Protecting a New Perimeter

By Julian Lovelock, Vice President, Global Business Segment Identity and Access Management Solutions, HID Global

Even before the pandemic changed so much of daily life in so many ways, there was a transformation in workplaces. Physical boundaries were no longer the only perimeter defining secure workplace access. Identity became a new – and often the only – perimeter. Both perimeters must now be protected to ensure a secure, safe, and productive workforce, which requires a new approach to physical identity and access management that unifies both physical access and cyber/IT access. This new approach encompasses credential management, multi-factor authentication and secure visitor management, as well as the management of guard tours and other standard perimeter protection best practices.

Secure Visitor Management

A more hybrid workforce that is not permanently based in an office complex requires a visitor management solution that can handle multiple different types of visitors to a site. The solution should also support contractors and employees plus customers, suppliers, and partners.  The latest solutions have enabled organizations to go touchless during the global pandemic with self-service visitor badging kiosks, while also automating wellness and other screening questionnaires. The solutions can also be used to monitor and analyze everyone’s activity if there is a COVID-19 outbreak, simplifying retrieval of historical visit reports while making it easier to generate a workplace occupancy map and timeline, and to automate and enforce evolving compliance with visitor access and policy-based registration.

Remote work and its virtual perimeters must also be flexibly supported. An enterprise-grade, cloud-based authentication solution accomplishes this by making it easier to support employees who need to access enterprise resources from both inside and outside the office.

Authentication for Remote Workers

Adding multi-factor authentication to a unified physical identity and access management solution significantly improves remote work security. One of its biggest benefits is eliminating the vulnerabilities associated with passwords that are typically hard for users to track, remember and manage. As a result, they resort to weak passwords, but these enable cybercriminals to easily breach company systems and data. Previously hacked passwords often make their way to the Dark Web where hackers can gain access and use them in future attacks. 

Multi-factor authentication solutions solve this problem, protecting an organization’s applications and data by requiring a second validation via, for example, a mobile app to verify user identity before granting access. 

Several authentication form factors and methods should be supported so that there are sufficient options for to meet unique security needs. For instance, mobile push authentication enables users to log in securely with a simple swipe of their phone, to quickly authenticate to prove their identity before accessing protected applications. It is just as easy to swipe and deny a fraudulent login attempt. 

Organizations can also choose from biometrics, or cards and security keys enabled with standard security technologies such as FIDO, PKI, and OTP, to provide a seamless, passwordless experience. The inclusion of a bundled Certificate Authority (CA) gives organizations a choice of a publicly trusted or private dedicated CA for strengthened security. In addition to incorporating high assurance smart cards and security keys that provide a single sign-on authentication experience, organizations should also include technology compatible with physical access control infrastructure to ensure a drop-in replacement for any access control card. 

With an authentication ecosystem in place, organizations now need a solution for centrally managing credentials and certificates. 

Credential Management

Today’s cloud-based credential management services automate and simplify the issuance of physical access badges as well as digital credentials while eliminating inefficient, manual processes.  Organizations have access to detailed insights about issued credentials including who has them, what they are for, why they have been credentialed, and for how long. Credential revocation is also automated, which mitigates insider security risks.

These services also provide all details of active credentials, wherever they are being used. Today’s ISO27001-certified platforms simplify employee access to the physical and digital workplace while solving administrative issues, regulatory compliance, and other business challenges. Including unified authentication back-end functionality allows organizations to choose the optimal security protocol for each use case while maintaining consistent rules and audit management capabilities.

Guard Patrol Checkpoints Also Move to the Cloud

Even in today’s hybrid work environments, there are still requirements to patrol a physical perimeter. This can be automated and enhanced by combining Near Field Communications (NFC) technology and cloud-based authentication into Internet of Things (IoT) applications for accurately tracking security checkpoints. 

Using this approach, trusted NFC tags can be deployed to identify assets, checkpoints, and people throughout the facility. Security guards on patrol can then simply tap their NFC-enabled smartphone to these tags at each checkpoint on his/her designated tour, without any manual sign-in process.  The checkpoint is identified by name, and timestamp information is automatically uploaded.  Databases are updated in real-time, enabling security guards to digitally prove their patrol stop took place at the proper location, and instantly respond and report fraudulent activities throughout the building. 

Securing Physical and Virtual Perimeters

Hybrid work environments are redefining the perimeter. Organizations must protect both the physical perimeter and a new perimeter defined by the identities of people and things. Cloud-based solutions are increasingly being used to protect these perimeters by simultaneously addressing both cyber and physical security, compliance, and business challenges as well as the traditional guard patrol in today’s dynamic work environment.

Julian Lovelock is currently Vice President Strategic Innovation at HID Global, where he is responsible for sparking new innovation leading to the development of new products and services. Lovelock moved to the United States from London in 2006 following the acquisition of ASPACE Solutions where he was CTO and co-founder. He holds a BENG in Electrical and Electronic Engineering from the University of Aston, UK.

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.