The unstoppable increase in global connectivity and evolving threats make security access control critical to safeguarding the integrity of not only physical spaces, but also digital borders.
by Álvaro León Pérez Sepúlveda
Currently, the sector faces several challenges considered critical, given the impact that each of them can have on future technological advances, as well as on upcoming trends and the future of the industry itself.
The first is cybersecurity: protection against digital intrusion attempts will continue to be imperative to repel vulnerability exploitation and social engineering attacks that compromise the security of access control systems.
"It is a challenge caused by the sophistication of threats such as Ransomware and Phishing, in addition to the expansion of the attack surface, which is a consequence of the growing connectivity of devices," says expert Álvaro Altamar, Sales Director for the Caribbean and Latin America at RBH Access.
In turn, Jorge Galán, Regional Sales Manager for Mexico of the company IDEMIA, highlights that "today there are tools based on Artificial Intelligence that can put Physical Access Control Systems (PACS) at risk. Cybercriminals use them to clone identities, crack passwords, and replicate credentials, among other actions."
Similarly, there is a consensus on the threat posed by the increasing integration of access control systems with new platforms, devices and applications, as opposed to the need to simultaneously guarantee conditions such as interoperability and security.
No less important is identity and permissions management. In this sense, experts consider it essential to maintain an efficient management of user profiles and that includes a timely revocation of access to former collaborators, in addition to the prevention of unauthorized entry.
According to Juan Carlos George, Sales Manager for Latin America at Identiv, another industry challenge is the need to reduce the use of control systems with basic authentication, in which the username and password are the only factors required to gain access.
"Many systems have basic administrative accounts, with default passwords that can generate alerts when using known access data. It is essential to harden systems, implement multi-factor authentication, and eliminate the "easy access" option to PACS," he says.
There's also the risk factor related to end users, a critical link in the security chain, and organizations' handling of data, which must comply with regulations such as the General Data Protection Regulation (GDPR) in the European Union and other local laws in force elsewhere.
George also points out that, in the medium term, security management applications will be driven to develop log information models that can be adapted to network and system event traffic monitoring applications.
"Applying logical access control trends and complementing those data events with physical access control event management will be very beneficial in detecting anomalies and improving processes such as people movement, traffic flow, occupancy, smart buildings, and other useful insights into people and network activity," emphasizes the executive.
How is the industry responding to all these prospects on the horizon? Security Sales inquired with well-known manufacturers of access control systems to find out their perceptions and what they are doing about it.
Security by Default
Security by Default is the name of a policy implemented by IDEMIA for data protection, which contemplates a series of actions and strategies framed within the stipulations of the GDPR.
"All communications in our PACS are transported in an encrypted and secure manner, using high cybersecurity standards and protocols. We also have a specialized P-SIRT (Product Security Incident Response Team), whose mission is to reduce risks and threats, providing information, guidance and resolution of vulnerabilities," says Jorge Galán.
The executive also details that the company has developed and patented a design based on CPU + NPU (Neural Processing Unit), specialized in algorithms modeled by AI, which provide greater security and speed in biometric authentication.
"IDEMIA is positioned in the #1 ranking of NIST, passing very demanding cybersecurity tests (Anti Spoofing), even being awarded and certified by the FBI," highlights the Regional Sales Manager for Mexico.
Integrality as a solution
One of the strategies adopted by the company RBH Access is the robust encryption of communications between readers, controllers and servers through the use of OSDP V2 and AES 256.
"That ensures that the data is protected against any attempts at interception or manipulation. In addition, we incorporate standard protocols such as HTTPS, SSL and TLS, ensuring secure and encrypted communication between the centralized server and the client stations. This additional layer protects the integrity and confidentiality of data in transit," says executive Álvaro Altamar.
In terms of the communication infrastructure between controllers, RBH Access relies on TCP/IP alternatives instead of physical media such as RS485. This allows it to carry out AES 256 encryption, improving the reliability of data transmissions.
"We also provide regular firmware updates and patches for our devices and systems. This practice ensures that our customers are protected against new vulnerabilities. Finally, our ongoing research allows us to anticipate and proactively address emerging threats."
Tighten security
"Identiv's Hirsch Velocity physical access control application is a tool that offers a variety of scalable security mechanisms, both at the field hardware and software level. Working with professionals around the world, Velocity has proven to be a reliable and secure solution," says Juan Carlos George.
Generally, such an application is installed in enterprise environments where operating systems, servers, networks and SQL have been implemented and hardened, and is under continuous monitoring to ensure that the components are patched, according to the need for risk mitigation. In addition, Velocity undergoes vulnerability tool scanning and penetration testing prior to deployment and when it is in production.
"Some specific features of our security management application allow a login strictly linked to a domain and based on specific user accounts and roles, FIDO2 two-factor authentication, PKI smart card-based authentication, and granular sets of permissions within the software," says Identiv's Sales Manager for Latin America.
Meanwhile, the latest Hirsch hardware supports standards-based protocols such as TLS v1.2, optional secure OSDP, DESfire credentials, 128-bit AES encryption, and optional PKI authentication at the gate.
Soon, Identiv will bring to market a new three-factor access control reader to secure entry points. The new ScrambleFactor will be launched this year and will be able to perform biometric card, PIN and fingerprint access at doors.
Governments: Strategic Allies
In today's global context, manufacturing companies are working closely with governments to tackle cybercrime and ensure the security of access control solutions.
According to Álvaro Altamar, one of the keys is the exchange of best practices between companies and government agencies, which involves sharing data on threats and vulnerabilities in environments, as well as cooperating in the creation and application of security standards.
Similarly, Altamar highlights the importance of participation in training and awareness programs, both for company employees and for the general public.
"This articulation is essential to confront cybercrime and ensure the effectiveness of access control solutions. Collaboration on policies and regulations are areas where companies and governments can work together to protect critical infrastructure and promote a safe online environment," said RBH Access' Director of Sales for the Caribbean and Latin America
One of these initiatives is carried out by IDEMIA NSS (National Security Solutions), a subsidiary of IDEMIA that has been working with the U.S. government for more than 60 years, in sectors such as defense, intelligence, and identity.
"Experience and standards elevate security in terms of data custody, hardening of cryptographic systems, and biometric engines based on AI Deep Learning models. On our website you can see the certifications, trainings and consultancies in Identity Technologies that we offer," says Jorge Galán.
For its part, Identiv has a presence in several scenarios where the phenomenon of cybercrime is addressed, as well as the implementation of business access control systems and management systems for the protection of people, facilities and assets.
An example of this is one of the groups of the Security Industry Association, focused on government affairs and how the industry is impacted by new laws, regulations and budgets, in order to help companies in the sector make proactive decisions to design and implement effective solutions.
"Another case of collaboration between manufacturers, end users, architects, consultants, and the U.S. Federal Government is the FBI Infragard program. This is based on sharing information to build and secure critical infrastructure facilities, while promoting peer-to-peer awareness of potential threats," concludes Juan Carlos George.
Leave your comment