Show Menu

Enhance Access Control Cheat Sheet (DRAFT) by [deleted]

Security Enhance Access Control

This is a draft cheat sheet. It is a work in progress and is not finished yet.


Whether you’re a large corpor­ation, small company, organi­zation or government agency – a security breach can deal crippling damage to one’s brand and reputa­tion, as well as leave consumers as prey to scenarios like identity theft, virtual robbery or even physical injury. Yet despite new techno­logy, protocols and security best practices, breaches – both virtual and physical – are an all-to­o-c­ommon scenario.

Here are some new axioms, best practices and technology capabi­lities that will act as drivers to improving access control in the immediate future and become the standard in the coming years.

1. Security is Not Limited to the Front Door

Security must encompass more than the front door: Most security checkp­oints are located just beyond the front entrance. But today’s solutions also need to track what’s happening once an employee is inside. To effect­ively enhance security, we need to know who is doing what, where and when at all times. Ignorance isn’t bliss, and it can quickly leave you maimed if you’re not careful.

2. Solving lost and stolen badges

Human error can quickly lead to a large break-in if just a single badge is misplaced or stolen. And the RFID badge system is riddled with flaws. In 2015, for example, more than 1,400 security badges went missing from Atlanta’s Hartsf­iel­d-J­ackson Intern­ational Airport, which could grant access to private baggage areas, tarmacs and other secure locations. Even if they’re not physically stolen, most RFID badges can be quickly cloned undetected by the user. Elimin­ating this challenge requires more than a simple PIN number – we need multiple authen­tic­ation methods that cannot be counte­rfe­ited.

3. Elimin­ating badge abuse

We like to believe that an employee won’t abuse their badge and security clearance – but all it takes is one rotten apple to spoil the whole bunch. A unique PIN can be assigned to prevent the use of stolen badges, but what if an insider decides to sell that inform­ation? There are several ways to be nearly 100 percent sure the person opening the door is who they say they are – and they don’t require implants.

Biometric authen­tic­ation – such as retina, finger­print or facial recogn­ition – is just one way to prevent this type of badge abuse.

Advanced Access Control

4. Preventing tailgating and piggyb­acking

A badge system can prohibit an intruder from entering, but not if someone on the inside opens the door first. These types of scenarios happen all the time – both intent­ionally and uninte­nti­onally – and leave otherwise highly secured areas extremely vulner­able. To solve this, it’s not enough to just know who scanned the badge – we need to know who (and how many) actually entered with them.

5. Improving emergency response

Unfort­una­tely, the need for emergency response has become an all too common occurr­ence. And response times have a direct correl­ation to the severity of damage from a breach. Systems today lack the most critical feature to improving response time – which is identi­fying and relaying the exact location of the emergency.

First responders would benefit greatly if they could verify the authen­ticity and exact location of an emergency at any time. It’s not enough to know which building, but rather which room and which level.

6. Building business intell­igence

For good reason, our world is becoming more and more data driven. And by improving the way we monitor employees and access control, we can unlock a huge stream of untapped inform­ation. These insights could range from better unders­tanding the routines and processes of staff to improve produc­tivity, to better identi­fying threats and breaches before they have a chance to strike.