Robust information security implies using a number of organizational and technical measures to safeguard your information, as well as physically protect your data from various threats. Cyberattacks today may be targeted at more than one system, which means that you need comprehensive cybersecurity systems to mitigate them.
It is evident that a single protection tool, no matter how advanced and effective, cannot avert all applicable cyber threats. For example, even when you are using a comprehensive security system, it may still be vulnerable if your users have weak passwords that can be easily cracked, such as "123456". Even the most advanced tools designed for protecting your company's information systems won't make sense in this case since critical vulnerability lies at the very core of your security system.
On the other hand, it would be wrong to assume that all cyber threats are purely digital in nature and having comprehensive technical security would be enough to protect your corporate resources.
For example, strong user authentication is often used for remote sessions, while local access may still be protected with regular passwords. When additional authentication factors are used for connections to public resources, one often disregards the most important question: Why is this necessary in the first place? The purpose of strong authentication, as a remote access security tool, goes beyond preventing free use of passwords by attackers in the context of uncontrolled connections. The first reason why alternative authentication factors offering higher security levels, as well as additional methods to protect remote desktops and public resources, may be required lies in the fact that physical protection of information may be unattainable in certain situations (when you cannot introduce entrance checkpoints, use video surveillance, install lockable doors, safes, etc.).
At the same time, physical protection of information resources is just as important as the technological means used to safeguard your data. This is why physical access security and control require no less attention than the protection of logical access.
Both of these processes related to access security rely on the same subprocesses:
- User registration
- User identification and authentication
- Controlled access of your access subjects (employees or users) to your access objects (premises or IT resources)
Given their similar structure, the two processes can work in concert and complement each other. For example, you may want your employees to be able to log in and connect to your corporate resources in the designated rooms only. This may sound too obvious, and this is why this arrangement may not get as much attention as it deserves. The fact that an insider who was able to steal a login and password of a legitimate user may try to log into the system from their workstation is often overlooked.
If your company uses simple password authentication coupled with geolocation, you can say that what you actually have is a full-scale two-factor authentication since two factors, password and geolocation, are required for gaining access to your resources. The room itself is also protected, with access available only to authorized employees. RFID cards designed for physical Access Monitoring and Control Systems (AMCS) are often used for this purpose.
In order to enable two-factor authentication (password and employee geolocation) at your company, you need to integrate your AMCS system with another access security and control solution intended for individual workstations. At the same time, this solution must support contactless RFID cards that can be used both for authorization at desktops located in protected spaces and for gaining access to other less critical workstations located in public areas (for example, terminals at production shops).
Thanks to the specialized solutions designed for integrating your AMCS system with the access security and control tools, you can get a strong authentication system that takes note of the employees' geolocation on the company premises.
The Indeed AM platform supports not only system integration, but also contactless RFID cards that can be used for gaining access to your premises, desktop authorization in protected spaces or at other less critical workstations (such as terminals at production shops). It should be noted that the use of passwords or PIN codes is highly advisable for desktop authorization in protected spaces.
With AMCS integration, the Indeed AM platform enables various access protection scenarios (depending on usability, security, and maintenance cost requirements). The following scenarios are available:
- A single RFID card used to gain physical access to premises and for desktop authorization
- A single RFID card used to gain physical access to premises, for authorization at desktops, in corporate applications and web applications installed on workstations (via the Enterprise Single Sign-On module)
- Biometric data used for AMCS access and desktop authorization
- An RFID card or biometric data used for AMCS access, other authentication factors used for desktop authorization in protected spaces
- A smart card with an RFID tag and a secure vault used as a single device for all user identification and authentication scenarios
The integration of physical and logical access management systems not only boosts the efficiency of the information security system, but also helps you ensure its high usability, as well as reduce costs when a single hardware device is used for all user identification and authentication tasks.
- Active Directory
RFID card models
- HID Prox
- HID iClass
Static biometric identification and authentication technology
- Palm vein pattern
- Face geometry (2D and 3D)
Biometric scanner models
- Fujitsu PalmSecure (palm vein pattern)
- Intel RealSense (3D face)
- BioSmart PalmJet (palm vein pattern)
- Futronic FS-80 (fingerprints)
- Full HD web cameras by any manufacturer (2D facial recognition)
Third-party security solution integration
- Permission and user account management solutions: Solar inRights, 1IDM, Cube, Microsoft FIM, and IBM Tivoli Identity Manager
- Solutions for information security event monitoring and correlation: SIEM solutions
- Access monitoring and control solutions: Bastion, Orion (Bolid), and TSS AMCS (Seven Seals)