… about physical access control systems
Acceptance is growing that it’s not a case of if an organisation will suffer a data breach, but when such an event will occur. An organisation that can effectively manage a data breach due to some new form of attack is likely to be treated more sympathetically by customers and regulators than one that suffers a breach because it failed to cover the security basics.
GETTING THE BASICS RIGHT IS CRUCIAL
ISO 27001 is the international standard for information security management systems, with accompanying guidelines that cover physical access controls given in ISO 27002. This cites the need to prevent unauthorized physical access to IT equipment and supporting utilities such as power and air conditioning. Electronic access controls for doors and server racks, using RFID cards or fobs, are usually installed to meet these requirements and provide access audit trails. However, within an ever changing threat landscape, the security of such systems should not be assumed to be adequate just because they bear an established brand. Access control systems can help, or hinder, information security and compliance requirements, as described below.
INFORMATION SECURITY RISKS
Additionally, organisations should ensure that they understand the risks involved in relying on suppliers to pre-encode their RFID cards, or better still make ensure they have sole control over the security keys and systems required to encode the cards themselves, so as to only work with their access control system.
Although historically the proprietary nature of many physical access control systems has obstructed organisations from taking a holistic approach, modern IP connected and standards-based, integrated solutions now make it easier to achieve wider security benefits, such as:
Developed by IT security professionals, EdgeConnector was designed from the outset to be an integral part of a secure network infrastructure, rather than linking in separate physical access control systems. EdgeConnector works in real time together with IP-connected wireless locks from Assa Abloy’s Aperio range and IP door controllers from Axis Communications and HID Global, together with an extensive range of credential readers that includes highly secure RFID, biometric and NFC/BLE phone readers from STid and HID.