Access control systems are set to play an increasingly important role in shaping the cyberdefences in the future. Intelligent CISO speaks to industry experts from HID Global and Genetec about the role of access control systems, the cyber-risks associated with them and the three access control technology pillars defining the future-ready financial institution.
The convergence of technology, innovation, new regulation and security risks are rapidly changing banking security ecosystems. Typically, IT security is the main focus for mitigating these risks. However, physical security also plays a major role in preventing security breaches and shoring up an institution’s image. In speaking to our financial services customers, three access control technology pillars are always at the forefront of our discussions, each driven by desired business outcomes and expectations of the future.
Pillar 1: Going mobile
By 2020, Gartner Inc. estimates that 20% of physical access control solutions will be shaped by mobile technology and cloud architectures.
Mobile access control IDs have the potential to fundamentally change how banks operate. They give employees the convenience of using their smartphones, tablets or wearable devices to do everything from accessing doors, gates and networks to opening electronic locks, securely releasing documents from the printer, purchasing snacks from the vending machine and ‘punching in’ to time and attendance systems.
Available as a stand-alone capability or integral feature of an existing card-based system, solutions like HID Mobile Access make it easy to manage employee access rights while taking advantage of automated flows that increase administrative efficiency for issuing and revoking mobile IDs. Powered by Seos, HID Mobile Access delivers best-in-class cryptography for unrivalled data and privacy protection for access control. This also simplifies compliance to major privacy frameworks, such as GDPR and Privacy Shield, by ensuring that no personally identifiable information or financial data is stored.
Pillar 2: Location services to improve governance and situational awareness
Real time location systems offer similarly transformative opportunities by enhancing area governance. This enables institutions to improve visibility and situational awareness, so they can ensure safety while protecting critical assets. Combining IoT solutions with predictive analytics, today’s location services solutions enable financial institutions to improve real-time visibility through knowing the precise location of assets, employees and visitors.
Employees benefit from the ability to locate needed assets, and institutions gain valuable knowledge about building occupancy and employee location, so they can facilitate evacuations and emergency responses while also meeting requirements related to access policies, time-and-attendance logging and building safety.
Precise real-time and proximity location capabilities make it significantly easier to manage who enters and exits the building, and to control where, when and why they can access specific areas and information resources.
Pillar 3: The connected security ecosystem
Adding mobile access control and location services to standards-based physical access control systems gives financial institutions a solid foundation for incorporating other valuable risk-mitigation capabilities while enabling innovations in workplace experience.
For instance, biometric authentication adds the ability to unequivocally validate a person’s identity for greater security and convenience, without adding complexity for the employee or customer.
Personal Identity Verification (PIV) solutions can also be a valuable addition, giving banks an integrated solution for standards-compliant identity and credential management with the ability to use a single secure credential for accessing facilities and IT resources.
An example is HID Global’s PIV Enterprise multi-factor authentication solution, which encompasses the entire identity lifecycle – from identity proofing and secure credential issuance through the retirement of the trusted secure credential. HID Global also offers PIV enablement solutions that permit financial institutions to meet any assurance level as defined by the US Federal Government.
Why access controls?
Intelligent CISO spoke to Ephrem Tesfai, Sales Engineering Manager for the Middle East, Turkey and Africa, Genetec, to get further insight into access control systems.
What are the main benefits of enterprises utilising access control systems?
Providing a safe and welcoming work environment is necessary for any organisation to flourish. But finding a balance between security and free movement isn’t always easy. If it is too restrictive, it hampers the flow of people and if it is too permissive, your security is compromised.
Physical access control is about protecting people and assets. The primary focus is to keep an area secure by restricting access of unauthorised personnel. An electronic access control system (ACS) controls entry and exit to rooms or facilities using a wide range of credentials.
Credentials can refer to tangible or intangible objects that prove the identity of an individual like a password (something they know), an access control badge (something they have) or a biometric feature (something they are). Based on the credentials presented, an ACS determines who is allowed, and where and when they are allowed to go.
What are the different types of access control systems?
Once credentials are verified and the access control systems (ACS) grants access to the authorised cardholder, an access control point – which can be a door, turnstile, or other physical barrier where access is electronically controlled – is unlocked and the transaction is recorded by the system.
Currently, the below types of ACS are available:
How do you see the uptake of these systems changing and why?
Criminal cyberactivity evolves at an incredible pace. Today’s cybercriminals are constantly on the lookout for security gaps that will give them access to your facilities or a wide range of important, private and sensitive information.
In our increasingly interconnected world, the potential avenues of exploitation seem greater than ever.
Similarly, the payoffs for gaining access are also on the rise. According to Trustwave’s 2015 Global Security Report, the average cybercriminal can expect a 1,425% return on investment (ROI). When you consider the fact that stolen data can command a high price on the black market or be used to extort an organisation, it’s no surprise that cybercriminals have become more sophisticated and patient.
For many, a poorly maintained or outdated access control systems (ACS) can be the gateway that a cybercriminal needs to look into your network and premises. Historically, ACS manufacturers focused on developing solutions that would secure access as well as manage access rights and cardholders.
But the security landscape has since evolved and new cybersecurity threats have emerged. Now, in addition to effectively securing your premises from physical threats, you must also protect your ACS from criminal cyberactivity.