ISJ Exclusive: Morse Watchmans explores where future meets present in access control

ISJ – April Edition Exclusive

Manual solutions are powerful back-ups to even the most advanced electronic access control systems, reports Morse Watchmans.

The term ‘portal’ generally conjures up two distinct visualisations depending on which side of the security spectrum you fall. For physical security professionals, portal is just another term for a door or entryway. Conversely, cybersecurity professionals think of portals more conceptually as gateways that provide links and directions to multiple sources of information from a single source.

Both types of portals need to be protected and even are co-dependent in their ability to deliver cyber-physical security. To do so effectively requires an unlikely solution that marries the most basic aspects of physical security with today’s modern digitally driven security protocols.

Humans have always possessed the need to keep the things we value most safe. Initially, this involved rudimentary doors to block the entrances to dwellings and ropes to secure valuables. It wasn’t until almost 4000BC in ancient Egypt when the first mechanical locks and keys were made, changing physical access forever.

Not much changed in the world of physical access control for almost 6,000 years. Electronic physical access control systems (PACS) and their accompanying access credentials began popping up around the 1970s and, although this introduced a new level of access technology, the ability to gain entry to a facility was still based around the use of a physical credential. Mobile credentials and advanced biometrics have propelled even higher forms of personal identification and authentication for access applications. However, the use of traditional keys and locks still exists – and there use is critical in the event that all else fails.

Growth and change

The protection of logical (digital) assets grew quickly after data and the applications that manage it moved from mainframes to decentralised servers, personal computers, local and wide area networks (LANs and WANs) and now into the cloud. Just as PACS protect physical portals, logical access control systems (LACS) control an individual’s ability to access computer system resources.

LACS are constantly changing as hackers are enhancing their methods of infiltrating a wide variety of penetration surfaces. One such example is utilising the principal of localised access, wherein once a user is logged in, they only have access to those resources required to perform their duties. Others include implementing manual account lockout resolution processes, where a system administrator needs to manually unlock a user’s account if a bad password is entered.

It’s becoming increasingly clear that physical access and logical access are largely the same, being the first line of defence in protecting portals. But, cyber-physical security can also be taken one step further both literally and practically through better physical access management.

Imagine an on-premises data centre located at an enterprise headquarters or large facility like a medical campus or hospital. Much of the attention given to protecting data most likely focuses on cybersecurity without the same consideration being given to physical security. However, gaining physical access to a data centre would essentially negate any and all of the logical access control solutions in place meant to protect digital portals. This type of inappropriate access could have the same or worse destructive consequences experienced from a cyber-attack. Simply stealing a server, laptop or copying data onto a portable drive produces the same damaging results.

Therein lies a significant gap in cyber-physical security diligence. And, though many physical access technologies can help mitigate physical access to digital assets, many of new products are costly solutions that are difficult to implement. Good old fashioned keys and locks remain a steadfast manual solution to back up advanced electronic access.

Key control and management

It is safe to assume that virtually every facility in operation today still employs keys to secure their physical portals including storage rooms, equipment lockers, file cabinets and more. It is also almost a certainty that whether or not new physical security technologies are deployed, many, if not all of these keys will still be in use. The need to employ a digital solution that controls physical access to physical locking mechanisms is an absolute to ensure protection.

Key control offers a proven solution that allows organisations to protect every type of physical and digital access portal. At their most basic level, key control systems securely protect keys in a key cabinet that can only be released to authorised users based on their permission level, job function, time, date and more. Keys can then be tracked throughout a facility 24/7/365 with alerts issued if a key is overdue or out of place. Once the key has been used, detailed reports are then created allowing for greater oversight and accountability.

The implementation of a key control solution provides another layer of security for myriad cyber-physical security processes and solutions. For example, key control modules can house proximity cards used in access control systems. So, if an individual is looking to gain physical access to a data centre, they would need to have the proper permissions to physically access a key. This added layer   of security allows organisations to better protect all of their assets, people and property.

Key control systems can also be configured to provide unique functionality for data centres. Dual or triple authentication can be implemented on specific keys to more sensitive server cages, requiring that multiple users sign a key out – and back in again – to prevent a single user from simply handing off their key to an unauthorized person. Automated reports are generated by the system and can be configured for delivery to specific users to keep both data centre employees and clients aware of who has accessed a server cage.

Additionally, key control solutions put the logical access principal of localised access into action, which is just another example of the convergence between physical and logical access. With key control, users are only granted physical access to the areas required to perform their job for the period of time they will be there and nothing more. In this way, a key intended for use by one department cannot be accessed by an individual form an unrelated department.

As PACS continue to become more ubiquitous, the economic climate has stopped some organisations from investing in costly, install-intensive access control systems. Furthermore, many organisations, such as historic properties and SMBs, continue to rely heavily on the use of traditional locks and keys. Key control solutions are ideal for such organisations that are looking to increase their physical security without undergoing costly new installs. The latest key control systems also quickly and easily integrate with any new and existing PACS for the ultimate in system interoperability.

Noted cryptographer Stewart Brand once said: “Once a new technology rolls over you, if you’re not part of the steamroller, you’re part of the road.” In other words, if you are not controlling the technology, the technology is controlling you. This is important when applying physical access controls to logical assets and, conversely, logical controls to protect physical portals. Key control systems are one of the rare security solutions designed to truly deliver cyber-physical security.

About Morse Watchmans

Morse Watchmans’ key control and management solutions enhance overall safety by securing, controlling and tracking physical keys and assets.

The company’s key management system allows companies to improve access control to buildings across a variety of industries. Verticals it serves include, airline, automotive, education, government and more.

This article was originally published in the April edition of ISJ. To read your free digital edition, click here.