If you don’t like change, the last two years have been a challenge. While change has always been around, the pandemic has accelerated the pace, and old ways of securing buildings and data aren’t meeting today’s needs.
Organizations have spent a lot of time, energy and money responding to the need to enable and secure remote work. When it’s time for a return to the office, tomorrow’s office environment won’t be like yesterday’s.
That’s because remote work is here to stay. Which means that visits to the office will be frequent for some employees and less frequent for others. In the past, entrances were set up to sort out employees from visitors, with specific methods established to authenticate each group. This is changing. With work styles and office schedules becoming more individualized, everyone entering the building will be considered a visitor for security purposes.
Securing Rooms with Sensitive Equipment
Modern security at building entrances and rooms isn’t just about securing people and property. According to IBM, 10 percent of data breaches are a result of a physical breach. Interestingly, the probability of a successful phishing attack is about the same.
Rooms or closets with sensitive networking, telecommunications or computing equipment are the soft underbelly of many organizations. Even if card-based security works for your organization at the entrance, securing sensitive equipment inside the building is critical.
Data security laws and standards such as SOC2, HIPAA and GDPR require a thoughtful approach to the physical security of sensitive equipment. If a key, card, fob or badge is the only credential required to access sensitive rooms, you’re probably out of compliance with at least one law or standard. And you’re vulnerable to a physical breach that can lead to a data breach.
In our October 2021 blog post, we discussed the advantages of facial recognition technology as a replacement for traditional cards, badges and fobs to authenticate visitors at the entrance, and this technology can also be used to secure rooms.
But not every organization is ready to completely redesign its access control system. If you’re comfortable with the level of security your current access control system provides at entrances, you can add multi-factor authentication (MFA) at doors to sensitive rooms to ensure compliance and close a common vulnerability.
MFA for Building and Room Access Control
Bioconnect and HID Global are IST strategic technology partners that have developed MFA methods that loops smartphones into the existing authentication stream as an add-on to card security. These systems are flexible and scalable, and are easy to use because they are similar to MFA methods people use every day to access online resources and smartphones.
Mobile authenticators from Bioconnect include push notifications, where users verify their identity by entering a code displayed on their smartphone in addition to swiping a card or fob. Of course, it’s possible that a person’s access card and smartphone can be stolen, so Bioconnect also offers facial recognition as a second authentication factor.
Biometric information that’s properly encrypted is extremely difficult to hack, and modern biometric technologies have safeguards against spoofing. For example, HID Global uses multispectral imaging technology to not just scan the surface of the face, but also the subsurface of the skin, producing an image so detailed that it can’t be replicated.
Find the right partner
Before jumping face first into a new MFA solution for building and room access, it’s important to understand that the number of MFA options for building and room access have exploded in recent months. Sorting out the best solution based on your unique situation can be a challenge without an experienced partner to provide guidance.
At IST, we’ve seen our share of change, both in the evolution of security needs and solutions, and in the business and compliance requirements that drive change. And we’ve seen changes in many industries.
There are many factors to consider with any new security technology purchase, including integration with existing systems. We can help you understand which MFA options have the most value for your situation, and help you develop a solution that works, works well with your existing systems, and can be supported throughout the solution’s life cycle.
Equipment security is just one way that IST helps customers be secure from every angle. Contact us today and let us know what your biggest security challenges are.