For many years now, IT professionals have become more and more active in discussions about physical access control systems and there has been an active debate about the need for convergence between physical and logical access. IT managers use electronic means to secure logical assets; security managers use physical access control methods to secure facilities. On the surface, it would seem that both departments would benefit greatly from collaboration since both of their problems boil down to permitting access to the right people.
With such an obvious synergy and benefit to taking a more holistic view of enterprise security, why hasn’t this yet happened? What are the real barriers preventing companies from moving in this direction?
Perhaps one of the answers lies with the fact that we’ve been more focused on the “what” than the “who.” If organizations are really going to make a meaningful impact on protecting their assets, whether physical or virtual, it’s most important to focus on the “who”—and coordinating that task between IT and security is becoming important.
Who was that (really)?
Although privileges are assigned to people, it’s not always clear who is entering a password or who is carrying an RFID card. The risk of not knowing “who” varies from asset to asset. Is it enough to be the holder of a swipe card to enter a parking garage? Probably. How about to access a medical record? Absolutely not!
It is in this context that biometrics is playing a larger role in securing facilities and assets of all kinds. With the introduction of multispectral imaging, biometrics has become reliable enough to deal with the fundamental issue of knowing “who” to a much higher degree of confidence.
In fact, by linking physical identity to a myriad of digital identities, converged identity and access management solutions become much more powerful. There is no meaningful access management without first establishing the “who” in transactions. Who is accessing my facility? Who is punching the time clock? Who is withdrawing funds from that ATM? The question is always, “Who?”
Thus, while access and authorization have always been granted to individual people, knowing a password or having a key is only superficially related to the authorized person—and neither can establish who exactly that is. Only biometric technology can do that.
It’s more than just about security
We’ve all seen it: business grinds to a halt after the deployment of a new security system. Designing an authentication solution that is both secure and convenient—that’s where the value is for the customer.
Convenience in an authentication solution is ease-of-use, accessibility, speed and all of the other things that become important to an organization after the primary objective—security—is met. Staffing help desks to reset passwords or reissue swipe cards while the employee is standing by is not an efficient use of resources. Nurses on a hospital floor cannot waste valuable seconds fumbling with the numbers and special characters in a password when accessing medical supplies.
A biometric solution can lower risks, reduce costs and improve efficiencies. It can meet regulatory requirements, provide an audit trail and facilitate transactions, all without getting in the way of business. Today, biometric solutions authenticate people requiring access to secure facilities, sensitive records, government services and controlled substances. The possibilities and benefits are real if the biometric is chosen carefully.
Security integrators are already aware that biometric technologies and scanners are not created equal. Some optical sensors work very well when the finger is clean and prepped with lotion. Is that convenient? Other sensors work perfectly—on the third or tenth try, while a line forms behind the user. These situations are the cases that cause security managers to abandon an application.