Access control: endless possibilities.
The world of access control systems (ACS) has changed dramatically. What was once used only to open doors now improves information security, helps increase productivity and manage resources more efficiently, expands guest access capabilities, and enables revenue generation where previously the end user only had costs.
In today's world, when most information is stored electronically, ensuring the security of both physical and logical assets is a major concern. «Protecting physical property and software that contains intellectual and commercial value is vital to a company's success and future growth,» says Eric Joseph, Technical Support Manager at Lenel Systems International (UTC Fire & Security).
Access control for IT resources usually consists of only differentiating access rights by username and password. However, according to Tim Phipps, Head of Identity and Access Control in Europe, Middle East and Africa (EMEA) at HID Global, with the growing number of different software applications in the enterprise, many employees have to remember too many username and password combinations, which is very inconvenient in their work. “People often forget their login details, which leads to their accounts being locked out and prevents them from doing their work. Even worse, some irresponsible employees write down their passwords on a piece of paper, which greatly increases the likelihood of them being stolen or used incorrectly,” says the expert from HID Global.
This is why many leading ACS manufacturers are working to combine systems and applications that use smart cards for physical and logical access control and management to create a single, one-time registration. “Using a smart card along with passwords provides an additional level of security,” says Joseph. “But now, with the advent of more secure identification technologies, we can safely use single registration.” Single registration is undoubtedly a tool for increasing business efficiency, since the user only needs to enter their data once to access all permitted resources: various network applications, databases and platforms. This includes improved Windows and web applications, as well as server and terminal solutions. After all, users often do not log out of the system and do not lock their workstations when leaving their workplace. When using a smart card to log in, the logout will be performed immediately upon removing the card from the computer, and the possibility of leaving the workstation unprotected is significantly reduced, if not completely eliminated. Moreover, if the physical and logical access control systems are integrated, then when the cardholder leaves the building, his account can be disabled, making it impossible to access his computer at all while the person is outside the building.
Integrated Physical and Logical Access Control Applications
To enhance IT security, the smart card is embedded with a powerful contact microchip that supports public key infrastructure (PKI) encryption methods. According to Phipps, public key encryption is an industry standard for information exchange and secure interaction in IT systems. It is based on the use of pairs of public and private keys stored in digital certificates that are unique to each user.
«Using public key infrastructure support, you can encrypt documents and digitally sign messages, such as email, so that the sender and recipient of the email can be confident that the message is authentic and has not been read or altered,» Phipps says.
Microsoft applications such as Word, Excel, Powerpoint, and Exchange fully support smart cards. You can also use a smart card to restrict access to a sensitive Word document, such as contracts or purchase orders, or use it to control changes to financial or customer data in Excel documents.
Other applications support restricting access to VPN (virtual private network) networks, thin client, and pre-boot authentication solutions.
Since the credentials that define access rights are stored on the smart card, they are portable and can be taken anywhere. This means that the user can be identified and granted the appropriate level of access to the company's buildings and IT resources, even if he or she has to work in different locations, while traveling or at home.
Business Management
The business management application, as part of an integrated access control system, collects all the information from the access control system and uses business rules from other systems. Through software integration, business management systems such as time and attendance and enterprise resource planning (ERP) systems can exchange information. “The same information provided by the security management subsystem is valuable to other areas of the business. Combining the business and security subsystems maximizes the value of both for the user,” says Eric Joseph, head of technical support at Lenel Systems International (UTC Fire & Security). “For example, events from the security subsystem can immediately provide the business management system with information about new or terminated employees, and can also be used by the payroll system to calculate compensation.”As an example, Joseph cites a business management program that operates under the rules set out in the Sarbanes-Oxley Act. “The separation of duties under Sarbanes-Oxley means that responsibility for processing customer orders must be shared among multiple people to ensure the integrity of the process and information. Often, these people are in different areas of the business, which means that access from outside the process can be managed to some extent,” Joseph notes.
Integrating physical access control and business management software helps organizations comply with regulations. Other examples include monitoring the number of hours a worker has spent in a hazardous or dangerous environment, such as a coal mine, or restricting access to those who have not been properly trained and instructed. These issues can be easily addressed with an integrated ACS.
