For some time now, an ongoing drive for converged solutions has dominated the security debate across corporate management.
A simplistic version of events is that task consolidation helps to realise reduced costs. While that may be an undercurrent bolstering the convergence movement in these austere financial times, there’s far more to it than mere pounds and pence.
Converged solutions actively assist companies in meeting their regulatory requirements and obligations while helping to enforce consistency of policy.
Information as assets
At least in part, the convergence movement is motivated by due recognition that business assets are increasingly information-based. In today’s commercial landscape, information assets demand every bit as much attention as do their physical cousins — if not more, some would argue.
One need only converse with recognised experts from ASIS, ISACA, and ISSA — co-founders of the Alliance for Enterprise Security Risk Management — to support and develop that statement.
This overriding desire for convergence is mirrored in the access control solutions market. For operational convenience, end-users now increasingly crave a single credential that will allow — in the first instance — access to buildings, followed swiftly by an ability for personnel to log on to the company network with that same credential and, subsequently, access remote networks without the necessity for any one-time password tokens or key fobs.
Such solutions are not just about convenience, either. Importantly, it’s a more secure response to the situation. Why? Converged access control permits far stronger authentication throughout a given company’s IT backbone and doesn’t solely focus on defence at the perimeter.
By extension, organisations are able to leverage their existing credential investments, appending logical access control for network access on the way towards energising multi-layered and fully interoperable security solutions that truly span their networks, systems, and physical facilities.
That’s one trend in the access control space, then, but what of the others as we rapidly approach the 40th Anniversary edition of IFSEC International?
Contactless smart cards
Card technologies are themselves continuing to evolve from prox to magstripe and on to ‘smart’ variants. Contactless smart cards founded on open standards are viewed by many as the ‘Holy Grail’.
More and more layers of additional security are being added, be they purely digital or visual. Meantime, card storage capacities are expanding to accommodate the latest biometrics as well as other multi-factor forms of authentication.
One of the $64,000 (₤42,000!) questions here is: ‘Will Near Field Communication (NFC)-enabled smartphones come to replace physical smart cards in the years ahead?’
Received wisdom suggests the answer is: ‘No’. It’s more likely the case that the two will coexist as part of overall physical access control solutions.
In terms of developing NFC-enabled projects, the security sector spent much of 2012 laying a solid base from which to build mobile access control solutions.
If widespread adoption is to take place, though, a distinct ecosystem has to continually evolve and include widely available and secure handsets, readers, and locks that can recognise digital keys embraced by those handsets and service providers able to deliver and manage mobile credentials duly created.
Speaking of mobile credentials… One trend witnessed of late is that some organisations have begun to outsource what might best be described as traditional ‘badged’ access control solutions to those offering services in the cloud. Put simply, mobile devices could be connected to the network via, for example, a link that’s WiFi-enabled.
A further approach is derived by making use of mobile network operators ‘over the air’. New applications can be pushed out to the NFC-enabled phones in much the same way that apps and music may be downloaded by consumers in the social environment. The idea is that multi-factor authentication is then transformed into a managed service run in the real-time arena.
Last, but not least, what about BYOD (bring your own device)? Companies may save money on technology while employees can work with chosen systems that might just boost staff productivity and/or morale. However, key company information could be rendered somewhat less secure.
With a recent Logicalis study suggesting that only 20 percent of employees surveyed had signed a BYOD policy, there’s clearly much work still to be done here.
Brian Sims is organising the content for the Access Control Area of IFSEC International 2013. To register for the show, please visit IFSEC International 2013.
Subscribe to the IFSEC Insider weekly newsletters
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
I have some experience of linking building electronic access control cards with logical access and I do believe its the future especially with the smart cards these days. Making the whole “access experience” user-friendly AND secure must be a good path to journey along. Simple things like the system knowing the person accessing the network is actually inside the building where access is being requested would also be good for ensuring good security behaviours, i.e. if you tailgate you won’t be able to access the network! The only drawback with the system I used was that the access card had… Read more »
Yeah, I’ve seen some that claim to detect the card up to 2m away so this would certainly help. Though tying that card to the specific device you’re nearest would be difficult. Or if you walked past someone elses terminal and affected their login that might cause problems.
I know it’s a nice idea but I’m still not convinced by the idea of smartphones being used as entry tokens. I think where it would work best would be at events perhaps with controlled access. Instead of an e-ticket or (God forbid) a physical ticket, you get sent something that enables your phone as a 1-time access token to the venue. Any thoughts from anyone else on NFC smartphones for access?
How do i get the NFC PHONES?
Rob. Good point on using smart phones for access to concerts, etc. Many of the smaller provincial venues are adopting this technique. You merely show a text that you are sent on booking when you arrive at the venue and the door staff check this information against the printed list that they hold. I’ve had experience of this once or twice and it’s great. Very efficient.
But imagine it at a massive venue. I went to the Emirates at the weekend with a season ticket – a plastic access card that you use year-round. It was a world away from Oxford’s Kassam Stadium and paper studs, but imagine just holding you NFC-enabled phone which only you own. One less thing to carry.