Methods for Enhancing Building Access Control

Whether you have a building that has successfully used the same access control protocols for years or one that needs change, this coming quarter of 2019 is a good time to consider reassessing the system and procedures you use. Critically, if you are not using any form of access control, consider adding it as part of your security plan sooner rather than later.

Having a solid access control system and policies in place will help keep your occupants, assets, and property safe by ensuring secure access for the right people to the right segments of your property.

Sitting next to surveillance and maintaining a human presence on-site, a system of electronic access control completes a triad of safety, and will be designed to take into account the design of the building, any complementary security systems, and training for those who will use it. Following are three things to think about when working with a security integrator to design and implement electronic access control on your properties.

 

1. Setting Access Levels

Borrowing a page from the “Zero-Trust” doctrine of info-sec administrators, it is important to think with the mind of the potential aggressors you are implementing the system to protect yourself against. There will be people who simply do not need access to all levels of a building, and before deciding who should have what level of access, the building itself should be examined to determine points of exposure.

It can be useful to take a map of the structure and break it down into zones of different colors according to the access or security level needed. Then you can decide who can have access and associate time and date restrictions to those identities.

It will generally make sense for the majority of employees to enter and exit through a single point of entry, so as to more easily monitor who is in and out of the building. From there, branch out and look at the rooms inside. Set a protocol in place to make sure everyone has the right level of access for their needs, but nothing more. Modern systems will create a “digital fingerprint” for each person granted access, able to track their movements and any times they accessed specific areas.

 

2. Audit Access

A common trap to fall into is an over-issuing of key fobs or cards over time. As people report losing cards or forget them, it is often simplest to issue another right then and there. Of course, this creates significant security concerns overtime with duplicate access cards potentially being available for malicious use. To manage this, facility admins must either audit the system regularly or set automatic time-out features to the cards.

 

These features could include:

-Access denied if the card has not been used within a set amount of time

-Self-expiration of the card

-The direct connection of the card to a database that will be managed personally or by an administrator

 

In the event that third-party employees require access, a separate database can be created. Using a specific search term for these contractors will differentiate them within the database.

 

3. Perform Periodic Testing and Protocol Assurance

Just like any other electronic system, regular testing and updating of drivers is necessary. Security flaws are repaired through patches by the vendor, and if you fail to update, the potential for threat actors to take advantage of that failure exists.

Furthermore, without the assurance of procedures and protocols surrounding the use of these systems, their value is greatly reduced. For instance, a simple but popular method of building intrusion called “tailgating” relies upon our social tendency towards politeness over security assurance. In this attack, the threat actor simply follows closely behind someone accessing the building and relies on them holding the door for them.

This is actually one of the most difficult to control threats to an access control system due to its simplicity and zero-tech approach. Having multiple layers of security, man-traps, and other fail-safes massively reduces the success rate of “tailgating”. Protocol should assume anyone who cannot present a card or other provided identifier to be a potential threat.

 

Security Technology of South Texas is happy to offer
custom access control and surveillance solutions to the
business security market, designed either turn-key and from the ground up,
or integrated into an already existing series of cameras and access control
structures.

Please contact us through email at admin@gostst.com

or by phone at 210-446-4863 24/7 to schedule a consultation.

Learning to Leverage Biometrics in Access Control Environments

The biometrics ecosystem is evolving at a rapid pace and providing incredible benefits to enterprises that adopt the technology, especially when these now-commonplace features are applied for cybersecurity.

Although people are already familiar with using a thumbprint or facial recognition to unlock their mobile device or complete an online purchase with it, the real power of biometrics extends far beyond these simple features and experiences.

As massive data breaches spilling millions of user passwords and shared secrets become a familiar part of our everyday lives, so does the reality of malicious hackers leveraging these credentials to cause widespread damage. Due to the sheer number of compromised user credentials available from these spills identity theft is at an all-time high, potential GDPR fines loom over many organizations, and there is an atmosphere of distrust.

This is where biometrics can provide an answer because these features we rely on for convenience can also have a groundbreaking impact on security and privacy. Providing that we follow a hard and fast rule — that biometrics are combined with public-key cryptography.