Human Resources (HR) also benefits from integration. Eric Joseph points out that all the information about new employees that the HR department enters into the database can be transferred to the security management system, eliminating duplicate data entry work, significantly reducing the risk of errors and improving overall efficiency. Security systems can provide very valuable information to the user. Data on the employee's clock-in and clock-out times, the number of employees in a certain location, and information on the location of a specific employee within the enterprise are definitely valuable and can be easily retrieved from the ACS.
If an employee holds the position of IT manager, this information from the HR database is transferred to the access control system database so that the employee has the appropriate access rights to certain areas, such as the server room.
Previously, a new employee, such as Amy Smith, might be entered into the payroll database as «A Smith.» This discrepancy was inconvenient and confusing. With an integrated physical and logical access control system, users can cross-reference information from multiple data sources. When Amy Smith's employment ends, once her information is removed from the database, her account is also removed from the payroll, physical and logical access control systems.
Another application is timekeeping. Before the integrated system was implemented, a Korean police station kept records of officers’ attendance at their daily morning meeting in the form of handwritten reports – an often inaccurate and tedious process. “Now, officers only need to scan their card into a handheld controller before the meeting, and the management software will automatically generate a report immediately after the meeting,” says an IDTECK representative.
There are other applications for the system. With the 24-hour gym business on the rise, owners need to better manage physical access to the gym and to customer databases. “Basically, the membership payment software is running the ACS,” says Jerry Graciano, head of affiliate development at Brivo. “The data entered into the payment system is entered once, and then it’s sent to the ACS server in real time.”
Gym owners can enter member data, along with bank account and credit card information, into the payment system, which then feeds it into the physical access control system. If the member’s card expires, access to the building is automatically blocked.
Such solutions enable users to receive notifications via email or mobile phone with subsequent access to the system (payment and control and management of physical access) online via a web interface.
Integrated solutions save money
Companies that issue fuel cards to employees are extremely interested in strict control of fuel purchases. The ACS reader can now be installed on a gas station pump. The user only needs to attach the company's fuel card to the reader and enter the distance in miles.
«The access control system readers can interact with the fuel dispensers, and the amount of petrol sold is automatically recorded and sent to the user's company. This solution will conquer a large market,» says David Benhammou, president of CDVI. In Europe, petrol stations are required by law to install video cameras to improve security. They can be used to control the legality of card use by comparing the photo of the person filling up with the card with a photo in the database. Cameras can also be used to identify the vehicle's license plate with the car number in the database.
Parking and guest parking also use such solutions to manage parking spaces. Physical access control and management systems can be integrated with parking management systems. “Our XML API technology allows different systems to exchange data in XML format so that they understand each other,” says Jerry Graziano.
“Now all the landlords use a common interface to allocate parking, all the parking spaces are distributed among them, and the available spaces are in a single bank, and they can be allocated at the right time,” says Graziano. Guests receive a parking permit for their vehicle. Each permit has an embedded microchip that can be remotely programmed by the landlord. The chip can store a variety of data, including the date of arrival and departure from the hotel. The parking management program can be integrated into reservation and user rights management systems in other public places, such as spas or fitness centers.
Another application of the integrated access control system, which is welcomed by customers, is cashless sales.
A representative of VMC House, a provider of cashless payment solutions, explained: “Smart card users can load a certain amount of money onto the card. This card can be used for purchases from vending machines, payments in the company canteen or at any POS terminals located in the office or on the premises.”
At the same time, cashless technology provides additional benefits, such as reduced costs for handling cash, faster transactions, greater convenience, since a person does not have to remember to take money for purchases, there is no need to carry change in his pocket.
IDTECK integrated its portable ACS controller with restaurant software. Now, before ordering a dish, an employee scans his proximity card, and at the end of the meal, the software automatically calculates the cost of the dish and deducts this amount from the upcoming salary.
Promising markets
Integrated ACS will be in high demand in the financial sector, since the main object of banking security is information, which is distinguished by its complexity and sensitivity to risks. For example, an integrated solution from Novel and Imprivata can be used to protect information and organize secure access.
“If a user does not have access to the door, he does not have access to information. The possibility of hacking a bank’s information security system using a fake VPN is minimized,” says Vineet Nargolwala, CEO of Honeywell Systems Group in the EMEA region.
Integrated access control solutions are increasingly common in retail, since they provide significant benefits due to information exchange. With the help of ACS, video surveillance, security and information management, users not only control the entry and exit of personnel, but also track the delivery and consumption of goods, customer flow, PoS databases and customer information.
Source: http://asmag/showpost/8028.aspx