The security landscape is changing at a rapid pace.
The emergence of new threats as new channels are introduced and the increasing sophistication of criminals has forced organisations to re-evaluate their security strategy. Nevertheless, many avoid or delay change, commonly due to concerns over IT budgets or disruptions to productivity and workflow.
There are also other factors besides anticipating and preventing increased threats and improving existing (and often inadequate) card-based security. Increased user demand for more convenience and a seamless user experience creates a compelling argument for a platform that supports multiple applications on a single smart card or, in the future, a mobile device.
Simultaneously, organisations must also cope with infrastructural IT changes that increasingly impact the physical access control infrastructure.
But no organisation has a crystal ball to tell them what their needs might be in five or 10 years time. Thanks to growing interoperability between applications, however, end users increasingly have the ability not just to meet today’s security requirements but give their systems the agility to adapt to future needs.
While migration from legacy to today’s technology does require some investment, there will be a return on that budget commitment. From lower insurance premiums due to better risk management to the costs saved by preventing disasters, which could impact both the workforce and customers, the benefits are numerous.
One major concern for organisations is preserving earlier infrastructure investments as they move to new technologies and capabilities. The issue is that legacy security solutions are vulnerable in today’s threat landscape; their proprietary, static technology makes them easy targets, and they can’t support new technologies and capabilities.
Organisations could end up with a weakened defence, costly maintenance on older systems, and frustrated users who demand a better experience.
Organisations need dynamic solutions that are adaptable to their changing needs and industry best practices, with these three factors paramount:
Interoperability and leveraging standards: Organisations such as the Security Industry Association (SIA), The Smart Card Alliance, Physical Security Interoperability Alliance (PSIA) and Open Network Video Interface Forum (ONVIF) are addressing the challenge of ensuring that access control components and the ‘connections’ between them continue to function and deliver the intended functionality.
A prime example is the SIA’s Open Supervised Device Protocol (OSDP) and companion Secure Channel Protocol (SCP) for reader communications. These protocols replace legacy, unsecured Wiegand technology to provide bidirectional, multi-dropped communication over an RS485 link, extending security from card reader to access controller. At the same time, users are able to reconfigure, poll and query readers from a central system, thereby reducing costs and improving reader servicing.
Adaptability: Earlier technologies such as proximity-based cards are static in their evolution, making them easier for criminals to target. Newer, high-frequency contactless smart cards exist within a larger identity ecosystem that is significantly more dynamic. Unlike their predecessors, contactless cards are not anchored to obsolete software, devices, protocols and products, therefore they ensure the access control infrastructure’s ability to facilitate change.
Simplicity: The latest open and adaptable access control platforms deliver a single, media-independent and mobile-ready solution for all applications and environments. This makes is possible for organisations to support different types of smart cards and readers and migrate users as needed. Multi-technology encoders also ensure minimal disruption when moving from incumbent cards and onto contactless cards.
When it comes to physical access control, change needn’t be an interruption, distraction or reaction to an attack; instead, it can provide a leadership opportunity. With the right approach, organisations can meet today’s needs and easily and inexpensively expand and upgrade their systems to adopt new technologies when they are needed in the future.
Article originally published by IFSEC Global on December 14, 2015.
No comments:
Post a Comment