Account
Please wait, authorizing ...

Don't have an account? Register here today.

×

Access Control: A Balance Between Protection and Interoperability

Control de acceso: un equilibrio entre protección e interoperabilidad

The unstoppable increase in global connectivity and evolving threats make security access control critical to safeguarding the integrity of not only physical spaces, but also digital borders.

by Álvaro León Pérez Sepúlveda

Currently, the sector faces several challenges considered critical, given the impact that each of them can have on future technological advances, as well as on upcoming trends and the future of the industry itself.

The first is cybersecurity: protection against digital intrusion attempts will continue to be imperative to repel vulnerability exploitation and social engineering attacks that compromise the security of access control systems.

- Publicidad -

"It is a challenge caused by the sophistication of threats such as Ransomware and Phishing, in addition to the expansion of the attack surface, which is a consequence of the growing connectivity of devices," says expert Álvaro Altamar, Sales Director for the Caribbean and Latin America at RBH Access.

In turn, Jorge Galán, Regional Sales Manager for Mexico of the company IDEMIA, highlights that "today there are tools based on Artificial Intelligence that can put Physical Access Control Systems (PACS) at risk. Cybercriminals use them to clone identities, crack passwords, and replicate credentials, among other actions."

Similarly, there is a consensus on the threat posed by the increasing integration of access control systems with new platforms, devices and applications, as opposed to the need to simultaneously guarantee conditions such as interoperability and security.

No less important is identity and permissions management. In this sense, experts consider it essential to maintain an efficient management of user profiles and that includes a timely revocation of access to former collaborators, in addition to the prevention of unauthorized entry.

According to Juan Carlos George, Sales Manager for Latin America at Identiv, another industry challenge is the need to reduce the use of control systems with basic authentication, in which the username and password are the only factors required to gain access.

"Many systems have basic administrative accounts, with default passwords that can generate alerts when using known access data. It is essential to harden systems, implement multi-factor authentication, and eliminate the "easy access" option to PACS," he says.

There's also the risk factor related to end users, a critical link in the security chain, and organizations' handling of data, which must comply with regulations such as the General Data Protection Regulation (GDPR) in the European Union and other local laws in force elsewhere.

- Publicidad -

George also points out that, in the medium term, security management applications will be driven to develop log information models that can be adapted to network and system event traffic monitoring applications.

"Applying logical access control trends and complementing those data events with physical access control event management will be very beneficial in detecting anomalies and improving processes such as people movement, traffic flow, occupancy, smart buildings, and other useful insights into people and network activity," emphasizes the executive.

How is the industry responding to all these prospects on the horizon? Security Sales inquired with well-known manufacturers of access control systems to find out their perceptions and what they are doing about it.

Security by Default
Security by Default is the name of a policy implemented by IDEMIA for data protection, which contemplates a series of actions and strategies framed within the stipulations of the GDPR.

"All communications in our PACS are transported in an encrypted and secure manner, using high cybersecurity standards and protocols. We also have a specialized P-SIRT (Product Security Incident Response Team), whose mission is to reduce risks and threats, providing information, guidance and resolution of vulnerabilities," says Jorge Galán.

The executive also details that the company has developed and patented a design based on CPU + NPU (Neural Processing Unit), specialized in algorithms modeled by AI, which provide greater security and speed in biometric authentication.

- Publicidad -

"IDEMIA is positioned in the #1 ranking of NIST, passing very demanding cybersecurity tests (Anti Spoofing), even being awarded and certified by the FBI," highlights the Regional Sales Manager for Mexico.

Integrality as a solution
One of the strategies adopted by the company RBH Access is the robust encryption of communications between readers, controllers and servers through the use of OSDP V2 and AES 256.

"That ensures that the data is protected against any attempts at interception or manipulation. In addition, we incorporate standard protocols such as HTTPS, SSL and TLS, ensuring secure and encrypted communication between the centralized server and the client stations. This additional layer protects the integrity and confidentiality of data in transit," says executive Álvaro Altamar.

In terms of the communication infrastructure between controllers, RBH Access relies on TCP/IP alternatives instead of physical media such as RS485. This allows it to carry out AES 256 encryption, improving the reliability of data transmissions.

"We also provide regular firmware updates and patches for our devices and systems. This practice ensures that our customers are protected against new vulnerabilities. Finally, our ongoing research allows us to anticipate and proactively address emerging threats."

Tighten security
"Identiv's Hirsch Velocity physical access control application is a tool that offers a variety of scalable security mechanisms, both at the field hardware and software level. Working with professionals around the world, Velocity has proven to be a reliable and secure solution," says Juan Carlos George.

Generally, such an application is installed in enterprise environments where operating systems, servers, networks and SQL have been implemented and hardened, and is under continuous monitoring to ensure that the components are patched, according to the need for risk mitigation. In addition, Velocity undergoes vulnerability tool scanning and penetration testing prior to deployment and when it is in production.

"Some specific features of our security management application allow a login strictly linked to a domain and based on specific user accounts and roles, FIDO2 two-factor authentication, PKI smart card-based authentication, and granular sets of permissions within the software," says Identiv's Sales Manager for Latin America.

Meanwhile, the latest Hirsch hardware supports standards-based protocols such as TLS v1.2, optional secure OSDP, DESfire credentials, 128-bit AES encryption, and optional PKI authentication at the gate.

