most cases, security executives conclude it is just not worth the extra effort required to implement biometrics for physical access.
This changes when enterprises begin looking at convergence.
“There is better acceptance of biometrics for logical access control,” Thornbury says. “If your issue was germs, that goes away with your own computer. The throughput issue goes away, too. And there is a big plus — people don’t have to remember passwords or PIN codes anymore. People don’t forget their finger.”
The typical model for converging physical and logical access control on a single employee badge is a multiple technology card, according to Randy Vanderhoof, executive director of the Smart Card Alliance, an industry organization with a large constituency in identity and security. Sometimes called a hybrid card, it combines contact smart card and legacy access control technology, either proximity or magnetic stripe (see graphic, right).
“Contact smart card technology, either in a card or a USB token, is the preferred approach for two-factor authentication,” Vanderhoof says. “You can put a digital identity certificate in the smart card instead of leaving it on the PC. Couple that with a PIN to unlock the smart card, and you have a great tool for accountability and non-repudiation — something that is really critical for regulatory compliance and legally valid digital signatures on electronic documents.”