In order to properly leverage biometrics, however, IT and security teams should first understand the key elements that make it such a powerful tool to combat today’s ever-evolving threat landscape and, how to begin implementing it without requiring a complete overhaul of security infrastructure.

The Biometrics Ecosystem

One of the most powerful aspects of the biometrics ecosystem as it relates to cybersecurity is that it replaces the shared “something you know” factor of user authentication with the difficult to reproduce “something you are” factor. Whereas passwords and shared secrets can be stolen and duplicated, every person’s biometrics are completely unique.

In turn the devices that match biometrics to their enrolled templates have grown in sophistication and are already in our hands. The vast majority of sensors on modern mobile devices have a 1/50,000 minimum false acceptance rate (FAR) which makes it extremely difficult to mimic a biometric template.

Using these sensors paired with standards-based authentication such as Fast IDentity Online (FIDO) protocols that eliminates shared secrets creates significant friction for the bad actors who weaponize credentials for fraud through account takeover. It also disrupts a hacker’s attack vector (and thus their economic model) as they can no longer focus on huge server stockpiles of user credentials and must instead go to individual devices to attempt to obtain a single user’s credentials.

This shift makes it virtually impossible to have the mass credential breaches like the ones we are experiencing on an almost daily basis today.

Select a Use Case and a Secure Model

When launching a biometrics strategy, IT and security teams should look for areas where biometrics can have the greatest effect while creating the least amount of friction, and begin deploying the capabilities there. Oftentimes this is with internal facing applications that don’t directly impact customers. Or, they can take the route of securing consumer-facing apps since biometrics are so popular with their users and consumer devices with advanced capabilities are readily available.

Even the most forward-thinking organizations can balk at biometrics when they think it requires an unmanageable set of changes, such as the addition of special hardware, gutting of associated solutions or the taking on of unacceptable kinds of risk such as custodianship of biometrics.

However, the best way to implement biometrics into the security framework is through a deliberate and gradual process using a solution that is built upon mobile-centric FIDO standards. FIDO-based solutions are built to play nicely with security products already in place, and the strength of the standard ensures that users — not the enterprise — are the stewards of biometrics.

Make User Experience A Top Priority

Finally, despite all of the security benefits the biometrics ecosystem provides, if the user experience is clunky it will be difficult for users to adopt. The good news is that providing an easy-to-use, uniform experience for biometrics is rather simple due to the sophistication of today’s mobile devices. Every employee already has a company or personal smartphone and experience using biometrics to unlock the phone make a payment.

The biometrics ecosystem provides incredible opportunity to create a more secure online world while building upon the experience smartphones have proven to deliver their users. Enterprises that want to roll out biometrics-based services today are poised to fully capitalize on it.

Thanks to the sophistication and ubiquity of the devices, and to the availability of solutions built upon open standards-based decentralized architectures, migrating to a true password-less state is within reach. Once it’s deployed — even on a limited basis — my guess is that the enterprise will begin to see other areas for implementation across the enterprise.

 

Security Technology of South Texas is an authorized integrator for many surveillance and access control manufacturers and has designed systems with this kind of functionality. Biometrics is particularly useful in enterprise scale operations, various campuses, as well as car dealerships or any other large property where tight security is necessary.

Please contact us at  admin@gostst.com on our website
or via phone at  210-446-4863   24/7

Fully Integrated Security and Access  Control with Alarm.com


Alarm.com is an all-inclusive business security and access control service that we offer our clients for easy access and constant updates from their work sites and businesses. The technology is specifically engineered for small and medium size business owners, and combines intelligent intrusion detection, video surveillance, access control and energy management into one cost-effective solution which is accessible from any computer, phone or other smart device.

