Organisations using outdated access controls
Survey by HID Global shows companies not using up-to-date access controls or enforcing policies
While many organisations have got the message about information security, and are rushing to keep up to secure networks against cyber threats, a new survey by HID Global seems to suggest that companies are neglecting a crucial element of the security mix - physical access control.
The survey of 600 security system users, integrators and other stakeholders found that many organisations have outdated access control systems, with no regular testing and a lack of best practices in implementing controls.
Only one in three organisations surveyed performed annual testing of their physical access controls. Half had not updated physical access systems in the past year, while a further 20% had not updated them within three years.
On policies, one third felt that either their access control policies were not well implemented or not implemented at all.
A breach in physical security can compromise all other elements of security by allowing an intruder to effectively become an ‘insider'. There is also the risk posed by internal users gaining access to areas that they should not - a 2013 Verizon report found that 57% of all data breaches that were caused by privilege misuse involved physical access. Verizon data also showed that the most common place where loss or theft of an IT device such as a mobile or laptop occurs, is in the victim's work area 43% versus from a vehicle (23%) or residence (10%).
Nat Pisupati, regional sales director Identity & Access Management Middle East & Africa with HID Global commented: "The results revealed enterprise end users' perceptions about change, as well as the importance of industry best practices. It also gave us a glimpse into how well today's technology and policy best practices are being implemented. Among the many interesting findings, the attitudes uncovered in the survey point towards how well organisations can defend against increasingly dangerous and costly security threats, both now and in the future."
"We believe that current perceptions about access control will have an impact on the adoption of future technologies. For instance, mobile access control on smartphones will enable a more hassle-free access control experience for users, who can carry all of their keys and credentials on a device they carefully protect and rarely lose or forget," he added. "However, if the market continues to delay shoring up its best practices now against today's threats to traditional cards and readers, it will be difficult for enterprise infrastructures to seamlessly move to digital credentials carried on smartphones in a BYOD deployment environment with new and different security threats."
Pisupati said that there is a shift in attitudes in the Middle East, with more organisations in verticals such as government, oil and gas, aviation, financial and education sectors, looking to more advanced, integrated physical security systems.
"We are seeing a marked change in the Middle East whereby there is an increased customer demand for advanced security solutions that are cost-effective and offer higher security levels. This is due to escalating security threats in this region. Customers are investing strategically in cost-effective solutions, keeping in mind that their purchases will allow for migration to future capabilities."