Soon, Identiv will bring to market a new three-factor access control reader to secure entry points. The new ScrambleFactor will be launched this year and will be able to perform biometric card, PIN and fingerprint access at doors.

Governments: Strategic Allies
In today's global context, manufacturing companies are working closely with governments to tackle cybercrime and ensure the security of access control solutions.

According to Álvaro Altamar, one of the keys is the exchange of best practices between companies and government agencies, which involves sharing data on threats and vulnerabilities in environments, as well as cooperating in the creation and application of security standards.

Similarly, Altamar highlights the importance of participation in training and awareness programs, both for company employees and for the general public.

"This articulation is essential to confront cybercrime and ensure the effectiveness of access control solutions. Collaboration on policies and regulations are areas where companies and governments can work together to protect critical infrastructure and promote a safe online environment," said RBH Access' Director of Sales for the Caribbean and Latin America

One of these initiatives is carried out by IDEMIA NSS (National Security Solutions), a subsidiary of IDEMIA that has been working with the U.S. government for more than 60 years, in sectors such as defense, intelligence, and identity.

"Experience and standards elevate security in terms of data custody, hardening of cryptographic systems, and biometric engines based on AI Deep Learning models. On our website you can see the certifications, trainings and consultancies in Identity Technologies that we offer," says Jorge Galán.

For its part, Identiv has a presence in several scenarios where the phenomenon of cybercrime is addressed, as well as the implementation of business access control systems and management systems for the protection of people, facilities and assets.

An example of this is one of the groups of the Security Industry Association, focused on government affairs and how the industry is impacted by new laws, regulations and budgets, in order to help companies in the sector make proactive decisions to design and implement effective solutions.

"Another case of collaboration between manufacturers, end users, architects, consultants, and the U.S. Federal Government is the FBI Infragard program. This is based on sharing information to build and secure critical infrastructure facilities, while promoting peer-to-peer awareness of potential threats," concludes Juan Carlos George.

Álvaro León Pérez Sepúlveda
Author: Álvaro León Pérez Sepúlveda
Editor - Latin Press, Inc.
Comunicador Social Periodista egresado de la Universidad de Antioquia, con más de 14 años de experiencia en medios periodísticos y proyectos de comunicación digital. [email protected]

No thoughts on “Access Control: A Balance Between Protection and Interoperability”

• If you're already registered, please log in first. Your email will not be published.

Leave your comment

In reply to Some User
Suscribase Gratis
SUBSCRIBE TO OUR ENGLISH NEWSLETTER
DO YOU NEED A SERVICE OR PRODUCT QUOTE?
LATEST INTERVIEWS

Webinar: Para todas sus necesidades de seguridad

https://www.ventasdeseguridad.com/2... Para todas sus necesidades de seguridad Por: Eduardo Cortés Coronado, Representante Comercial en México - SECO-LARM USA INC Conozca la gama de productos más vendidos y de alta calidad de SECO-LARM que utilizan las empresas profesionales de seguridad, para así garantizar soluciones confiables y duraderas.

Webinar: Seguridad y transporte conectado: Sistemas predictivos para proteger y optimizar las rutas

https://www.ventasdeseguridad.com/2... Modera: Héctor Romero, Presidente de Círculo Logístico y Director General de TLR Logística Ponentes: Rafael Escobar, Channel Manager IoT/M2M Alai Secure León Rojas Madrid, CEO Lemad Logistics Jorge González, Commercial manager Telemetría de México Introducción y datos globales del mercado del transporte y la logística (México, Latam y Europa). Las nuevas tecnologías, con el objetivo de contribuir a la mejora de procesos y toma de decisiones, se abren paso para garantizar la seguridad de vehículos del transporte y la logística (telemetría y telemática vehicular, diseño y optimización de rutas…) Ir de la mano de un operador especializado en comunicaciones M2M/IoT como Alai Secure es clave para asegurar la estabilidad y disponibilidad del servicio y garantizar la conectividad durante toda la ruta.

Top 3 noticias más importantes de la industria de la seguridad electrónica

Entre los hechos destacados de esta semana se encuentra la realización de IntegraTEC México, el evento para integradores de tecnologías; así como la fusión empresarial de Milestone Systems con Arcules y la convocatoria para aspirar a las becas ofrecidas por el Foro SIA Mujeres en Seguridad. #Seguridad #SeguridadElectrónica #Videovigilancia #VentasDeSeguridad

Webinar: Inteligencia Artificial en NVR & Cámaras Enforcer

https://www.ventasdeseguridad.com/2... Tema: Inteligencia Artificial en NVR & Cámaras Enforcer Por: Eduardo Cortés Coronado, Representante Comercial en México - SECO-LARM USA INC Fecha: Martes 28 de mayo, 2024 Hora: 10.00H (Colombia) 09:00H (México) Conozca cómo sacar ventaja de las funciones de inteligencia artificial en NVR´S 4K & cámaras IP enforcer, disuación activa, reconocimiento facial, reconocimiento de matriculas vehiculares, salidas alarma etc.

Webinar: NxWitness el VMS rápido fácil y ultra ligero

Load more...
SITE SPONSORS










LATEST NEWSLETTER
Latest Newsletter