———————————————————————————————————————————–

Their all-encompassing “Smarter Business Security” solution allows the site manager to know if someone accessed a room after hours, determine false from real alarms, and provides real-time notifications. It also features remote control and auto arming, allowing you to know what is happening at your business or work site and that it is secure regardless of your location. The integrated smart thermostat eliminates waste from heating and cooling when nobody is present and helps save automatically if management forgets to turn off the AC or heating during closing hours.
———————————————————————————————————————————–
Not only will Alarm.com integrate with your on-site cameras, it is also a fully fledged access management solution as well. From a small team of just 5 to up to hundreds of employees, this technology allows management of multiple access plans centrally, with the ability to remotely lock or unlock doors and monitor activity at multiple sites if necessary. This solution integrates with industry leading hardware manufacturers, making it easy to step up access control measures without the need to replace locks and card readers already installed. This helps keep costs down as much of the price of new access control solutions is driven by the installation of new on-site hardware, costing many thousands.
———————————————————————————————————————————–
The Alarm.com solution for businesses is fully supported from their professional local Service Providers to ensure dependable and up-to-date service. This seamlessly integrated suite of business solutions will include intrusion, video, and energy management all through a single app, consolidating power into your hands and eliminating the need for a monitoring service.
———————————————————————————————————————————–
Furthermore, using data generated from the app, business owners can garner valuable insights into activity trends, allowing them to make smarter decision with respect to staffing, promotions, and energy use. The app generates simple and easy to understand reports which show activity patterns across entire work sites and business operations, helping to point out any unexpected changes.
———————————————————————————————————————————–
For example, visualized trends include open/close trends for each location and allow you to identify peak periods of activity and customer traffic. Previously unknown activity can be uncovered such as unexpected after hours entry by employees or intruders. Any doors left propped open can also be detected, eliminating energy waste and helping to mitigate security concerns. An historic timestamp of which users armed and disarmed the system is also kept for later review if necessary. Both single-site and multi-site reports can be generated on either a daily, weekly, or monthly schedule.
———————————————————————————————————————————–
Security Technology of South Texas is happy to offer custom access control and surveillance solutions to the business security market, designed either turn-key and from the ground up, or integrated into an already existing series of cameras and access control structures.

Please contact us through email at admin@gostst.com

or by phone at 210-446-4863 24/7 to schedule a consultation.

Protection and Integration of Legacy Access Control Systems

—————————————————————————————————————————————–

When you install the infrastructure to support an enterprise grade access control system, the expectation is that it will last and be operable for a long time. Over time, physical access control has merged increasingly with networking services, which leads these systems to be vulnerable to threats associated with always-on network connections that they did not have to contend with in the past. This leaves us entering the 2020’s with many legacy systems having multiple exposed attack surfaces and new potential risks as IoT integration moves forwards and clients expect full availability and connectivity on their smart devices.
—————————————————————————————————————————————-
One method which we have placed great emphasis on is Avigilon’s “Blue” Platform, a nearly “Plug-and-Play” device that allows takeover and integration of IP devices into older systems while still maintaining the integrity and operation of the existing infrastructure. The specifics of “Blue” have been discussed in depth in previous articles.
It is critical that integrators installing upgrades to existing access control systems ensure that all software and drivers are up to date so that exploits are covered. The more IP devices, the more potential points of attack exist to disable physical infrastructure for access control systems, and this is why it is so important that the client make sure to keep up with manufacturer patches and updates as soon as they are released, as attackers will be aware of exploits, in many cases, before patches come out as a solution.
—————————————————————————————————————————————–
Another solution STST offers is Frontsteps access control technology. A key aspect of Frontsteps solution is “Mobile Patrol”. The fully mobile application allows security admins instant access “to patrol status updates and critical information, like incident reports and messaging.” (Frontsteps.com) Guards can give live updates in just seconds and share information for different checkpoints along a given patrol route. GPS GeoTagging assists in this process. This vastly improves the productivity and accountability of security staff as they must check in to their patrol checkpoints.
Security Technology of South Texas is happy to offer custom access control and surveillance solutions to the business security market, designed either turn-key and from the ground up, or integrated into an already existing series of cameras and access control structures.
—————————————————————————————————————————————–
Please contact us through email at admin@gostst.com
or by phone at 210-446-4863 24/7 to schedule a consultation.